lambda-sc-bucket-cleanup

An application to clean up an S3 bucket after it has been terminated from the Service Catalog.

We allow self service provisioning of S3 buckets in our AWS Service Catalog. We have configured the SC to retain the bucket when users terminate an S3 bucket product from the Service catalog. This means that the S3 bucket SC product will be removed however the S3 bucket resource remains in the account. The buckets are orphaned from our Service Catalog which essentially puts them into an archived state. The purpose of this app is to delete the archived buckets along with all of the data in the bucket after a certain number of days (archived period) after it's been archived. This lambda does not support cleaning up buckets with versioning enabled.

Development

Contributions

Contributions are welcome.

Setup Development Environment

Install the following applications:

• AWS CLI
• AWS SAM CLI
• pre-commit
• pipenv

Install Requirements

Run pipenv install --dev to install both production and development requirements, and pipenv shell to activate the virtual environment. For more information see the pipenv docs.

After activating the virtual environment, run pre-commit install to install the pre-commit git hook.

Update Requirements

First, make any needed updates to the base requirements in Pipfile, then use pipenv to regenerate both Pipfile.lock and requirements.txt.

$ pipenv update --dev

We use pipenv to control versions in testing, but sam relies on requirements.txt directly for building the lambda artifact, so we dynamically generate requirements.txt from Pipfile.lock before building the artifact. The file must be created in the CodeUri directory specified in template.yaml.

$ pipenv requirements > requirements.txt

Additionally, pre-commit manages its own requirements.

$ pre-commit autoupdate

Create a local build

Use a Lambda-like docker container to build the Lambda artifact

$ sam build --use-container

Run unit tests

Tests are defined in the tests folder in this project, and dependencies are managed with pipenv. Install the development dependencies and run the tests using coverage.

$ pipenv run coverage run -m pytest tests/ -svv

Automated testing will upload coverage results to Coveralls.

Run integration tests

Running integration tests requires docker

$ sam local invoke HelloWorldFunction --event events/event.json

Deployment

Deploy Lambda to S3

Deployments are sent to the Sage cloudformation repository which requires permissions to upload to Sage bootstrap-awss3cloudformationbucket-19qromfd235z9 and essentials-awss3lambdaartifactsbucket-x29ftznj6pqw buckets.

sam package --template-file .aws-sam/build/template.yaml \
  --s3-bucket essentials-awss3lambdaartifactsbucket-x29ftznj6pqw \
  --output-template-file .aws-sam/build/lambda-sc-bucket-cleanup.yaml

aws s3 cp .aws-sam/build/lambda-sc-bucket-cleanup.yaml s3://bootstrap-awss3cloudformationbucket-19qromfd235z9/lambda-sc-bucket-cleanup/master/

Publish Lambda

Private access

Publishing the lambda makes it available in your AWS account. It will be accessible in the serverless application repository.

sam publish --template .aws-sam/build/lambda-sc-bucket-cleanup.yaml

Public access

Making the lambda publicly accessible makes it available in the global AWS serverless application repository

aws serverlessrepo put-application-policy \
  --application-id <lambda ARN> \
  --statements Principals=*,Actions=Deploy

Install Lambda into AWS

Parameters

This lambda has the following parameters:

• ArchivedPeriod: The number of days from the current date that the archived bucket should be deleted. Note that Cloudformation will retain stack info for only 90 days after it has been deleted
• EnableScheule: true to run on a schedule, false to disable. If enabled a valid Schedule must be provided
• Schedule: Schedule to execute the lambda, can be a rate or a cron schedule

Sceptre

Create the following sceptre file config/prod/lambda-sc-bucket-cleanup.yaml

template_path: "remote/lambda-sc-bucket-cleanup.yaml"
stack_name: "lambda-sc-bucket-cleanup"
stack_tags:
  Department: "Platform"
  Project: "Infrastructure"
  OwnerEmail: "[email protected]"
parameters:
  ArchivedPeriod: "60"
hooks:
  before_launch:
    - !cmd "curl https://bootstrap-awss3cloudformationbucket-19qromfd235z9.s3.amazonaws.com/lambda-sc-bucket-cleanup/master/lambda-sc-bucket-cleanup.yaml --create-dirs -o templates/remote/lambda-sc-bucket-cleanup.yaml"

Install the lambda using sceptre:

sceptre --var "profile=my-profile" --var "region=us-east-1" launch prod/lambda-sc-bucket-cleanup.yaml

AWS Console

Steps to deploy from AWS console.

1. Login to AWS
2. Access the serverless application repository -> Available Applications
3. Select application to install
4. Enter Application settings
5. Click Deploy

Releasing

We have setup our CI to automate a releases. To kick off the process just create a tag (i.e 0.0.1) and push to the repo. The tag must be the same number as the current version in template.yaml. Our CI will do the work of deploying and publishing the lambda.