3 - Lambda Environments

Updated 1 month ago by Michael Cretzman

This topic shows you how to create an Environment that defines one or more deployment infrastructures for your Lambda Service. It covers:

Lambda Environment Summary

Once you've added a Lambda Service to your Application, you can define Environments where your Service can be deployed. Within an Environment, you specify the following in an Infrastructure Definition or Service Infrastructure:

An Environment can be a Dev, QA, Production, or other Environment. You can deploy one or many Services to each Environment by creating a Service Infrastructure in the Environment for each Service.

Create a New Harness Environment

The following procedure creates an Environment for the Lambda Service type, as set up in Lambda Services.

  1. In your Harness Application, click Environments. The Environments page appears.
  2. Click Add Environment. The Environment dialog appears.
  3. In Name, enter a name that describes the deployment environment, for example, Lambda.
  4. In Environment Type, select Non-Production.
  5. Click SUBMIT. The new Environment page appears.

Define the Infrastructure

Next, you define one or more Service Infrastructures—or Infrastructure Definitions—for the Environment.

Infrastructure Definition is replacing Service Infrastructure as a more flexible method for defining your target infrastructure. Currently, Infrastructure Definition is behind a feature flag. Contact Harness Support to migrate to the Infrastructure Definition feature.

During the transition, we document both options:

Service Infrastructure

To add a Service Infrastructure that defines the AWS VPC, subnets, and security groups to use for the Lambda deployment:

  1. In the Harness Environment, click Add Service Infrastructure. The Service Infrastructure dialog appears.
  2. In Service, select the Harness Lambda Service you created in Lambda Services.
  3. In Cloud Provider, select the AWS Cloud Provider you added in Connectors and Providers Setup. The dialog will look something like this:
  4. Click Next. The Configuration section appears.
    The Configuration settings are similar to the --role and --vpc-config options in the aws lambda create-function command. For example:
$ aws lambda create-function --function-name ExampleApp-aws-lambda-Lambda-my-function \
--runtime nodejs8.10 --handler index.handler --zip-file lambda/function.zip \
--role execution-role-arn \
--vpc-config SubnetIds=comma-separated-vpc-subnet-ids,SecurityGroupIds=comma-separated-security-group-ids
  1. Configure the following settings:
    1. Already Provisioned/Dynamically Provisioned - If you have a Harness Infrastructure Provisioner configured, select Dynamically Provisioned, and select the provisioner. For more information, see Infrastructure Provisioners Overview. The setting below are for Already Provisioned.
    2. IAM Role - The IAM role that AWS Lambda assumes when it executes your function.
    3. Region - The AWS region where your function will be used.
    4. VPC - The VPC the function will connect to in your account. You connect your function to the VPC to access private resources during execution. Lambda runs your function code securely within a VPC by default. However, to enable your Lambda function to access resources inside your private VPC, you must provide additional VPC-specific configuration information that includes private subnet IDs and security group IDs. AWS Lambda uses this information to set up elastic network interfaces (ENIs) that enable your function to connect securely to other resources within your private VPC. For more information and guidelines, see Configuring a Lambda Function to Access Resources in an Amazon VPC from AWS.
    5. Subnets - The subnet IDs for the subnets in the VPC where the Lambda function will access resources. AWS recommends that you choose at least 2 subnets for Lambda to run your functions in high availability mode.
    6. Security Groups - The security group ID(s) for the Lambda function. When you set a VPC for your function to access, your Lambda function loses default Internet access. If you require external Internet access for your function, make sure that your security group allows outbound connections and that your VPC has a NAT gateway.
  2. When you are done, the dialog will look something like this:
  3. Click SUBMIT. The new Service Infrastructure is added to the Harness environment.

That is all you have to do to set up the deployment Environment in Harness. Now you can create the deployment Workflow.

Infrastructure Definition

A Harness Infrastructure Definition defines the AWS VPC, subnets, and security groups to use for the Lambda deployment.

Currently, Infrastructure Definition is behind a feature flag. Contact Harness Support to migrate to the Infrastructure Definition feature.

To add the Infrastructure Definition:

  1. In the Harness Environment, click Add Infrastructure Definition. The Infrastructure Definition dialog appears.
    The Infrastructure Definition dialog appears.
  2. Enter a Name that will identify this Infrastructure Definition when you add it to a Workflow.
  3. In Cloud Provider Type, select Amazon Web Services.
  4. In Deployment Type, select AWS Lambda. This expands the Infrastructure Definition dialog to look something like this:
  5. Select Use Already Provisioned Infrastructure, and follow the Define a Provisioned Infrastructure steps below.
If you are using a configured Harness Infrastructure Provisioner, instead select Map Dynamically Provisioned Infrastructure, and then select the provisioner. The settings below are for Use Already Provisioned Infrastructure.

Define a Provisioned Infrastructure

The Infrastructure Definition dialog's lower section defines settings similar to the ‑‑role and ‑‑vpc-config options in the aws lambda create-function command. For example:

$ aws lambda create-function --function-name ExampleApp-aws-lambda-Lambda-my-function \
--runtime nodejs8.10 --handler index.handler --zip-file lambda/function.zip \
--role execution-role-arn \
--vpc-config SubnetIds=comma-separated-vpc-subnet-ids,SecurityGroupIds=comma-separated-security-group-ids

To fill out the Infrastructure Definition dialog's lower section:

  1. In Cloud Provider, select the AWS Cloud Provider you added in Connectors and Providers Setup.
After your Cloud Provider selection, the remaining drop-down lists take a few seconds to populate. Later, some fields will again take a few seconds to repopulate based on your selections in other fields.
  1. In IAM Role, select IAM role that AWS Lambda assumes when it executes your function.
  2. In Region, select the AWS region where your function will be used.
  3. In VPC, select the virtual private cloud to which the function will connect in your account.
You connect your function to the VPC to access private resources during execution. Lambda runs your function code securely within a VPC by default. However, to enable your Lambda function to access resources inside your private VPC, you must provide additional, VPC-specific configuration information that includes private subnet IDs and security group IDs. AWS Lambda uses this information to set up elastic network interfaces (ENIs) that enable your function to connect securely to other resources within your private VPC. For more information and guidelines, see Configuring a Lambda Function to Access Resources in an Amazon VPC from AWS.
  1. In Subnets, select the subnet IDs for the subnets (within the VPC) where the Lambda function will access resources. AWS recommends that you choose at least two subnets for Lambda to run your functions in high availability mode.
  2. In Security Groups, select the security group ID(s) for the Lambda function. When you set a VPC for your function to access, your Lambda function loses default Internet access. If you require external Internet access for your function, make sure that your security group allows outbound connections, and that your VPC has a NAT gateway.
  3. Enable Scope to Specific Services, and use the adjacent drop-down to select the Harness Lambda Service you created in Lambda Services.
Scoping is a recommended step, to make this Infrastructure Definition available to any Workflow or Phase that uses your Lambda Service.

When you are done, the dialog will look something like this:

  1. Click Submit. The new Infrastructure Definition is added to the Harness environment.

That is all you have to do to set up the deployment Environment in Harness. Now you can create the deployment Workflow.

Override Service Settings

Your Service Infrastructure can overwrite Service Config Variables, Config Files, and other settings. This enables you to maintain a Service's native settings, but change them when the Service is used with this Environment.

For more information, see Override a Service Configuration.

Next Step

How did we do?