Harness Key Concepts

Quick Start Setup Guide

Checklist Builder

What's Harness?

How Does Harness Work?

Tour Harness Manager

Harness Architecture

Supported Technologies

Harness Editions

Migrating to Harness Community

Delegate Installation and Management

Delegate Connection Requirements

Delegate Server Requirements

Common Delegate Profile Scripts

Using the Helm Delegate

Connectors Overview

Add Artifact Servers

Add Cloud Providers

Add Source Repo Providers

Add Verification Providers

Add Collaboration Providers

Add Application Stacks

User Notifications and Alert Settings

Use Templates

Using Tags

Deployments Overview

AMI Deployments Overview

AMI Basic Deployment

AMI Canary Deployment

AMI Blue/Green Deployment

AMI Spotinst Elastigroup Deployment

ECS Deployments Overview

1 - Harness ECS Delegate

2 - ECS Connectors and Providers Setup

3 - ECS Services

4 - ECS Environments

5 - ECS Workflows

6 - ECS Blue/Green Workflows

7 - ECS Setup in YAML

8 - ECS Troubleshooting

Lambda Deployment Overview

1 - Delegate and Connectors for Lambda

2 - Services for Lambda

3 - Lambda Environments

4 - Lambda Workflows and Deployments

5 - Verifications and Troubleshooting

Build and Deploy Pipelines Overview

1 - Harness Account Setup

2 - Service and Artifact Source

3 - Build Workflow

4 - Environment

5 - Deploy Workflow

6 - Artifact Build and Deploy Pipelines

7 - Triggers

Azure Deployments Overview

1 - Harness Account Setup for Azure

2 - Service and Azure Artifact Source

3 - Azure Environment

4 - Azure Workflows and Deployments

5 - Azure Troubleshooting

Helm Deployments Overview

1 - Delegate, Providers, and Helm Setup

2 - Helm Services

3 - Helm Environments

4 - Helm Workflows and Deployments

5 - Helm Troubleshooting

IIS (.NET) Deployment Overview

1 - Delegate and Connectors for IIS

2 - Services for IIS (.NET)

3 - IIS Environments in AWS and Azure

4 - IIS Workflows and Pipelines

5 - Best Practices and Troubleshooting

Kubernetes Deployments Overview

1 - Harness Kubernetes Delegate

2 - Connectors and Providers Setup

3 - Kubernetes Services

4 - Kubernetes Environments

5 - Kubernetes Canary Workflows

6 - Kubernetes Blue/Green Workflows

7 - Kubernetes Rolling Update Workflows

8 - Kubernetes Workflow Commands

9 - Workflow Variable Expressions

10 - Traffic Management

11 - Versioning and Annotations

12 - Ingress Rules

13 - Troubleshooting Kubernetes

14 - Harness Kubernetes V2 Changes

Pivotal Cloud Foundry Overview

1 - Delegate and Connectors for PCF

2 - Services for PCF

3 - PCF Environments

4 - PCF Workflows and Deployments

Traditional Deployments Overview

1 - Delegate, Providers, and Connectors Setup

2 - Services for App Packages

3 - App Stacks and Default Variables

4 - Commands and Scripts

5 - Environments for Traditional Deployments

6 - Traditional Workflows and Deployments

Application Components

Services

Custom Artifact Source

Service Types and Artifact Sources

Add a Docker Artifact Source

Environments

Infrastructure Definitions

Migrating from Service Infrastructures to Infrastructure Definitions

Service Infrastructures

Workflows

Using the HTTP Command

Using the Shell Script Command

Using the Jenkins Command

Jira Integration

ServiceNow Integration

Passing Variables into Workflows and Pipelines from Triggers

Resource Restrictions

Using the Terraform Apply Command

Pipelines

Infrastructure Provisioners Overview

Terraform Provisioner

Shell Script Provisioner

CloudFormation Provisioner

Triggers

Approvals

JSON and XML Functors

Variables and Expressions in Harness

Configuration as Code

Harness YAML Code Reference

Harness GitOps

CV Summary and Provider Support

CV Strategies, Tuning, and Best Practices

24/7 Service Guard Overview

Set Up 24/7 Service Guard

AppDynamics Verification Overview

1 - AppDynamics Connection Setup

2 - 24/7 Service Guard for AppDynamics

3 - Verify Deployments with AppDynamics

Bugsnag Verification Overview

1 - Bugsnag Connection Setup

2 - 24/7 Service Guard for Bugsnag

3 - Verify Deployments with Bugsnag

CloudWatch Verification Overview

1 - CloudWatch Connection Setup

2 - 24/7 Service Guard for CloudWatch

3 - Verify Deployments with CloudWatch

Datadog Verification Overview

1 - Datadog Connection Setup

2 - 24/7 Service Guard for Datadog

3 - Verify Deployments with Datadog

Dynatrace Verification Overview

1 - Dynatrace Connection Setup

2 - 24/7 Service Guard for Dynatrace

3 - Verify Deployments with Dynatrace

Elasticsearch Verification Overview

1 - Elasticsearch Connection Setup

2 - 24/7 Service Guard for Elasticsearch

3 - Verify Deployments with Elasticsearch

4 - Troubleshooting Elasticsearch

New Relic Verification Overview

1 - New Relic Connection Setup

2 - 24/7 Service Guard for New Relic

3 - New Relic Deployment Marker

4 - Verify Deployments with New Relic

5 - Troubleshooting New Relic

Prometheus Verification Overview

1 - Prometheus Connection Setup

2 - 24/7 Service Guard for Prometheus

3 - Verify Deployments with Prometheus

Splunk Verification Overview

1 - Splunk Connection Setup

2 - 24/7 Service Guard for Splunk

3 - Verify Deployments with Splunk

Stackdriver Verification Overview

1- Stackdriver Connection Setup

2 - 24/7 Service Guard for Stackdriver

3 - Verify Deployments with Stackdriver

Sumo Logic Verification Overview

1 - Sumo Logic Connection Setup

2 - 24/7 Service Guard for Sumo Logic

3 - Verify Deployments with Sumo Logic

Custom Verification Overview

1 - Custom Verification Connection Setup

2 - Verify Deployments with Custom APMs

3 - Datadog as a Custom APM

Managing Users and Groups (RBAC)

Authentication Settings

SSO Provider Overview

Single Sign-On (SSO) with OAuth 2.0

Single Sign-On (SSO) with LDAP

Single Sign-On (SSO) with SAML

Two Factor Authentication

Secrets Management

Deployment Freeze

IP Whitelist Management

API Keys

Audit Trail

Main and Services Dashboards

Custom Dashboards

Harness API

Harness On-Prem Release Notes

On-Prem Overview

Kubernetes Connected On-Prem Setup

Docker Connected On-Prem Setup

Harness Disconnected On-Prem Setup

Harness Troubleshooting

Harness Kubernetes v1 FAQ

Customer Case Studies

Overview of Harness

Canary Deployment Video

Create an Application and Service Video

Create an Environment Video

Create a Workflow Video

Create a Pipeline Video

Create a Trigger Video

All Categories > Tutorials > AWS Lambda Deployments > 3 - Lambda Environments

3 - Lambda Environments

Updated 2 weeks ago by Michael Cretzman

Lambda Environment Summary
Create a New Harness Environment
Define the Infrastructure
Next Step

This topic shows you how to create an Environment that defines one or more deployment infrastructures for your Lambda Service. It covers:

Lambda Environment Summary

Once you've added a Lambda Service to your Application, you can define Environments where your Service can be deployed. Within an Environment, you specify the following in an Infrastructure Definition or Service Infrastructure:

The Lambda Service that contains your functions zip file and functions specs. (Set up in Lambda Services.)
A deployment type. In this case, Lambda.
The AWS Cloud Provider you set up in Connectors and Providers Setup.

An Environment can be a Dev, QA, Production, or other Environment. You can deploy one or many Services to each Environment by creating a Service Infrastructure in the Environment for each Service.

Create a New Harness Environment

The following procedure creates an Environment for the Lambda Service type, as set up in Lambda Services.

In your Harness Application, click Environments. The Environments page appears.
Click Add Environment. The Environment dialog appears.
In Name, enter a name that describes the deployment environment, for example, Lambda.
In Environment Type, select Non-Production.
Click SUBMIT. The new Environment page appears.

Define the Infrastructure

Next, you define one or more Service Infrastructures—or Infrastructure Definitions—for the Environment.

Infrastructure Definition is replacing Service Infrastructure as a more flexible method for defining your target infrastructure. Currently, Infrastructure Definition is behind a feature flag. Contact Harness Support to migrate to the Infrastructure Definition feature.

During the transition, we document both options:

Service Infrastructure
Infrastructure Definition

Service Infrastructure

To add a Service Infrastructure that defines the AWS VPC, subnets, and security groups to use for the Lambda deployment:

In the Harness Environment, click Add Service Infrastructure. The Service Infrastructure dialog appears.
In Service, select the Harness Lambda Service you created in Lambda Services.
In Cloud Provider, select the AWS Cloud Provider you added in Connectors and Providers Setup. The dialog will look something like this:
Click Next. The Configuration section appears.
The Configuration settings are similar to the --role and --vpc-config options in the aws lambda create-function command. For example:

$ aws lambda create-function --function-name ExampleApp-aws-lambda-Lambda-my-function \
--runtime nodejs8.10 --handler index.handler --zip-file lambda/function.zip \
--role execution-role-arn \
--vpc-config SubnetIds=comma-separated-vpc-subnet-ids,SecurityGroupIds=comma-separated-security-group-ids

Configure the following settings:
1. Already Provisioned/Dynamically Provisioned - If you have a Harness Infrastructure Provisioner configured, select Dynamically Provisioned, and select the provisioner. For more information, see Infrastructure Provisioners Overview. The setting below are for Already Provisioned.
2. IAM Role - The IAM role that AWS Lambda assumes when it executes your function.
3. Region - The AWS region where your function will be used.
4. VPC - The VPC the function will connect to in your account. You connect your function to the VPC to access private resources during execution. Lambda runs your function code securely within a VPC by default. However, to enable your Lambda function to access resources inside your private VPC, you must provide additional VPC-specific configuration information that includes private subnet IDs and security group IDs. AWS Lambda uses this information to set up elastic network interfaces (ENIs) that enable your function to connect securely to other resources within your private VPC. For more information and guidelines, see Configuring a Lambda Function to Access Resources in an Amazon VPC from AWS.
5. Subnets - The subnet IDs for the subnets in the VPC where the Lambda function will access resources. AWS recommends that you choose at least 2 subnets for Lambda to run your functions in high availability mode.
6. Security Groups - The security group ID(s) for the Lambda function. When you set a VPC for your function to access, your Lambda function loses default Internet access. If you require external Internet access for your function, make sure that your security group allows outbound connections and that your VPC has a NAT gateway.
When you are done, the dialog will look something like this:
Click SUBMIT. The new Service Infrastructure is added to the Harness environment.

That is all you have to do to set up the deployment Environment in Harness. Now you can create the deployment Workflow.

Infrastructure Definition

A Harness Infrastructure Definition defines the AWS VPC, subnets, and security groups to use for the Lambda deployment.

Currently, Infrastructure Definition is behind a feature flag. Contact Harness Support to migrate to the Infrastructure Definition feature.

To add the Infrastructure Definition:

In the Harness Environment, click Add Infrastructure Definition. The Infrastructure Definition dialog appears.
The Infrastructure Definition dialog appears.
Enter a Name that will identify this Infrastructure Definition when you add it to a Workflow.
In Cloud Provider Type, select Amazon Web Services.
In Deployment Type, select AWS Lambda. This expands the Infrastructure Definition dialog to look something like this:
Select Use Already Provisioned Infrastructure, and follow the Define a Provisioned Infrastructure steps below.

If you are using a configured Harness Infrastructure Provisioner, instead select Map Dynamically Provisioned Infrastructure, and then select the provisioner. The settings below are for Use Already Provisioned Infrastructure.

Define a Provisioned Infrastructure

The Infrastructure Definition dialog's lower section defines settings similar to the ‑‑role and ‑‑vpc-config options in the aws lambda create-function command. For example:

$ aws lambda create-function --function-name ExampleApp-aws-lambda-Lambda-my-function \
--runtime nodejs8.10 --handler index.handler --zip-file lambda/function.zip \
--role execution-role-arn \
--vpc-config SubnetIds=comma-separated-vpc-subnet-ids,SecurityGroupIds=comma-separated-security-group-ids

To fill out the Infrastructure Definition dialog's lower section:

In Cloud Provider, select the AWS Cloud Provider you added in Connectors and Providers Setup.

After your Cloud Provider selection, the remaining drop-down lists take a few seconds to populate. Later, some fields will again take a few seconds to repopulate based on your selections in other fields.

In IAM Role, select IAM role that AWS Lambda assumes when it executes your function.
In Region, select the AWS region where your function will be used.
In VPC, select the virtual private cloud to which the function will connect in your account.

You connect your function to the VPC to access private resources during execution. Lambda runs your function code securely within a VPC by default. However, to enable your Lambda function to access resources inside your private VPC, you must provide additional, VPC-specific configuration information that includes private subnet IDs and security group IDs. AWS Lambda uses this information to set up elastic network interfaces (ENIs) that enable your function to connect securely to other resources within your private VPC. For more information and guidelines, see Configuring a Lambda Function to Access Resources in an Amazon VPC from AWS.

In Subnets, select the subnet IDs for the subnets (within the VPC) where the Lambda function will access resources. AWS recommends that you choose at least two subnets for Lambda to run your functions in high availability mode.
In Security Groups, select the security group ID(s) for the Lambda function. When you set a VPC for your function to access, your Lambda function loses default Internet access. If you require external Internet access for your function, make sure that your security group allows outbound connections, and that your VPC has a NAT gateway.
Enable Scope to Specific Services, and use the adjacent drop-down to select the Harness Lambda Service you created in Lambda Services.

Scoping is a recommended step, to make this Infrastructure Definition available to any Workflow or Phase that uses your Lambda Service.

When you are done, the dialog will look something like this:

Click Submit. The new Infrastructure Definition is added to the Harness environment.

That is all you have to do to set up the deployment Environment in Harness. Now you can create the deployment Workflow.

Override Service Settings

Your Service Infrastructure can overwrite Service Config Variables, Config Files, and other settings. This enables you to maintain a Service's native settings, but change them when the Service is used with this Environment.

For more information, see Override a Service Configuration.

Next Step

4 - Lambda Workflows and Deployments

3 - Lambda Environments

Lambda Environment Summary

Create a New Harness Environment

Define the Infrastructure

Service Infrastructure

Infrastructure Definition

Define a Provisioned Infrastructure

Override Service Settings

Next Step

How did we do?

Related Articles Lambda Deployment Overview 4 - Lambda Workflows and Deployments 2 - Services for Lambda

Contact

Related Articles

Lambda Deployment Overview

4 - Lambda Workflows and Deployments

2 - Services for Lambda