Setting this up is rather easy. Make sure you are in the lambda/codepipeline directory, build the
function using the make command.
$ make
This creates a zip package of the function which can be deployed to AWS Lambda.
You would need to give the Lambda execution role permissions in Amazon EKS cluster. Refer to this User Guide for detailed instructions.
- Edit the
aws-authConfigMap of your cluster.
$ kubectl -n kube-system edit configmap/aws-auth
- Add your Lambda execution role to the config
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
mapRoles: |
- rolearn: arn:aws:iam::<AWS Account ID>:role/devel-worker-nodes-NodeInstanceRole-74RF4UBDUKL6
username: system:node:{{EC2PrivateDNSName}}
groups:
- system:bootstrappers
- system:nodes
- rolearn: arn:aws:iam::<AWS Account ID>:role/<your lambda execution role>
username: admin
groups:
- system:masters
For your Lambda execution role, you will need permissions to describe EKS cluster. Add the following statement to the IAM role.
{
"Effect": "Allow",
"Action": [
"eks:DescribeCluster"
],
"Resource": "*"
}
You may want to be more restrictive by specifying only the arn of your EKS cluster for resource field.
Once these are configured, you can test your function. Good luck!
This reference architecture can be deployed using the AWS CloudFormation template below.
