The Lambda version of the tool is a lightweight wrapper around the core cfn-guard code that can simply be invoked as a Lambda.
sudo apt-get update; sudo apt install build-essential if you haven't alreadymusl-libc package repository to your yum config (see https://copr.fedorainfracloud.org/coprs/ngompa/musl-libc/)~/.cargo/config:
[target.x86_64-unknown-linux-musl]
linker = "x86_64-linux-musl-gcc"
cfn-guard-lambda directorycargo build --release --target x86_64-unknown-linux-musl. For a custom runtime, AWS Lambda looks for an executable called bootstrap in the deployment package zip. Rename the generated cfn-lambda executable to bootstrap and add it to a zip archive.cp ./../target/x86_64-unknown-linux-musl/release/cfn-guard-lambda ./bootstrap && zip lambda.zip bootstrap && rm bootstrap.bash
aws lambda create-function --function-name cfnGuard \
--handler guard.handler \
--zip-file fileb://./lambda.zip \
--runtime provided \
--role arn:aws:iam::XXXXXXXXXXXXX:role/your_lambda_execution_role \
--environment Variables={RUST_BACKTRACE=1} \
--tracing-config Mode=Active
To invoke the submitted cfn-guard as a Lambda function run:
bash
aws lambda invoke --function-name rustTest \
--payload '{"data": "<input data>", "rules" : "<input rules>"}' \
output.json
Requests to cfn-guard-lambda require the two following fields:
* data - The string version of the YAML or JSON template
* rules - The string version of the rule set file
Q: How do I troubleshoot a lambda call returning an opaque error message like:
```bash
{"errorType": "Runtime.ExitError", "errorMessage": "RequestId: 1c0c0620-0f83-40bc-8eca-3cf2cf24820f Error: Runtime exited with error: exit status 101"}
```
Run the same rule set and template locally with
cfn-guardto get a better message:
```bash
Parsing error handling template file, Error = while parsing a flow mapping, did not find expected ',' or '}' at line 21 column 1
```
cfn-guard-lambdais just a wrapper for thecfn-guardcode and each can be used to test the other.