Walkthrough Container deployment

Have installed

Change to the deploy_container directory of the github source code.

cd infrastructure-as-go/cdk-go/lambda/deploy_container

1 - Test

task test

This calls go testin the infrastructure directory.

  1 package gograviton_test
  3 import (
  4   "encoding/json"
  5   "testing"
  7   "github.com/aws/aws-cdk-go/awscdk/v2"
  8   "github.com/stretchr/testify/assert"
  9   "github.com/tidwall/gjson"
 10   "gograviton"
 12 )
 14 func TestLambdaGoArmStack(t *testing.T) {
 15   // GIVEN
 16   app := awscdk.NewApp(nil)
 18   // WHEN
 19   stack := gograviton.NewLambdaGoArmStack(app, "MyStack", nil)
 21   // THEN
 22   bytes, err := json.Marshal(app.Synth(nil).GetStackArtifact(stack.ArtifactId()).Template())
 23   if err != nil {
 24     t.Error(err)
 25   }
 27   template := gjson.ParseBytes(bytes)
 28   attribute := template.Get("Resources.RegisterHandlerArm9EEB6A7A.Properties.FunctionName").String()
 29   assert.Equal(t, "hellodockerarm", attribute)
 31   attribute = template.Get("Resources.RegisterHandlerArm9EEB6A7A.Properties.Architectures").String()
 32   assert.Equal(t, "[\"arm64\"]", attribute)
 33 }

This is a CDK unit test, wich just checks properties of the generated CloudFormation code. The app itself just print “hello”, so no test needed there.

The CloudFormation Template is generated in line 22. Then gjson, which is imported in line 9 is used to get objects from the JSON path. The generated JSON is stored in infra/cdk.out/LambdaGoArmStack.template.json.

There is a Lambda function resource called “hellodockerarm”, which is tested in line 28 and the architecture of the arm resource, which is tested in line 31/32.


ok  	gograviton	2.910s

2 - Deploy

task deploy

This calls the CDK deploy function with cdk deploy –require-approval never. The –require-approval never circumvents the “are you sure y/n” question.

The deployment takes care of these steps:

  1. Create CloudFormation Template
  2. Call Docker to create an container image
  3. Upload the image to ECR - the AWS container registry
  4. Send Template to S3
  5. Call Cloudformationcalls with create change set
  6. Cloudformation (cfn) executes change ser
    1. Cfn creates Lambda
    2. Cfn Creates IAM Role resources

The output is different depending on if you call for the first time.


lambda-go-arm: deploying...
[0%] start: Publishing 7d7836d90acd2373230c74dd0e3aee842e808bbaa77cca8767abbf343e6e71e2:current_account-current_region
[33%] success: Published 7d7836d90acd2373230c74dd0e3aee842e808bbaa77cca8767abbf343e6e71e2:current_account-current_region
[33%] start: Publishing bdb6eac21db8dd9bef83cb77825ead1f581a3c280e2edff1bc89f2355429bd86:current_account-current_region
[66%] success: Published bdb6eac21db8dd9bef83cb77825ead1f581a3c280e2edff1bc89f2355429bd86:current_account-current_region
[66%] start: Publishing a21696dd9b4b93f99cb1b6e3fa84a0d38a4154dd38284ca4bf6693a75d7129f5:current_account-current_region
[100%] success: Published a21696dd9b4b93f99cb1b6e3fa84a0d38a4154dd38284ca4bf6693a75d7129f5:current_account-current_region
lambda-go-arm: creating CloudFormation changeset...

 ✅  lambda-go-arm

Stack ARN:

3 - Invoke

task invoke

You can call the Lambda function also in the console, here I use the AWS CLI:

aws lambda invoke --function-name hellodockerarm --payload fileb://testdata/event.json testdata/lambda.out

Part  Meaning
aws lambda  AWS CLI call lambda service
invoke API action
–function-name hellodockerarm the function name is the primary index for a lambda function
–payload fileb://testdata/event.json Feed this JSON file into lambda
testdata/lambda.out Lambda function output


  "name": "doit"


task: [invoke] aws lambda invoke --function-name hellodockerarm  --payload fileb://testdata/event.json testdata/lambda.out
    "StatusCode": 200,
    "ExecutedVersion": "$LATEST"
task: [invoke] cat testdata/lambda.out
"Hiho doit!"%

4 - Show resources

task show

This uses cdkstat to show resources. You could also use the aws cloudformation describe-stack-resources --stack-name lambda-go-arm.


The CloudFormation generated resources

Logical ID                       Pysical ID                       Type                             Status
----------                       ----------                       -----------                      -----------
CDKMetadata                      446edd20-3bad-11ec-934e-067a5fa  AWS::CDK::Metadata               CREATE_COMPLETE
RegisterHandlerAmd9BBD5506       hellodockerx86                   AWS::Lambda::Function            CREATE_COMPLETE
RegisterHandlerAmdServiceRole5F  lambda-go-arm-RegisterHandlerAm  AWS::IAM::Role                   CREATE_COMPLETE
RegisterHandlerArm9EEB6A7A       hellodockerarm                   AWS::Lambda::Function            CREATE_COMPLETE
RegisterHandlerArmServiceRole9D  lambda-go-arm-RegisterHandlerAr  AWS::IAM::Role                   CREATE_COMPLETE

The ECR repositories

This calls aws ecr describe-repositories

    "repositories": [
            "repositoryArn": "arn:aws:ecr:eu-central-1:555444333:repository/cdk-hnb659fds-container-assets-555444333-eu-central-1",
            "registryId": "555444333",
            "repositoryName": "cdk-hnb659fds-container-assets-555444333-eu-central-1",
            "repositoryUri": "555444333.dkr.ecr.eu-central-1.amazonaws.com/cdk-hnb659fds-container-assets-555444333-eu-central-1",
            "createdAt": "2021-08-02T10:44:53+02:00",
            "imageTagMutability": "MUTABLE",
            "imageScanningConfiguration": {
                "scanOnPush": false
            "encryptionConfiguration": {
                "encryptionType": "AES256"

The images inside the repository

    "imageIds": [
            "imageDigest": "sha256:9866360a5d9d5fdcd0bfd1b6a081ccd357df92edefdfe8099442939848071f7a",
            "imageTag": "bdb6eac21db8dd9bef83cb77825ead1f581a3c280e2edff1bc89f2355429bd86"
            "imageDigest": "sha256:9866360a5d9d5fdcd0bfd1b6a081ccd357df92edefdfe8099442939848071f7a",
            "imageTag": "5d242b86badb0a538e20c7692195f4e98046f1705c9f3c684b7c472a3f1aa470"

5 - Destroy

Cleanup with:

task destroy


task destroy
task: [destroy] cdk destroy --force
lambda-go-arm: destroying...
 ✅  lambda-go-arm: destroyed

See also

See the full source on github.