# 使用基础设施即代码部署 Lambda 持久性函数
您可以使用基础设施即代码(IaC)工具(例如 AWS CloudFormation、AWS CDK、AWS Serverless Application Model 或 Terraform)部署 Lambda 持久性函数。这些工具允许您通过代码来定义函数、执行角色以及权限,从而使得部署过程可重复且能够进行版本控制。
这三种工具都要求您:
+ 对函数启用持久执行
+ 授予对执行角色的检查点权限
+ 发布版本或创建别名(持久性函数需要限定的 ARN)
## 来自 ZIP 的持久性函数
### AWS CloudFormation
使用 CloudFormation 在模板中定义您的持久性函数。以下示例创建了具有所需权限的持久性函数。
```
AWSTemplateFormatVersion: '2010-09-09'
Description: Lambda durable function example
Resources:
DurableFunctionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicDurableExecutionRolePolicy
DurableFunction:
Type: AWS::Lambda::Function
Properties:
FunctionName: myDurableFunction
Runtime: nodejs22.x
Handler: index.handler
Role: !GetAtt DurableFunctionRole.Arn
Code:
ZipFile: |
// Your durable function code here
export const handler = async (event, context) => {
return { statusCode: 200 };
};
DurableConfig:
ExecutionTimeout: 3600
RetentionPeriodInDays: 7
DurableFunctionVersion:
Type: AWS::Lambda::Version
Properties:
FunctionName: !Ref DurableFunction
Description: Initial version
DurableFunctionAlias:
Type: AWS::Lambda::Alias
Properties:
FunctionName: !Ref DurableFunction
FunctionVersion: !GetAtt DurableFunctionVersion.Version
Name: prod
Outputs:
FunctionArn:
Description: Durable function ARN
Value: !GetAtt DurableFunction.Arn
AliasArn:
Description: Function alias ARN (use this for invocations)
Value: !Ref DurableFunctionAlias
```
**部署模板**
```
aws cloudformation deploy \
--template-file template.yaml \
--stack-name my-durable-function-stack \
--capabilities CAPABILITY_IAM
```
### AWS CDK
AWS CDK 使您能够使用编程语言定义基础设施。以下示例演示如何使用 TypeScript 和 Python 创建持久性函数。
------
#### [ TypeScript ]
```
import * as cdk from 'aws-cdk-lib';
import * as lambda from 'aws-cdk-lib/aws-lambda';
import * as iam from 'aws-cdk-lib/aws-iam';
import { Construct } from 'constructs';
export class DurableFunctionStack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
// Create the durable function
const durableFunction = new lambda.Function(this, 'DurableFunction', {
runtime: lambda.Runtime.NODEJS_22_X,
handler: 'index.handler',
code: lambda.Code.fromAsset('lambda'),
functionName: 'myDurableFunction',
durableConfig: { executionTimeout: Duration.hours(1), retentionPeriod: Duration.days(30) },
});
// Create version and alias
const version = durableFunction.currentVersion;
const alias = new lambda.Alias(this, 'ProdAlias', {
aliasName: 'prod',
version: version,
});
// Output the alias ARN
new cdk.CfnOutput(this, 'FunctionAliasArn', {
value: alias.functionArn,
description: 'Use this ARN to invoke the durable function',
});
}
}
```
------
#### [ Python ]
```
from aws_cdk import (
Stack,
aws_lambda as lambda_,
aws_iam as iam,
CfnOutput,
)
from constructs import Construct
class DurableFunctionStack(Stack):
def __init__(self, scope: Construct, id: str, **kwargs):
super().__init__(scope, id, **kwargs)
# Create the durable function
durable_function = lambda_.Function(
self, 'DurableFunction',
runtime=lambda_.Runtime.NODEJS_22_X,
handler='index.handler',
code=lambda_.Code.from_asset('lambda'),
function_name='myDurableFunction',
durable_execution={execution_timeout: Duration.hours(1), retention_period: Duration.days(30)}
)
# Add durable execution managed policy for checkpoint permissions
durable_function.role.add_managed_policy(
iam.ManagedPolicy.from_aws_managed_policy_name('service-role/AWSLambdaBasicDurableExecutionRolePolicy')
)
# Create version and alias
version = durable_function.current_version
alias = lambda_.Alias(
self, 'ProdAlias',
alias_name='prod',
version=version
)
# Output the alias ARN
CfnOutput(
self, 'FunctionAliasArn',
value=alias.function_arn,
description='Use this ARN to invoke the durable function'
)
```
------
**要部署 CDK 堆栈**
```
cdk deploy
```
### AWS Serverless Application Model
AWS SAM 简化了无服务器应用程序的 CloudFormation 模板。以下模板使用 AWS SAM 创建了一个持久性函数。
```
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Lambda durable function with SAM
Resources:
DurableFunction:
Type: AWS::Serverless::Function
Properties:
FunctionName: myDurableFunction
Runtime: nodejs22.x
Handler: index.handler
CodeUri: ./src
DurableConfig:
ExecutionTimeout: 3600
RetentionPeriodInDays: 7
Policies:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicDurableExecutionRolePolicy
AutoPublishAlias: prod
Outputs:
FunctionArn:
Description: Durable function ARN
Value: !GetAtt DurableFunction.Arn
AliasArn:
Description: Function alias ARN (use this for invocations)
Value: !Ref DurableFunction.Alias
```
**要部署 SAM 模板**
```
sam build
sam deploy --guided
```
### Terraform
Terraform 是一款支持 AWS 资源的流行开源 IaC 工具。以下示例使用 AWS 提供程序版本 6.25.0 或更高版本通过 Terraform 创建持久性函数。
```
terraform {
required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 6.25.0"
}
}
}
provider "aws" {
region = "us-east-2"
}
# IAM Role for Lambda Function
resource "aws_iam_role" "lambda_role" {
name = "durable-function-role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "lambda.amazonaws.com"
}
}]
})
}
# Attach durable execution policy for checkpoint operations
resource "aws_iam_role_policy_attachment" "lambda_durable" {
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicDurableExecutionRolePolicy"
role = aws_iam_role.lambda_role.name
}
# Lambda Function with Durable Execution enabled
resource "aws_lambda_function" "durable_function" {
filename = "function.zip"
function_name = "myDurableFunction"
role = aws_iam_role.lambda_role.arn
handler = "index.handler"
runtime = "nodejs22.x"
timeout = 30
memory_size = 512
durable_config {
execution_timeout = 900
retention_period = 7
}
}
# Publish a version
resource "aws_lambda_alias" "prod" {
name = "prod"
function_name = aws_lambda_function.durable_function.function_name
function_version = aws_lambda_function.durable_function.version
}
output "function_arn" {
description = "ARN of the Lambda function"
value = aws_lambda_function.durable_function.arn
}
output "alias_arn" {
description = "ARN of the function alias (use this for invocations)"
value = aws_lambda_alias.prod.arn
}
```
**使用 Terraform 进行部署**
```
terraform init
terraform plan
terraform apply
```
**注意**
Terraform 对 Lambda 持久性函数的支持需要 AWS 提供程序版本 6.25.0 或更高版本。如果使用的是较旧版本,请更新提供程序版本。
## 来自 OCI 容器映像的持久性函数
您还可以基于容器映像创建持久性函数。有关如何构建容器映像的说明,请参阅[持久性函数支持的运行时](durable-supported-runtimes.md)。
### AWS CDK
AWS CDK 使您能够使用编程语言定义基础设施。以下示例演示如何使用 TypeScript 从容器映像创建持久性函数。
```
import * as cdk from 'aws-cdk-lib';
import * as lambda from 'aws-cdk-lib/aws-lambda';
import * as iam from 'aws-cdk-lib/aws-iam';
import { Construct } from 'constructs';
export class DurableFunctionStack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
// Create the durable function
const durableFunction = new lambda.DockerImageFunction(this, 'DurableFunction', {
code: lambda.DockerImageCode.fromImageAsset('./lambda', {
platform: cdk.aws_ecr_assets.Platform.LINUX_AMD64,
}),
functionName: 'myDurableFunction',
memorySize: 512,
timeout: cdk.Duration.seconds(30),
durableConfig: { executionTimeout: cdk.Duration.hours(1), retentionPeriod: cdk.Duration.days(30) },
});
// Create version and alias
const version = durableFunction.currentVersion;
const alias = new lambda.Alias(this, 'ProdAlias', {
aliasName: 'prod',
version: version,
});
// Output the alias ARN
new cdk.CfnOutput(this, 'FunctionAliasArn', {
value: alias.functionArn,
description: 'Use this ARN to invoke the durable function',
});
}
}
```
**要部署 CDK 堆栈**
```
cdk deploy
```
### AWS Serverless Application Model
AWS SAM 简化了无服务器应用程序的 CloudFormation 模板。以下模板使用 AWS SAM 创建了一个持久性函数。
```
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Lambda durable function with SAM
Resources:
DurableFunction:
Type: AWS::Serverless::Function
Properties:
FunctionName: myDurableFunction
PackageType: Image
ImageUri: ./src
DurableConfig:
ExecutionTimeout: 3600
RetentionPeriodInDays: 7
Policies:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicDurableExecutionRolePolicy
AutoPublishAlias: prod
Metadata:
DockerTag: latest
DockerContext: ./src
Dockerfile: Dockerfile
Outputs:
FunctionArn:
Description: Durable function ARN
Value: !GetAtt DurableFunction.Arn
AliasArn:
Description: Function alias ARN (use this for invocations)
Value: !Ref DurableFunction.Alias
```
**要部署 SAM 模板**
```
sam build
sam deploy --guided
```
## 常见配置模式
无论您使用哪种 IaC 工具,都要遵循持久性函数的以下模式:
**启用持久执行**
对函数设置 `DurableConfig` 属性以启用持久执行。只有当创建函数时,此属性才可用。您无法对现有函数启用持久执行。
**授予检查点权限**
将 `AWSLambdaBasicDurableExecutionRolePolicy` 托管式策略附加到执行角色。此策略包括必需的 `lambda:CheckpointDurableExecutions` 和 `lambda:GetDurableExecutionState` 权限。
**使用限定的 ARN**
为您的函数创建版本或别名。持久性函数需要使用限定的 ARN(带有版本或别名)才能调用。在 AWS SAM 中使用 `AutoPublishAlias` 或者在 CloudFormation、AWS CDK 和 Terraform 中创建显式版本。
**软件包依赖项**
在您的部署包中包含持久执行 SDK。对于 Node.js,请安装 `@aws/durable-execution-sdk-js`。对于 Python,请安装 `aws-durable-execution-sdk-python`。
## 后续步骤
部署您的持久性函数后:
+ 使用限定的 ARN(版本或别名)测试您的函数
+ 在 Lambda 控制台的“持久执行”选项卡下监控执行进度
+ 查看 AWS CloudTrail 数据事件中的检查点操作
+ 查看 CloudWatch Logs 以了解函数输出和重放行为
有关使用 IaC 工具部署 Lambda 函数的更多信息,请参阅:
+ [CloudFormation AWS::Lambda::Function 参考](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html)
+ [AWS CDK Lambda 模块文档](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_lambda-readme.html)
+ [AWS SAM 开发人员指南](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/what-is-sam.html)