-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdeploy_lambda.ps1
More file actions
144 lines (119 loc) · 5.56 KB
/
deploy_lambda.ps1
File metadata and controls
144 lines (119 loc) · 5.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
# Nebula Full Project Deployment Script (Windows PowerShell)
Write-Host "🚀 Starting FULL Nebula Deployment (Lambda + Fargate)..." -ForegroundColor Cyan
# 1. Configuration
$AWS_REGION = "ap-south-1"
$PROJECT_NAME = "nebula-multicloud"
$DB_PASSWORD = "trialForNebula"
function Ensure-LambdaFunctionUrlInvokePermission {
param(
[Parameter(Mandatory = $true)]
[string]$FunctionName,
[Parameter(Mandatory = $true)]
[string]$Region
)
Write-Host "🔐 Ensuring Lambda Function URL invoke permission..." -ForegroundColor Yellow
$policy = aws lambda get-policy --function-name $FunctionName --output text 2>$null
if ($policy -notmatch '"Action":"lambda:InvokeFunction"') {
$addPermissionOutput = aws lambda add-permission `
--function-name $FunctionName `
--statement-id FunctionURLInvokeAllowPublicAccess `
--action lambda:InvokeFunction `
--principal "*" `
--invoked-via-function-url `
--output text 2>&1
if ($LASTEXITCODE -eq 0) {
Write-Host "✅ Added public invoke permission for Function URL." -ForegroundColor Green
return
}
if ($addPermissionOutput -match "Unknown options: --invoked-via-function-url") {
$pythonFallback = @'
import json
import sys
import urllib.error
import urllib.request
import boto3
from botocore.auth import SigV4Auth
from botocore.awsrequest import AWSRequest
function_name = sys.argv[1]
region = sys.argv[2]
url = f"https://lambda.{region}.amazonaws.com/2015-03-31/functions/{function_name}/policy"
payload = {
"Action": "lambda:InvokeFunction",
"Principal": "*",
"StatementId": "FunctionURLInvokeAllowPublicAccess",
"InvokedViaFunctionUrl": True,
}
session = boto3.Session(region_name=region)
credentials = session.get_credentials()
if credentials is None:
raise SystemExit("No AWS credentials available for Lambda permission fallback.")
body = json.dumps(payload).encode("utf-8")
request = AWSRequest(method="POST", url=url, data=body, headers={"Content-Type": "application/json"})
SigV4Auth(credentials.get_frozen_credentials(), "lambda", region).add_auth(request)
prepared = request.prepare()
http_request = urllib.request.Request(url, data=body, headers=dict(prepared.headers.items()), method="POST")
try:
with urllib.request.urlopen(http_request, timeout=30) as response:
print(response.read().decode("utf-8"))
except urllib.error.HTTPError as exc:
print(exc.read().decode("utf-8"), file=sys.stderr)
raise
'@
$pythonFallback | python - $FunctionName $Region
if ($LASTEXITCODE -ne 0) {
throw "Failed to add Function URL invoke permission via Python fallback."
}
Write-Host "✅ Added public invoke permission for Function URL via Python fallback." -ForegroundColor Green
return
}
throw "Failed to add Function URL invoke permission: $addPermissionOutput"
}
Write-Host "ℹ️ Function URL invoke permission already present." -ForegroundColor Gray
}
# 2. Stage 1: Create ECR Repositories (API & Worker)
Write-Host "🏗️ Stage 1: Preparing ECR Repositories..." -ForegroundColor Yellow
$ROOT_DIR = Get-Location
cd terraform/lambda_deploy
terraform init
terraform apply -target aws_ecr_repository.backend -target aws_ecr_repository.worker -target aws_s3_bucket.frontend -var "db_password=$DB_PASSWORD" -auto-approve
$ECR_REPO_API = terraform output -raw ecr_repository_url
$ECR_REPO_WORKER = "$($ECR_REPO_API.Replace('backend', 'worker'))"
cd $ROOT_DIR
# 3. Stage 2: Build and Push BOTH Images
Write-Host "🐳 Stage 2: Building & Pushing Containers..." -ForegroundColor Yellow
cd backend
aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $ECR_REPO_API
# Build API (Lambda)
Write-Host "📦 Building API Image..." -ForegroundColor Gray
docker buildx build --platform linux/amd64 -t "$ECR_REPO_API`:latest" --provenance=false --push -f Dockerfile.lambda .
# Build Worker (Fargate)
Write-Host "📦 Building Worker Image..." -ForegroundColor Gray
docker buildx build --platform linux/amd64 -t "$ECR_REPO_WORKER`:latest" --provenance=false --push -f Dockerfile.worker .
cd $ROOT_DIR
# 4. Stage 3: Deploy Backend Infrastructure (Lambda & Redis)
Write-Host "🏗️ Stage 3: Deploying Cloud Engine..." -ForegroundColor Yellow
cd terraform/lambda_deploy
# Note: This might take a few minutes for ElastiCache Redis to provision
terraform apply -target aws_elasticache_cluster.redis -target aws_lambda_function.api -target aws_lambda_function_url.api_url -var "db_password=$DB_PASSWORD" -auto-approve
$API_URL = terraform output -raw api_endpoint
cd $ROOT_DIR
# 5. Stage 4: Build Frontend
Write-Host "📦 Stage 4: Building Frontend..." -ForegroundColor Yellow
cd frontend
$env:VITE_API_URL = "$API_URL"
npm run build
cd $ROOT_DIR
# 6. Stage 5: Finalize Infrastructure (Fargate + CDN)
Write-Host "🌐 Stage 5: Finalizing Everything..." -ForegroundColor Yellow
cd terraform/lambda_deploy
terraform apply -var "db_password=$DB_PASSWORD" -auto-approve
$S3_BUCKET = terraform output -raw s3_bucket_name
$CDN_URL = terraform output -raw cloudfront_url
cd $ROOT_DIR
Ensure-LambdaFunctionUrlInvokePermission -FunctionName "$PROJECT_NAME-api" -Region $AWS_REGION
Write-Host "📡 Syncing Frontend to S3..." -ForegroundColor Yellow
aws s3 sync frontend/dist s3://$S3_BUCKET --delete
Write-Host "`n✅ FULL PROJECT DEPLOYED!" -ForegroundColor Green
Write-Host "🌍 Dashboard: https://$CDN_URL"
Write-Host "⚙️ API Engine: $API_URL"
Write-Host "🤖 Workers: Fargate Running"