Python lambda
  • 20 Nov 2024
  • 5 Minutes to read
  • Dark
    Light
  • PDF

Python lambda

  • Dark
    Light
  • PDF

Article summary

Traceable offers a seamless tracing solution for Python-based AWS Lambda functions, enabling you to effectively monitor and secure serverless environments. The integration process involves deploying the Traceable Python and Traceable Collector layers within your Lambda function. These layers work together to capture telemetry data, process it, and send it to the Traceable SaaS platform for advanced observability insights via the Traceable platform agent.

This documentation provides a step-by-step guide to deploying, configuring, verifying, and managing the Traceable layers for Python Lambda functions. It also includes troubleshooting, upgrading, and uninstalling instructions to support your deployment lifecycle.

Flow Overview:

  • Requests flow through AWS API Gateway to the Lambda Function.

  • Within the Lambda function, the Traceable Python Layer captures telemetry data, which the Traceable Collector Layer processes.

  • Data is forwarded to the Platform Agent, which sends it to Traceable.ai (SaaS) for actionable observability insights.

Note:

Traceable's Python lambda currently supports only the observability features.


Before you begin

Make a note of the following points before you begin installation and configuration:

  • Make sure that you have installed and configured Traceable Platform agent. For more information, see Platform agent.

  • Make a note of the Traceable Platform agent IP address. It will be used in step 3 during configuration of layers.

  • Make sure that the port number 4318 is available.

  • The supported python versions are 3.6, 3.7, 3.8, and 3.9

  • Make sure that you have an AWS account.


Step 1 – Deploy a lambda

To deploy a lambda, you should first find or create a python 3.6, 3.7, 3.8, or 3.9 lambda. Make sure that you increase your lambda timeout settings. The default timeout value is 3 seconds. Make a note of the following points:

  • An API gateway must be on the frontend of the lambda.

  • The lambda must be using x86_64 architecture. Arm64 is currently not supported.


Step 2 – Add the layers

In step 2, you need to add two layers of Traceable python and Traceable collector. Complete the following steps to add the layers:

  1. Log into your AWS account.

  2. Search for Lambda from the search bar.

  3. Navigate to Functions from the Lambda page and click on the function name that you want to choose.

  4. Click on the function name. The function page is displayed.

  5. Click on Layers from the function page.

  6. Click on Add a layer from the Layers section.

  7. Click on the Specify an ARN radio button. Enter the ARNs mentioned below for Python and Traceable collector layers.

    • Python ARN – ⁣arn:aws:lambda:<aws-region>:031394183954:layer:traceableai-python3X:1. Replace X in the ARN with your python version.

    • Collector ARN – ⁣arn:aws:lambda:<aws-region>:031394183954:layer:traceableai-collector:5

Before proceeding to configuring layers, make sure that Lambda has the following:

  • traceableai-python3X

  • traceableai-collector

Also, based on the following table, make a note of the mapping of the Python version and lambda layer:

Python version

Latest layer version

3.6

9

3.7

10

3.8

10

3.9

11

3.10

3

3.11

1

3.12

1

Supported AWS regions

The following is a list of supported AWS regions:

  • us-east-1 and us-east-2

  • us-west-1 and us-west-2

  • ap-northeast-1, ap-northeast-2, and ap-northeast-3"

  • ap-south-1

  • ap-southeast-1 and ap-southeast-2

  • ca-central-1

  • eu-central-1

  • eu-north-1

  • eu-west-1, eu-west-2, and eu-west-3

  • sa-east-1

Python Lambda based on a container image

If you have a Python Lambda based on a container image, you can add layers to it by modifying the docker file. You can add the layers to the docker image as shown below:

ARG AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-"..."}
ARG AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:-"...}
ARG AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:-"..."}
ARG AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN:-"..."}

ENV AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION}
ENV AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
ENV AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
ENV AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}
ENV AWS_LAMBDA_EXEC_WRAPPER=/opt/traceableai-instrument

RUN yum install aws-cli curl unzip -y
RUN mkdir -p /opt

RUN curl $(aws lambda get-layer-version-by-arn --arn arn:aws:lambda:us-east-1:031394183954:layer:traceableai-python39:1 --region us-east-1 --query 'Content.Location' --output text) --output layer.zip

RUN unzip layer.zip -d /opt

RUN rm layer.zip


RUN curl $(aws lambda get-layer-version-by-arn --arn arn:aws:lambda:us-east-1:031394183954:layer:traceableai-collector:1 --region us-east-1 --query 'Content.Location' --output text) --output layer.zip

RUN unzip layer.zip -d /opt

RUN rm layer.zip

RUN chmod 755 -fR /opt/extensions

In the above snippet:

  • The ARG command is used to set build-time variables in a Dockerfile. These variables can be passed as arguments to the docker build command, allowing the values to be changed without modifying the Dockerfile. So, the ARGlines in the code are defining the following environment variables, with default values:

    • AWS_DEFAULT_REGION

    • AWS_ACCESS_KEY_ID

    • AWS_SECRET_ACCESS_KEY

    • AWS_SESSION_TOKEN

  • The ENV command is used to set environment variables in the environment of a running Docker container

  • The command – ⁣RUN curl $(aws lambda get-layer-version-by-arn --arn arn:aws:lambda:us-east-1:031394183954:layer:traceableai-python39:1 --region us-east-1 --query 'Content.Location' --output text) --output layer.zip does the following:

    • aws lambda get-layer-version-by-arn is a command from the AWS CLI, which retrieves information about a specific version of an AWS Lambda layer.

    • --arn arn:aws:lambda:us-east-1:031394183954:layer:traceableai-python39:1 specifies the ARN (Amazon Resource Name) of the layer version to retrieve.

    • --region us-east-1 specifies the AWS region where the layer version is located.

    • --query 'Content.Location' specifies which piece of information to retrieve from the layer version. In this case, the Content.Location field is the URL where the layer can be downloaded from.

    • --output text specifies that the output should be in plain text format.

    • curl is used to download the layer from the URL retrieved by the aws lambda get-layer-version-by-arn command.

    • --output layer.zip specifies that the downloaded layer should be saved to a file named layer.zip.
      So, this line of code downloads the specified AWS Lambda layer to a file named layer.zip.

The description of the next command is similar to the one mentioned above.


Step 3 – Configure layers

Configuring layers is different for Python 3.6 and 3.7 than configuring layers for Python 3.8 and 3.9. Make a note of the following points before configuring layers:

  • Configure TPA_ENDPOINT: http://<insert_your_tpa_ip>:4318 as an environment variable; tpa is the Traceable Platform agent IP address that you noted in the Before you begin section.

  • Make sure that the port number is 4318. This is important to connect to the Traceable Platform agent OTLP HTTP endpoint.

Depending on your Python versions, follow the steps from one of the following two sections:

Configure Python 3.6 and 3.7 layers

Complete the following steps to configure layers for Python 3.6 and 3.7:

  1. Add an environment variable ORIG_HANDLER. Set the value of the environment variable to your current lambda function handler function module path. You can view the current handler value in lambda in the Code tab. In the current example, the value of the ORIG_HANDLER would be ORIG_HANDLER=lambda_function.lambda_handler.

  2. Update the defined handler value marked in the box above with a new value, traceableai_wrapper.lambda_handler.

Configure Python 3.8 and 3.9 layers

To configure Python 3.8 and 3.9 layers, set AWS_LAMBDA_EXEC_WRAPPER: /opt/traceableai-instrument the environment variable on the lambda. This instructs the lambda to invoke Traceable's wrapper script instead of the default lambda handler. Traceable, in turn, invokes your original handler.


Verification

To verify a successful configuration of python lambda, invoke the lambda function by sending traffic through the API gateway endpoint. Login to Traceable platform and check whether the service and associated traces and spans are displayed.


Troubleshooting

Following are a few troubleshooting tips for the python lambda deployment:

Problem

Troubleshooting tip

No data is reported

Set the TA_LOG_LEVEL=DEBUG environment variable in the lambda. Re-invoke the lambda and view the logs in cloudwatch for any errors that could help to determine the root cause.

The response body is not captured

Check if the lambda returns a “Content-Type” header, that is set to a value including: application/json. If not, then update the lambda to return a content-type header.

The request body is not captured

Check if the incoming request is sending a “Content-Type” header, that is set to a value including: application/json? If not, then update the request to include a content-type header.

The status code is not reported

Check whether the lambda returns a statusCode field to indicate the HTTP status code?


If not, then update the lambda to return a statusCode field.



Was this article helpful?