This project provides universal (runtime agnostic) GateKeepercomponent implementation based on AWS Lambda extension
to be able to use MerLoc as live AWS Lambda development tool.
Note that, to be able to use MerLoc universal GateKeeper component, first you need to setup MerLoc platform into your AWS account as explained at MerLoc Github page here.
-
Add MerLoc GateKeeper layer
Add MerLoc GateKeeper layer:
arn:aws:lambda:${region}:269863060030:layer:merloc-gatekeeper-nodejs:${version}You can use the latest layer version (shown below) instead of the
${version}above:(badge powered by Globadge serverless)
Note that the region of the ARN is dynamic, so you need to change it accordingly to the region where you deploy your function. So let’s say that you deploy your Lambda function to the
Oregon(us-west-2) region. So the layer ARN will be:arn:aws:lambda:us-west-2:269863060030:layer:merloc-gatekeeper-nodejs:${version}Add MerLoc GateKeeper layer:
arn:aws:lambda:${region}:269863060030:layer:merloc-gatekeeper:${version}You can use the latest layer version (shown below) instead of the
${version}above:(badge powered by Globadge serverless)
Note that the region of the ARN is dynamic, so you need to change it accordingly to the region where you deploy your function. So let’s say that you deploy your Lambda function to the
Oregon(us-west-2) region. So the layer ARN will be:arn:aws:lambda:us-west-2:269863060030:layer:merloc-gatekeeper:${version}Add MerLoc GateKeeper Go layer:
arn:aws:lambda:${region}:269863060030:layer:merloc-gatekeeper-go:${version}You can use the latest layer version (shown below) instead of the
${version}above:(badge powered by Globadge serverless)
Note that the region of the ARN is dynamic, so you need to change it accordingly to the region where you deploy your function. So let’s say that you deploy your Lambda function to the
Oregon(us-west-2) region. So the layer ARN will be:arn:aws:lambda:us-west-2:269863060030:layer:merloc-gatekeeper-go:${version} -
Configure AWS Lambda Function
Set
AWS_LAMBDA_EXEC_WRAPPERenvironment variable to/opt/extensions/merloc-gatekeeper-ext/bootstrapSet runtime to
Custom runtime on Amazon Linux 2(provided.al2)
Warning
Java 8 on Amazon Linux 1(java8) and.NET Core 3.1(dotnetcore3.1) runtimes are not supported.
-
Set
MERLOC_BROKER_URLenvironment variable to the-
value of the
merloc-broker.merlocbrokerwsapistageurlproperty which you get from AWS CDK broker setup output as shown in the example below:
-
or value of the
merlocbrokerwsapistageurlproperty which you get from AWS CloudFormation broker setup output as shown in the example below:
Note
By default, Thundra hosted MerLoc broker is used (so the default value iswss://merloc-broker.thundra.io) and it requires to sign-up Thundra APM here, get your API key and set your API key throughMERLOC_APIKEYenvironment variable. -
-
MERLOC_BROKER_URL: This configuration is OPTIONAL. You need to set this environment variable by broker URL as mentioned in the GateKeeper Setup section. The default value iswss://merloc-broker.thundra.io(Thundra hosted MerLoc broker). -
MERLOC_APIKEY: This configuration is OPTIONAL. But it is required (MANDATORY) if the broker requires API key (for example Thundra hosted MerLoc broker). If you are using Thundra hosted MerLoc broker (which is default), you can sign-up Thundra APM here and get your API key. -
MERLOC_ENABLE: This configuration is OPTIONAL. Even though MerLoc GateKeeper layer is added and configured, you can disable it by setting theMERLOC_ENABLEenvironment variable tofalse. For example,MERLOC_ENABLE=false -
MERLOC_DEBUG_ENABLE: This configuration is OPTIONAL. By default, internal debug logs are disabled, but you can enable it by setting theMERLOC_DEBUG_ENABLEenvironment variable totrue. For example,MERLOC_DEBUG_ENABLE=true -
MERLOC_BROKER_CONNECTION_NAME: This configuration is OPTIONAL. By default, the name of the connection to the broker is the name of the AWS Lambda function for GateKeeper. But you can change it by setting theMERLOC_BROKER_CONNECTION_NAMEenvironment variable. For example,MERLOC_BROKER_CONNECTION_NAME=serkan-connection
- If the resources (AWS RDS, AWS OpenSearch/Elasticsearch, AWS ElastiCache, etc ...) you are accessing inside the function are deployed inside a VPC, your local needs to have access to resources in the VPC. So you need to setup a VPN connection from your local machine to the VPC network. You can check this AWS blog post to learn how to do that.
Please use GitHub Issues for any bug report, feature request and support.
If you would like to contribute, please
- Fork the repository on GitHub and clone your fork.
- Create a branch for your changes and make your changes on it.
- Send a pull request by explaining clearly what is your contribution.
Tip: Please check the existing pull requests for similar contributions and consider submit an issue to discuss the proposed feature before writing code.
Licensed under Apache License 2.0.