3

I've written a basic Ballerina function and attempted to deploy as AWS Lambda.

AWS reports a permissions error when I try to add the Lambda layer (using the published ARN link - https://ballerina.io/deployment/aws-lambda/#ballerina-aws-lambda-layer-compatibility-matrix)

The error is

not authorised to perform lambda:GetLayerVersion on resource: arn:aws:lambda:eu-west-1:141896495686:layer:ballerina-0-990-3:4

I'm using eu-west-1 region. I've also tried us-west-1.

I've checked and my lambda execution role does include GetLayerVersion permission. I've also check that I can add alternative public layers successfully. For example the custom node11 runtime from https://github.com/lambci/node-custom-lambda

arn:aws:lambda:eu-west-1:553035198032:layer:nodejs11:11

can be added and saved without the same permission error.

This suggests the ballerina layer may not have appropriately public permissions. I'm just exploring so happy to deploy my own private layer if the runtime package can be shared.

Jeff Swan
  • 33
  • 3

2 Answers2

3

We have created layers for all the regions but unfortunately, permissions were not set for all the regions. Above error is causing due to that and now we have fixed it. You can following Layers and please try again. 

arn:aws:lambda:eu-west-1:141896495686:layer:ballerina-0-990-3:4
arn:aws:lambda:us-west-1:141896495686:layer:ballerina-0-990-3:4

Also you should be able to use any layer by replacing the region part of following ARN as specified in the website

arn:aws:lambda:<region to be replaced>:141896495686:layer:ballerina-0-990-3:4

Update for 1.0 onward releases

For 1.0 onward releases you need to use following layer. Now there are no release specific layers you can use same layer for new releases as well

aws lambda update-function-configuration --function-name <FUNCTION_NAME> --layers arn:aws:lambda:<REGION_ID>:141896495686:layer:ballerina:2
Tharik Kanaka
  • 2,490
  • 6
  • 31
  • 54
0

Update from WSO2 - thanks to Anjana Fernando:

Since the 1.x GA release of Ballerina, up to date references to the Layer ARN's are displayed at compile time with the generated deployment instructions.

For the Lambda By-Example sample, the generated deployment instructions include the following:

Run the following commands to deploy each Ballerina AWS Lambda function:

aws lambda create-function --function-name <FUNCTION_NAME> --zip-file fileb://aws-ballerina-lambda-functions.zip --handler

aws_lambda_deployment.<FUNCTION_NAME> --runtime provided --role <LAMBDA_ROLE_ARN> --timeout 10 --memory-size 1024
    aws lambda update-function-configuration --function-name <FUNCTION_NAME> --layers arn:aws:lambda:<REGION_ID>:141896495686:layer:ballerina:2

Replacing the FUNCTION_NAME and your own LAMBDA_ROLE_ARN are still needed, of course, but the --layers option is a reference to the layer runtime matching the Ballerina compiler version. The only change needed is to identify the REGION_ID, e.g., us-east-1 for the layer to be included in your deployment.

As such, 

--layers arn:aws:lambda:<REGION_ID>:141896495686:layer:ballerina:2

would be modified to

--layers arn:aws:lambda:us-east-1:141896495686:layer:ballerina:2

to include the appropriate layer from AWS' us-east-1 region.

Suraj Bhatia
  • 1,233
  • 3
  • 13
  • 29
Bennett Reddin
  • 21
  • 2
  • I have updated my old answers as well. Yeah now we were able to improve the layer with jBallerina where as you can use same layer for new releases – Tharik Kanaka Apr 28 '20 at 16:10