feat(lambda): efs filesystems #8602
Conversation
|
Hi @eladb I am ready for initial round. Can you give me some feedbacks? |
nija-at
changed the title
Co-authored-by: Niranjan Jayakar <nija@amazon.com>
|
Still WIP. But I am encountering this error and still trying to get it around. Lambda function accessing the I was trying to make
Any suggestion? @nija-at |
|
@eladb I think I've fixed all addressed issues. Please take a look again. |
|
Lgtm @jogold can you do another round? |
There was a problem hiding this comment.
Looks good and is functional 👍
I would personally have gone for a bind() pattern for the FileSystem class in Lambda where all the logic for an EFS filesystem would have been centralized (dependency, IAM and connections). But this can be changed later if the FileSystem class in Lambda is marked @experimental? @eladb @nija-at what do you think?
| @@ -570,6 +595,26 @@ export class Function extends FunctionBase { | |||
| } | |||
|
|
|||
| this.currentVersionOptions = props.currentVersionOptions; | |||
|
|
|||
| if (props.filesystems) { | |||
| // max 1 filesystem allowed | |||
There was a problem hiding this comment.
This is unnecessary future proofing.. If only a single file system is allowed, then why do we need the property to be filesystems? Shall we change it to filesystem? In the future if we want to add additional filesystems, we can either deprecate the singular property or add additionalFileSystems.
There was a problem hiding this comment.
Hi @eladb
It's filesystem now.
And, to even scope down the required iam policies according to the doc, I changed managedPolicies to policies and bake the required policy statements like this in the fromEfsAccessPoint
policies: [
new iam.PolicyStatement({
actions: [ 'elasticfilesystem:ClientMount' ],
resources: [ '*' ],
conditions: {
StringEquals: {
'elasticfilesystem:AccessPointArn': ap.accessPointArn,
},
},
}),
new iam.PolicyStatement({
actions: ['elasticfilesystem:ClientWrite'],
resources: [ Stack.of(ap).formatArn({
service: 'elasticfilesystem',
resource: 'file-system',
resourceName: ap.fileSystem.fileSystemId,
}) ],
}),
],Let me know if it looks better now.
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
eladb
changed the title
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
feat(lambda): Add EFS Filesystem support
This PR adds
filesystemConfigsconstruct property forlambda.Functionand allows lambda functions to mount Amazon EFS Filesystems with the Amazon EFS Access Points.Close #8595
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license