group id: com.github.seanroy
artifact id: lambda-maven-plugin
version: 2.3.5
Please note that the artifact has been renamed from lambduh-maven-plugin to
lambda-maven-plugin.
mvn package shade:shade lambda:deploy-lambda
mvn lambda:delete-lambda
All of the AWS Lambda configuration parameters may be set within the lambda plugin configuration or on the Maven command line using the -D directive.
accessKey
Your user's AWS access key.secretKey
Your user's AWS secret access key.functionCode
REQUIRED The location of your deliverable. For instance, a jar file for a Java8 lambda function.version
REQUIRED version of the deliverable. Note that this is the version you assign to your function, not the one assigned by AWS when publish=true.alias
OPTIONAL, but requires publish=true. Assigns an alias to the AWS version of this function. Useful for maintaining versions intended for different environments on the same function. For instance, development, qa, production, etc.s3Bucket
REQUIRED Defaults to lambda-function-code. The AWS S3 bucket to which to upload your code from which it will be deployed to Lambda.sse
OPTIONAL Turns on Server Side Encryption when uploading the function codesseKmsEncryptionKeyArn
OPTIONAL Specifies a kms arn used to encrypt the lambda code, if desired.keyPrefix
OPTIONAL Specifies the key prefix to use when uploading the function code jar. Defaults to "/"region
Defaults to us-east-1 The AWS region to use for your function.runtime
Defaults to Java8 Specifies whether this is Java8, NodeJs and Python.lambdaRoleArn
The ARN of the AWS role which the lambda user will assume when it executes. Note that the role must be assumable by Lambda and must have Cloudwatch Logs permissions and AWSLambdaDynamoDBExecutionRole policy.lambdaFunctions
Lamda functions that can be configured using tags in pom.xml.lambdaFunctionsJSON
JSON configuration for Lambda Functions. This is preferable configuration.timeout
Defaults to 30 seconds. The amount of time in which the function is allowed to run.memorySize
Defaults to 1024MB NOTE: Please review the AWS Lambda documentation on this setting as it could have an impact on your billing.vpcSubnetIds
The VPC Subnets that Lambda should use to set up your VPC configuration. Format: "subnet-id (cidr-block) | az name-tag".vpcSecurityGroupIds
The VPC Security Groups that Lambda should use to set up your VPC configuration. Format: "sg-id (sg-name) | name-tag". Should be configured.publish
This boolean parameter can be used to request AWS Lambda to update the Lambda function and publish a version as an atomic operation. This is global for all functions and won't overwrite publish paramter in provided Lambda configuration. Setting to false will only update $LATEST.functionNameSuffix
The suffix for the lambda function. Function name is automatically suffixed with it. When left blank no suffix will be applied.forceUpdate
This boolean parameter can be used to force update of existing configuration. Use it when you don't publish a function and want to deploy code in your Lambda function. This is automatically set totrue
if the version containsSNAPSHOT
.triggers
A list of one or more triggers that execute Lambda function. CurrentlyCloudWatch Events - Schedule
,SNS
,SQS
,DynamoDB
andKinesis
are supported. WhenfunctionNameSuffix
is present then suffix will be added automatically.environmentVariables
Map to define environment variables for Lambda functions enable you to dynamically pass settings to your function code and libraries, without making changes to your code. Deployment functionality merges those variables with the one provided in json configuration.keepAlive
When specified, a CloudWatch event is scheduled to "ping" your function every X minutes, where X is the value you specify. This keeps your lambda function resident and ready to receive real requests at all times. This is useful for when you need your function to be responsive.passThrough
This directive is to be used only on the command line. It allows you to pass environment variables from the command line to your functions using json. Example:
mvn package shade:shade lambda:deploy-lambda -DpassThrough="{'KEY1' : 'VAL1', 'KEY2' : 'VAL2'}"
kmsEncryptionKeyArn
The AWS KMS encryption key you wish to use to encrypt/decrypt sensitive environment variables.encryptedPassThrough
Similar to passThrough (see above), but these variables will be encrypted using the KMS encryption key specified above. Requires that kmsEncryptionKeyArn is specified.clientConfiguration
Allows you to specify a http(s) proxy when communicating with AWS. The following parameters may be specified, see the Example configuration below for an example.protocol
proxyHost
proxyPort
proxyDomain
proxyUsername
proxyPassword
proxyWorkstation
Current configuration of LambdaFunction can be found in LambdaFunction.java.
<project
...
<properties>
<lambda.functionCode>${project.build.directory}/${project.build.finalName}.jar</lambda.functionCode>
<lambda.version>${project.version}</lambda.version>
<lambda.publish>true</lambda.publish>
<lambda.forceUpdate>true</lambda.forceUpdate>
<lambda.functionNameSuffix>dev</lambda.functionNameSuffix>
</properties>
...
<plugin>
<groupId>com.github.seanroy</groupId>
<artifactId>lambda-maven-plugin</artifactId>
<version>2.3.2</version>
<configuration>
<skip>false</skip>
<functionCode>${lambda.functionCode}</functionCode>
<version>${lambda.version}</version>
<alias>development</alias>
<vpcSecurityGroupIds>sg-123456</vpcSecurityGroupIds>
<vpcSubnetIds>subnet-123456,subnet-123456,subnet-123456</vpcSubnetIds>
<lambdaRoleArn>arn:aws:iam::1234567:role/YourLambdaS3Role</lambdaRoleArn>
<s3Bucket>mys3bucket</s3Bucket>
<keyPrefix>my/awesome/prefix</keyPrefix>
<publish>${lambda.publish}</publish>
<forceUpdate>${lambda.forceUpdate}</forceUpdate>
<functionNameSuffix>${lambda.functionNameSuffix}</functionNameSuffix>
<environmentVariables>
<key0>value0</key0>
</environmentVariables>
<clientConfiguration>
<protocol>https</protocol>
<proxyHost>proxy-host.net</proxyHost>
<proxyPort>1234</proxyPort>
</clientConfiguration>
<lambdaFunctionsJSON>
[
{
"functionName": "my-function-name-0",
"description": "I am awesome function",
"handler": "no.flowlab.lambda0::test",
"timeout": 30,
"memorySize": 512,
"keepAlive": 15,
"triggers": [
{
"integration": "CloudWatch Events - Schedule",
"ruleName": "every-minute",
"ruleDescription": "foo bar",
"scheduleExpression": "rate(1 minute)"
},
{
"integration": "DynamoDB",
"dynamoDBTable": "myTable",
"batchSize": 100,
"startingPosition": "TRIM_HORIZON"
},
{
"integration": "Kinesis",
"kinesisStream": "myStream",
"batchSize": 100,
"startingPosition": "TRIM_HORIZON"
},
{
"integration": "SNS",
"SNSTopic": "SNSTopic-1"
},
{
"integration": "SNS",
"SNSTopic": "SNSTopic-2"
},
{
"integration": "Alexa Skills Kit"
"alexaSkillId": "amzn1.ask.skill..."
},
{
"integration": "Lex",
"lexBotName": "BookCar"
},
{
"integration": "SQS",
"standardQueue": "queueName"
}
],
"environmentVariables": {
"key1": "value1",
"key2": "value2"
}
},
{
"functionName": "my-function-name-1",
"description": "I am awesome function too",
"handler": "no.flowlab.lambda1"
}
]
</lambdaFunctionsJSON>
</configuration>
</plugin>
...
</project>
Environment variables set by this plugin respect the following hierarchy:
- Variables set within the AWS Lambda Console.
- Variables set within the Configuration block of the plugin (See above).
- Variables set within the JSON lambda function descriptors (See above).
- Pass through variables defined on the command line when deploying the function.
Variables defined at a higher level (top of the list above) may be overridden by those at a lower level.
Your AWS credentials may be set on the command line or in the plugin configuration. If accessKey
and
secretKey
are not explicitly defined, the plugin will look for them in your environment or in your
~/.aws/credentials file
IAM permissions required by this plugin:
- action
s3:GetObject
ands3:PutObject
on resourcearn:aws:s3:::<s3Bucket>/*
- action
s3:ListBucket
on resourcearn:aws:s3:::<s3Bucket>
- action
s3:CreateBucket
if you want the plugin to create the S3 bucket you specify. - action
lambda:CreateFunction
- action
lambda:InvokeFunction
- action
lambda:GetFunction
- action
lambda:UpdateFunctionCode
- action
lambda:UpdateFunctionConfiguration
- action
lambda:ListAliases
- action
lambda:GetPolicy
on resource:arn:aws:lambda:<region>:<acount-number>:function:<function-name>
- action
lambda:UpdateAlias
on resource:arn:aws:lambda:<region>:<acount-number>:function:<function-name>
- action
lambda:ListEventSourceMappings
on resource: * - action
events:PutRule
on resourcearn:aws:events:<region>:<acount-number>:rule/*
- action
events:PutTargets
on resourcearn:aws:events:<region>:<acount-number>:rule/*
- action
events:ListRuleNamesByTarget
on resourcearn:aws:events:<region>:<acount-number>:rule/*
- action
events:DescribeRule
on resourcearn:aws:events:<region>:<acount-number>:rule/KEEP-ALIVE-<function-name>
- action
kinesis:GetRecords, GetShardIterator, DescribeStream, and ListStreams on Kinesis streams
- action
sqs:GetQueueUrl, sqs:GetQueueAttributes on SQS
- action
iam:PassRole
on resource<lambdaRoleArn>
- action
SNS:ListSubscriptions
on resourcearn:aws:events:<region>:<acount-number>:*
If you are interested in contributing to this project, please note that current development can be found in the SNAPSHOT branch of the coming release. When making pull requests, please create them against this branch.
A test harness has been provided which can be run with mvn test
Please use
this and feel free to add additional tests. Note that the basic-pom.xml file
requires you to add your role arn in order to work. As such, basic-pom.xml
has been added to .gitignore so that you don't accidentally commit your role
to the file. If you add more pom's as part of enhancing the test suite,
please remember to add them to .gitignore.
2.3.5
- Ability to set skill Id for Alexa Skills Kit trigger. Thanks [email protected]
- Auto force update if version contains SNAPSHOT. Thanks [email protected]
2.3.4
- Resolves Issue 117 https://github.com/juger89
- Thanks [email protected]
2.3.3
- Added Support for SQS Trigger
2.3.2
- Resolves Issue 89, allowing for encryption of environment variables defined on the command line. See kmsEncryptionKey and encryptedPassThrough above.
2.3.1
- Resolves Issue 87, which was introduced in 2.3.0.
2.3.0
- Resolves Issue 84, Environment variables respect a hierarchy of definition and plugin will no longer wipe out existing variables
2.2.9
- Added ability to set http proxy on AWS clients. Issue 39
2.2.8
- Added the ability to set an alias for the new function version, provided publish=true. Fixes Issue 74
2.2.7
- Added SNS & Kinesis trigger orphan handling. This resolves Issue 50
2.2.6
- Fixed another potential NPE, added orphan trigger cleanup for DynamoDB integrations.
2.2.5
- Fixed Issue 77
2.2.4
- Smarter orphaned permission handling.
2.2.3
2.2.2
- Fixed Issue 66
- Fixed sources of potential NPEs, thank Jean Blanchard
2.2.1
- Added passThrough environment variables feature, allowing you to pass environment variables from the command line.
- Added cleanup code to remove cloudwatch event rules that have become orphaned on when the function is being deleted. More triggers will be added to the cleanup list in a later revision.
2.2.0
- Added Keep Alive functionality
- Fixed broken update schedule code.
- Added Kinesis trigger, thanks Matt Van
- Deletion of triggers on lambda delete and the update code needs serious re-working.
- Need to work on cleaning up after orphaned resources.
2.1.7
- Fixed critical credentials bug introduced in 2.1.6.
2.1.6
- Removed some deprecated code
- functionNameSuffix is no longer automatically hyphenated. If you want a hyphen, specify it in the functionNameSuffix directive.
2.1.5
- Add support for environment variables Issue 48
- Thanks [email protected]
2.1.4
- Fixed [Issue 46] (#46)
- Thanks [email protected]
2.1.3
- Fixed [Issue 42] (#42)
- Thanks [email protected]
2.1.2
- Added trigger to allow Alexa Skills Kit Integration.
2.1.1
- Remove deprecated
scheduledRules
andtopics
functionality - Thanks [email protected]
2.1.0
- Add support for triggers. Deprecated
scheduledRules
andtopics
as thouse have been moved to triggers - Add support for DynamoDB stream.
lambdaRoleArn
requires AWSLambdaDynamoDBExecutionRole policy - Update to AWS SDK 1.11.41
- Thanks [email protected]
2.0.1
- Fixed [Issue 33] (#33) Thank Vũ Mạnh Tú.
2.0.0
- Add support for configuration many lambda functions in one deliverable, supports config in JSON, each lumbda function configuration can be fully customized
- Add support for version aliases when publish is activated
- Change defaults
- Fixed some mainor code smells
- Remove support for annotations
- Refactor code to java8
- Add publish flag, which controls Lambda versioning in AWS
- Force update support
- Add support for SNS topics
- Add support for scheduled rules, cron jobs which trigger lambda function
- Thanks [email protected]
1.1.6
- Removed debugging related code.
1.1.5
- Fixed bug where default value of functionNameSuffix evaluating to null instead of a blank string.
1.1.4
- Added functionNameSuffix optional property.
1.1.3
- Fixed [Issue 28] (#28)
1.1.2
- Fixed invalid dependency to lambda-maven-annotations
1.1.1
- Added support for Virtual Private Clouds. Thanks Jem Rayfield.
- Added ability to designate functions for deployment via LambduhFunction annotations. (Details coming soon).
1.1.0
- Added delete goal.
1.0.6
- Issue 19 Added test harness.
- Update function code if code or configuration has changed instead of deleting and recreating every time. Thanks Guillermo Menendez
1.0.5
- Accidental deployment of release. Should be functionally equivalent to 1.0.4.
1.0.4
- Fixed issue 8
- No longer uploads function code to S3 when no changes have been made to speed up development cycle over slow connections. Thanks Philip M. White.
- Fixed logging.
1.0.3
- Fixed a bug where getting a bucket fails if existing. Thanks buri17
- Fixed problem with region specification. Thanks buri17
- Adding ability to pull creds from the default provider. Thanks Chris Weiss
1.0.2
- Fixed PatternSyntaxException on windows #1