Lambda function layer detach
Lambda function layer detach is an AWS fault that detaches the Lambda layer associated with the function, thereby causing dependency-related issues or breaking the Lambda function that relies on the layer's content.
Use cases
Lambda function layer detach:
- Debug runtime errors caused by a specific library in the layer.
- Tests how the Lambda function behaves without the dependencies provided by the layer, thereby identifying the unnecessary dependencies and reduce the layer's footprint.
Prerequisites
- Kubernetes >= 1.17
- The Lambda layer must be attached to the target Lambda function.
- Lambda function must be up and running.
- Kubernetes secret must have the AWS access configuration (key) in the
CHAOS_NAMESPACE. Below is a sample secret file:apiVersion: v1
kind: Secret
metadata:
name: cloud-secret
type: Opaque
stringData:
cloud_config.yml: |-
# Add the cloud AWS credentials respectively
[default]
aws_access_key_id = XXXXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXX
tip
Harness CE recommends that you use the same secret name, that is, cloud-secret. Otherwise, you will need to update the AWS_SHARED_CREDENTIALS_FILE environment variable in the fault template with the new secret name and you won't be able to use the default health check probes.
Below is an example AWS policy to execute the fault.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:GetFunction",
"lambda:UpdateFunctionConfiguration",
"lambda:DeleteLayerVersion",
"lambda:GetLayerVersion",
"lambda:ListLayerVersions",
],
"Resource": "*"
}
]
}
note
- Go to AWS named profile for chaos to use a different profile for AWS faults.
- Go to the superset permission/policy to execute all AWS faults.
- Go to common tunables and AWS-specific tunables to tune the common tunables for all faults and AWS-specific tunables.
Mandatory tunables
| Tunable | Description | Notes |
|---|---|---|
| FUNCTION_NAME | Name of the target Lambda function. It supports a single function name. | For example, test-function. |
| LAMBDA_FUNCTION_LAYER_ARN | Layer version that is identified by the unique ARN. | Default: arn:aws:lambda:us-east-2:99999999999:layer:l-2:1,arn:aws:lambda:us-east-2:99999999999:layer:chaos_layer:1. |
| REGION | Region name of the target Lambda function. | For example, us-east-2. |
Optional tunables
| Tunable | Description | Notes |
|---|---|---|
| TOTAL_CHAOS_DURATION | Duration that you specify, through which chaos is injected into the target resource (in seconds). | Default: 30 s. For more information, go to duration of the chaos. |
| AWS_SHARED_CREDENTIALS_FILE | Path to the AWS secret credentials. | Default: /tmp/cloud_config.yml. |
| CHAOS_INTERVAL | Time interval between two successive deletions of reserved concurrency (in seconds). | Default: 30 s. For more information, go to chaos interval. |
| RAMP_TIME | Period to wait before and after injecting chaos (in seconds). | For example, 30 s. For more information, go to ramp time. |