feat(optional-alerts): optional alerts and python 3.11 (#99)

Versent · Aug 21, 2023 · 323e04f · 323e04f
1 parent 71f61e4
commit 323e04f
Show file tree

Hide file tree

Showing 8 changed files with 539 additions and 508 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -19,7 +19,7 @@ jobs:
   Deploy:
     strategy:
       matrix:
-        python-version: ["3.9"]
+        python-version: ["3.11"]
     runs-on: ubuntu-latest
     environment: innovation
     # These permissions are needed to interact

diff --git a/.github/workflows/python-lint.yml b/.github/workflows/python-lint.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.9"]
+        python-version: ["3.11"]
     steps:
       - uses: actions/checkout@v3
       - name: Set up Python ${{ matrix.python-version }}

diff --git a/.github/workflows/state-lint.yml b/.github/workflows/state-lint.yml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.9"]
+        python-version: ["3.11"]
     steps:
       - uses: actions/checkout@v3
       - name: Set up Python ${{ matrix.python-version }}

diff --git a/.github/workflows/yaml-lint.yml b/.github/workflows/yaml-lint.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.9"]
+        python-version: ["3.11"]
     steps:
       - uses: actions/checkout@v3
       - name: Set up Python ${{ matrix.python-version }}

diff --git a/Pipfile b/Pipfile
@@ -20,9 +20,11 @@ aws_xray_sdk = "*"
 aws-lambda-powertools = "*"
 boto3 = "*"
 staxapp = "*"
+# https://stackoverflow.com/questions/76667202/aws-lambda-function-cant-find-module
+jsonschema = "==4.17.3"
 
 [requires]
-python_version = "3.9"
+python_version = "3.11"
 
 [scripts]
 create-ssm-parameters = "python examples/create_ssm_parameters.py"
diff --git a/Pipfile.lock b/Pipfile.lock
diff --git a/docs/direct_deployment.md b/docs/direct_deployment.md
@@ -18,7 +18,7 @@ The Serverless Application Model Command Line Interface (SAM CLI) is an extensio
 To use the Stax Orchestrator Application, you need the following tools:
 
 * SAM CLI - [Install the SAM CLI](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install.html)
-* [Python 3.9 installed](https://www.python.org/downloads/)
+* [Python 3.11 installed](https://www.python.org/downloads/)
 * Docker - [Install Docker community edition](https://hub.docker.com/search/?type=edition&offering=community)
 * [Make](https://www.gnu.org/software/make/manual/make.html)
 * Workload Deployment Bucket (See Readme's section #Stax Deployment Bucket)

diff --git a/template.yml b/template.yml
@@ -84,6 +84,26 @@ Parameters:
     AllowedValues:
       - "true"
       - "false"
+  EnableAlerting:
+    Type: String
+    Description: >-
+      Get alerts for failed step function executions; alerts on
+      failed workload deployments. Provide https endpoint or email
+      address to send alerts to.
+    Default: "true"
+    AllowedValues:
+      - "true"
+      - "false"
+  AlertsHttpsEndpoint:
+    Type: String
+    Description: >-
+      HTTPS endpoint to send alerts to.
+    Default: ""
+  AlertsEmail:
+    Type: String
+    Description: >-
+      Email address to send alerts to.
+    Default: ""
 
 Metadata:
   AWS::ServerlessRepo::Application:
@@ -110,6 +130,30 @@ Conditions:
     - "true"
   StateMachineTracingEnabled: !Equals [!Ref EnableStateMachineTracing, "true"]
   LambdaTracingEnabled: !Equals [!Ref EnableLambdaTracing, "true"]
+  AlertHttpsEndpointProvided: !Not [!Equals [!Ref AlertsHttpsEndpoint, ""]]
+  EnableAlerting: !Equals [!Ref EnableAlerting, "true"]
+  SubscribeHttpsEndpoint: !And
+    - Condition: EnableAlerting
+    - Condition: WorkloadStateMachineEnabled
+    - Condition: AlertHttpsEndpointProvided
+  AlertEmailProvided: !Not [!Equals [!Ref AlertsEmail, ""]]
+  SubscribeEmail: !And
+    - Condition: EnableAlerting
+    - Condition: WorkloadStateMachineEnabled
+    - Condition: AlertEmailProvided
+
+Globals:
+  Function:
+    Runtime: python3.11
+    MemorySize: 128
+    Timeout: 300
+    Environment:
+      Variables:
+        LOG_LEVEL: !Ref PythonLoggingLevel
+    Layers:
+      - !Ref StaxLibLayer
+    Architectures:
+      - arm64
 
 Resources:
   WorkloadStateMachine:
@@ -204,17 +248,7 @@ Resources:
         Validate user input required to create/update/delete workloads
       CodeUri: functions/validate_input/
       Handler: app.lambda_handler
-      Runtime: python3.9
-      MemorySize: 128
-      Timeout: 300
       Tracing: !If [LambdaTracingEnabled, Active, !Ref AWS::NoValue]
-      Layers:
-        - !Ref StaxLibLayer
-      Environment:
-        Variables:
-          LOG_LEVEL: !Ref PythonLoggingLevel
-      Architectures:
-        - arm64
       Policies:
         - !Ref StaxOrchestratorLambdaPolicy
         - Fn::If:
@@ -229,17 +263,7 @@ Resources:
       Description: Invoke Stax API to create a workload
       CodeUri: functions/create_workload/
       Handler: app.lambda_handler
-      Runtime: python3.9
       Tracing: !If [LambdaTracingEnabled, Active, !Ref AWS::NoValue]
-      MemorySize: 128
-      Layers:
-        - !Ref StaxLibLayer
-      Timeout: 300
-      Environment:
-        Variables:
-          LOG_LEVEL: !Ref PythonLoggingLevel
-      Architectures:
-        - arm64
       Policies:
         - !Ref StaxOrchestratorLambdaPolicy
         - Fn::If:
@@ -254,17 +278,7 @@ Resources:
       Description: Invoke Stax API to update a workload
       CodeUri: functions/update_workload/
       Handler: app.lambda_handler
-      Runtime: python3.9
       Tracing: !If [LambdaTracingEnabled, Active, !Ref AWS::NoValue]
-      MemorySize: 128
-      Layers:
-        - !Ref StaxLibLayer
-      Timeout: 300
-      Environment:
-        Variables:
-          LOG_LEVEL: !Ref PythonLoggingLevel
-      Architectures:
-        - arm64
       Policies:
         - !Ref StaxOrchestratorLambdaPolicy
         - Fn::If:
@@ -279,17 +293,7 @@ Resources:
       Description: Invoke Stax API to delete a workload
       CodeUri: functions/delete_workload/
       Handler: app.lambda_handler
-      Runtime: python3.9
       Tracing: !If [LambdaTracingEnabled, Active, !Ref AWS::NoValue]
-      MemorySize: 128
-      Layers:
-        - !Ref StaxLibLayer
-      Timeout: 300
-      Environment:
-        Variables:
-          LOG_LEVEL: !Ref PythonLoggingLevel
-      Architectures:
-        - arm64
       Policies:
         - !Ref StaxOrchestratorLambdaPolicy
         - Fn::If:
@@ -303,17 +307,7 @@ Resources:
       Description: Get status of a workload task
       CodeUri: functions/get_task_status/
       Handler: app.lambda_handler
-      Runtime: python3.9
-      MemorySize: 128
-      Timeout: 300
       Tracing: !If [LambdaTracingEnabled, Active, !Ref AWS::NoValue]
-      Layers:
-        - !Ref StaxLibLayer
-      Environment:
-        Variables:
-          LOG_LEVEL: !Ref PythonLoggingLevel
-      Architectures:
-        - arm64
       Policies:
         - !Ref StaxOrchestratorLambdaPolicy
         - Fn::If:
@@ -333,7 +327,7 @@ Resources:
       CompatibleArchitectures:
         - arm64
       CompatibleRuntimes:
-        - python3.9
+        - python3.11
       RetentionPolicy: Delete
     Metadata:
       BuildMethod: makefile
@@ -587,12 +581,74 @@ Resources:
             }
       # yamllint enable rule:line-length
 
+  FailedWorkloadStateMachineEventsRule:
+    Condition: WorkloadStateMachineEnabled
+    Type: AWS::Events::Rule
+    Properties:
+      Description: Trigger SNS topic when WorkloadStateMachine fails
+      Targets:
+        - Arn: !Ref AlertsTopic
+          Id: FailedWorkloadStateMachineEventsRule
+      EventPattern:
+        source:
+          - aws.states
+        detail-type:
+          - Step Functions Execution Status Change
+        detail:
+          status:
+            - FAILED
+          stateMachineArn:
+            - !Ref WorkloadStateMachine
+
+  AlertsTopicPolicy:
+    Condition: WorkloadStateMachineEnabled
+    Type: AWS::SNS::TopicPolicy
+    Properties:
+      PolicyDocument:
+        Id: AlertsTopicPolicy
+        Version: 2012-10-17
+        Statement:
+          - Sid: AllowEventsServiceToPublishToTopic
+            Effect: Allow
+            Principal:
+              Service: events.amazonaws.com
+            Action: sns:Publish
+            Resource: !Ref AlertsTopic
+      Topics:
+        - !Ref AlertsTopic
+
+  AlertsTopic:
+    Condition: WorkloadStateMachineEnabled
+    Type: AWS::SNS::Topic
+
+  HttpEndpointSubscription:
+    Condition: SubscribeHttpsEndpoint
+    Type: AWS::SNS::Subscription
+    Properties:
+      Protocol: https
+      TopicArn: !Ref AlertsTopic
+      Endpoint: !Ref AlertsHttpsEndpoint
+
+  EmailSubscription:
+    Condition: SubscribeEmail
+    Type: AWS::SNS::Subscription
+    Properties:
+      Protocol: email
+      TopicArn: !Ref AlertsTopic
+      Endpoint: !Ref AlertsEmail
+
 Outputs:
   WorkloadStateMachineArn:
     Condition: WorkloadStateMachineEnabled
-    Description: Stax workload deployer arn
+    Description: Stax orchestrator workload deployment step function arn
     Value: !Ref WorkloadStateMachine
 
   TaskWatcherStateMachineArn:
-    Description: Stax task watcher arn
+    Description: Stax orchestrator task watcher step function arn
     Value: !Ref TaskWatcherStateMachine
+
+  AlertsTopicArn:
+    Condition: WorkloadStateMachineEnabled
+    Description: >-
+      Stax orchestrator SNS topic arn to subscribe to for alert notifications
+    Value: !Ref AlertsTopic