CI/CD to Lambda Function using AWS Code Pipeline

In this Blog Post, I will provide you a quick guide on How to set-up an automated deployment pipeline to push changes to different aliases of Lambda mapping to different stages of development.

Prerequisite: A Lambda function that we will be using for deployment and an API Gateway, mapping different stages to different Alias of the lambda function.

The components that we’ll be working with:

1. Code Commit — Trigger Source (branch — dev, uat, prod), contains the build file required for Code Build.
2. Code Build — Runs the instruction from buildspec.yml file, creates a lambda deployment package and updates the Lambda Code, publishes the new version and then updates Alias pointing to the Version. We use different Aliases for different development stages (dev, uat, prod)
3. AWS Lambda — Lambda function for the deployment.
4. Code Pipeline — Packages 1, 2 and 3 together.
5. API Gateway — Interface to our lambda function. Different stages (dev, uat, prod) in API gateway points to different Alias of our Lambda function.

We create different pipelines for each stage (dev, uat, prod). The source of the pipeline is the Code Commit repository and the branch is pointed to the one that contains the code for that stage.

We then add the Code Build module with the standard:2.0 Linux environment. We also add the STAGE environment variable here and provide the reference path to build YAML file. The most important component here is the build file “buildspec.yml”, The file contains all the instructions that the Code Build environment runs. In our example, it contains instructions to…

1. Install the dependencies needed by the application.

python3 -m pip install --target ./package -r requirements.txt

2. Packages the source code and dependencies, and creates a Lambda deployment package.

zip -r9 function.zip package api

3. Updates the lambda function code. The command returns a unique hash code for each update, the hash code is used when creating the new version. Here my_lambda_function is the name of the lambda function for the deployment.

CODE_SHA_256=$(aws lambda update-function-code --function-name my_lambda_function --zip-file fileb://function.zip --query CodeSha256 --output text)

Read more about AWS lambda command-line options here:

4. Publishes the new version. Hash code of the update is passed to validate that the code has not changed since our update. This will raise an error if the latest release code is different from the one we pushed and the build will fail.

FUNCTION_VERSION=$(aws lambda publish-version --function-name my_lambda_function --code-sha256 $CODE_SHA_256 --query Version --output text)

5. Updates the stage Alias with the version. The STAGE variable is set as Code Build Environment Variable and refers to alias name that we want to update.

RESPONSE=$(aws lambda update-alias --function-name my_lambda_function --name $STAGE --function-version $FUNCTION_VERSION --output text)

Here’s the full code:

buildspec.yml

AWS lambda command line returns multiple parameters. We filter the result by using the query parameter, which returns only the parameters we are interested in. Also, the AWS command-line tools generally return the result as a dictionary, we change it by setting the output flag in the command line to the desired one, for our case we wanted it to be in text format, which is easy to handle and use in the subsequent instructions.

And Lastly, trigger the pipelines by pushing a commit to the branches.

Here we are not using separate deployment modules in the pipeline as that’s been done using the AWS command line in the build stage only.