Merge pull request #1674 from devops-arch-cloud/purohmid-terraform-poison-kill-serverless

new pattern - Kinesis Poison Pill Pattern

Author: mavi888

terraform-kinesis-poison-pill/README.md

@@ -0,0 +1,149 @@
+# Kinesis Poison Pill Pattern
+
+This pattern demonstrates how to handle a Lambda consumer failure when reading from a Kinesis Data Stream with Terraform
+
+Without proper handling of failure when working with Kinesis Data Streams, an iterator will get stuck and the only way for the data to clear the stream is for it to **Age Out** beyond the trim horizon.
+
+This will ultimately create wasteful invocations of a Lambda, wasted CPU cycles in a container and worst of all the downstream consumers will not get the data they need.
+
+Learn more about this pattern at Serverless Land Patterns: << Add the live URL here >>
+
+**Important**: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example.
+
+## Requirements
+
+-   [Create an AWS account](https://portal.aws.amazon.com/gp/aws/developer/registration/index.html) if you do not already have one and log in. The IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources.
+-   [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed and configured
+-   [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+-   [Node and NPM](https://nodejs.org/en/download/) installed
+-   [The Go Programming Langage](https://go.dev/doc/install) must be installed in order to build the Lambda
+-   [Terraform](https://www.terraform.io) must be installed in order to provision infrastructure
+
+## Deployment Instructions
+
+1. Create a new directory, navigate to that directory in a terminal and clone the GitHub repository:
+    ```
+    git clone https://github.com/aws-samples/serverless-patterns
+    ```
+2. Change directory to the lambda module directory:
+    ```
+    cd terraform-kinesis-poison-pill/modules/lambda
+    ```
+3. Install the project dependencies 
+    ```
+     npm install
+    ```
+4. Build lambda using make command
+    ```
+     make
+    ```
+5. Change directory to the pattern directory:
+    ```
+    cd ../..
+
+6. Deploy the stack to your default AWS account and region using terraform
+    ```
+    terraform init
+    terraform plan
+    terraform apply
+    ```
+
+## How it works
+
+This pattern is designed to highlight how to handle failure when processing records in a Lambda. The `Kinesis Event Source` turns a Lambda into a Data Consumer which will process a JSON event that looks like this in Go
+
+```golang
+type SampleEvent struct {
+	FieldA string `json:"fieldA"`
+	FieldB string `json:"fieldB"`
+	FieldC int    `json:"fieldC"`
+}
+```
+
+And like this in JSON
+
+```javascript
+// defintion
+{
+    fieldA: string;
+    fieldB: string;
+    fieldC: number
+}
+
+// example
+{
+    "fieldA": "ABC",
+    "fieldB": "EFG",
+    "fieldC": 123
+}
+```
+
+Once the pattern is deployed to AWS, you will have the following resources created with the described capabilities
+
+-   Kinesis Data Stream where the data will be "sourced"
+-   Lambda Consumer written in Golang that will read from Kinesis in an attempt to process the records
+-   SQS Queue where failed Kinesis records will be put
+
+## Testing
+
+
+### Testing Success
+
+
+```bash
+aws kinesis put-record \
+    --stream-name kinesis-stream \
+    --data 'eyJmaWVsZEEiOiAiQUJDIiwgImZpZWxkQiI6ICJFRkciLCAiZmllbGRDIjogMTIzIH0K' \
+    --partition-key key --region us-west-1
+```
+
+This command will publish a JSON payload that will successfully be Unmarshalled in the Lambda.
+
+### Testing Failure
+
+```bash
+aws kinesis put-record \
+    --stream-name kinesis-stream \
+    --data 'eyJmaWVsZEEiOiAiQUJDIiwgImZpZWxkQiI6ICJFRkciLCAiZmllbGRDIjogIjEyMyIgfQo=' \
+    --partition-key key --region us-west-1
+```
+
+This command will publish a JSON payload that will not be Unmarshalled successfully in the Lambda. `FieldC` will be a `string` instead of a `number`
+
+Based upon the definition in the terraform code, this will be attempted 5 times and will be bisected out of batch should more records be in the read.
+
+### Inspecting in the AWS Console
+
+-   Cloudwatch - for Logs
+
+Go to Cloudwatch log group /aws/lambda/kinesis_stream
+You should see two kind of log event for success and failure
+For Success event shows as 
+```
+level=info msg="All good, see you later
+```
+For failure event shows as 
+```
+json: cannot unmarshal string into Go struct field SampleEvent.fieldC of type int: UnmarshalTypeError
+```
+
+-   SQS - for the failed message
+-   Kinesis - DataViewer looking at the TRIM_HORIZON
+
+## Cleanup
+
+1. Delete the stack
+    ```bash
+    terraform destroy
+    ```
+
+## Documentation
+
+-   [AWS Using Lambda with Kinesis](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html)
+-   [AWS Lambda Failure-Handling Features](https://www.amazonaws.cn/en/new/2019/aws-lambda-supports-failure-handling-features-for-kinesis-and-dynamodb-event-sources/)
+
+---
+
+Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+SPDX-License-Identifier: MIT-0

terraform-kinesis-poison-pill/example-pattern.json

@@ -0,0 +1,59 @@
+{
+	"title": "Kinesis Poison Pill Pattern",
+	"description": "Lambda consumer failure when reading from a Kinesis Data Stream with Terraform.",
+	"language": "",
+	"level": "200",
+	"framework": "Terraform",
+	"introBox": {
+		"headline": "How it works",
+		"text": [
+			"This pattern demonstrates how to handle a Lambda consumer failure when reading from a Kinesis Data Stream with terraform."
+		]
+	},
+	"gitHub": {
+		"template": {
+			"repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/terraform-kinesis-poison-pill",
+			"templateURL": "serverless-patterns/terraform-kinesis-poison-pill",
+			"projectFolder": "terraform-kinesis-poison-pill",
+			"templateFile": "terraform-kinesis-poison-pill/main.tf"
+		}
+	},
+	"resources": {
+		"bullets": [{
+				"text": "AWS Using Lambda with Kinesis",
+				"link": "https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html"
+			}
+		]
+	},
+	"deploy": {
+		"text": [
+			"terraform init",
+			"terraform plan",
+			"terraform apply"
+		]
+	},
+	"testing": {
+		"text": [
+			"See the README in the GitHub repo for detailed testing instructions."
+		]
+	},
+	"cleanup": {
+		"text": [
+			"terraform destroy",
+			"terraform show"
+		]
+	},
+	"authors": [{
+		"name": "Mitesh Purohit",
+		"image": "",
+		"bio": "Sr Solution Architect, AWS",
+		"linkedin": "https://www.linkedin.com/in/mitup/"
+	},
+	{
+		"name": "Naresh Rajaram",
+		"image": "",
+		"bio": "Cloud Infrastructure Architect, AWS",
+		"linkedin": "https://www.linkedin.com/in/naresh-rajaram-25bb106/"
+	}
+]
+}

terraform-kinesis-poison-pill/main.tf

@@ -0,0 +1,27 @@
+# This is required to get the AWS region via ${data.aws_region.current}.
+#data "aws_region" "current" {
+#}
+
+provider "aws" {
+    region = var.region
+
+}
+
+# --- main.tf ---
+
+# Create Amazon S3 Destination Bucket
+module "kinesis-stream" {
+    source = "./modules/kinesis-stream"  
+}
+
+module "sqs_queue" {
+    source = "./modules/sqs"  
+}
+
+# Create Data Transformation Lambda
+module "kinesis_stream_lambda" {
+    source                       = "./modules/lambda" 
+    kinesis_stream_arn = module.kinesis-stream.kinesis_stream_arn
+    sqs_arn  = module.sqs_queue.sqs_arn
+
+}

terraform-kinesis-poison-pill/modules/kinesis-stream/main.tf

@@ -0,0 +1,6 @@
+//Create kinesis stream
+
+resource "aws_kinesis_stream" "kinesis-stream" {
+  name                      = "kinesis-stream"
+  shard_count               = var.shard_count
+}

terraform-kinesis-poison-pill/modules/kinesis-stream/output.tf

@@ -0,0 +1,5 @@
+//Output Kinesis Stream ARN
+output "kinesis_stream_arn" {
+    value       = aws_kinesis_stream.kinesis-stream.arn
+    description = "kinesis_stream_arn"
+}

terraform-kinesis-poison-pill/modules/kinesis-stream/variable.tf

@@ -0,0 +1,4 @@
+// shard count
+variable "shard_count" {
+  default = 1
+}

terraform-kinesis-poison-pill/modules/lambda/Makefile

@@ -0,0 +1,3 @@
+kinesis_stream: main.go
+	export GOPROXY=direct
+	GOOS=linux GOARCH=amd64 go build -o $(CURDIR)/bin/kinesis_stream

terraform-kinesis-poison-pill/modules/lambda/go.mod

@@ -0,0 +1,10 @@
+module kinesis-sample
+
+go 1.19
+
+require github.com/aws/aws-lambda-go v1.36.0
+
+require (
+	github.com/sirupsen/logrus v1.9.0 // indirect
+	golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 // indirect
+)

terraform-kinesis-poison-pill/modules/lambda/go.sum

@@ -0,0 +1,17 @@
+github.com/aws/aws-lambda-go v1.36.0 h1:NWBWBJgavrQOjF1uKDG5D7Qs5y5o75HcrjfA16Hwfak=
+github.com/aws/aws-lambda-go v1.36.0/go.mod h1:jwFe2KmMsHmffA1X2R09hH6lFzJQxzI8qK17ewzbQMM=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
+github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

terraform-kinesis-poison-pill/modules/lambda/iam_policy_for_lambda.tftpl

@@ -0,0 +1,26 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Action": [
+          "logs:CreateLogGroup",
+          "logs:CreateLogStream",
+          "logs:PutLogEvents",
+          "kinesis:*",
+          "sqs:*"
+        ],
+        "Effect": "Allow",
+        "Resource":  ["*"]
+      },
+      {
+        "Action": [
+          "lambda:InvokeFunction",
+          "lambda:GetFunctionConfiguration"
+        ],
+        "Effect": "Allow",
+        "Resource":  ["${kinesis_strem_lambda_arn}"]
+      }
+    ]
+  }
+
+  

terraform-kinesis-poison-pill/modules/lambda/iam_role_for_lambda.json

@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "lambda.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}

terraform-kinesis-poison-pill/modules/lambda/main.go

@@ -0,0 +1,38 @@
+package main
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/aws/aws-lambda-go/events"
+	log "github.com/sirupsen/logrus"
+
+	"github.com/aws/aws-lambda-go/lambda"
+)
+
+func handleRequest(ctx context.Context, e events.KinesisEvent) error {
+	// Kinesis gives a batch of records, let's loop through them
+	for _, r := range e.Records {
+		event := &SampleEvent{}
+		err := json.Unmarshal(r.Kinesis.Data, event)
+
+		// if unmarshal fails, we can't do much so let's return an error
+		// the batch fails but due to `bisectBatchOnError` the batch
+		// will get split up until the failing item is pulled out
+		if err != nil {
+			log.WithFields(log.Fields{
+				"err": err,
+			}).Error("error encountered")
+
+			return err
+		}
+	}
+
+	log.Info("All good, see you later")
+
+	return nil
+}
+
+func main() {
+	lambda.Start(handleRequest)
+}