Skip to content

ci: make lambda layer publication resilient to AWS regions failure #2658

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
xrmx merged 1 commit into from
May 25, 2026
+24 −6
Merged

ci: make lambda layer publication resilient to AWS regions failure #2658

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 24 additions & 6 deletions .ci/publish-aws.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,18 @@ ALL_AWS_REGIONS=$(aws ec2 describe-regions --output json --no-cli-pager | jq -r
rm -rf "${AWS_FOLDER}"
mkdir -p "${AWS_FOLDER}"

failed_regions=()

# Delete previous layers
for region in $ALL_AWS_REGIONS; do
layer_versions=$(aws lambda list-layer-versions --region="${region}" --layer-name="${ELASTIC_LAYER_NAME}" | jq '.LayerVersions[].Version')
layer_versions=$(aws --cli-connect-timeout 30 lambda list-layer-versions --region="${region}" --layer-name="${ELASTIC_LAYER_NAME}" | jq '.LayerVersions[].Version') || {
echo "WARNING: Could not list layer versions in ${region}, skipping deletion"
continue
}
echo "Found layer versions for ${FULL_LAYER_NAME} in ${region}: ${layer_versions:-none}"
for version_number in $layer_versions; do
echo "- Deleting ${FULL_LAYER_NAME}:${version_number} in ${region}"
aws lambda delete-layer-version \
aws --cli-connect-timeout 30 lambda delete-layer-version \
--region="${region}" \
--layer-name="${FULL_LAYER_NAME}" \
--version-number="${version_number}"
Expand All @@ -39,28 +44,41 @@ zip_file="./build/dist/elastic-apm-python-lambda-layer.zip"

for region in $ALL_AWS_REGIONS; do
echo "Publish ${FULL_LAYER_NAME} in ${region}"
publish_output=$(aws lambda \
if ! publish_output=$(aws --cli-connect-timeout 30 lambda \
--output json \
publish-layer-version \
--region="${region}" \
--layer-name="${FULL_LAYER_NAME}" \
--description="AWS Lambda Extension Layer for the Elastic APM Python Agent" \
--license-info="BSD-3-Clause" \
--compatible-runtimes python3.6 python3.7 python3.8 python3.9 python3.10 python3.11 python3.12 python3.13\
--zip-file="fileb://${zip_file}")
--zip-file="fileb://${zip_file}"); then
echo "WARNING: Failed to publish to ${region}"
failed_regions+=("${region}")
continue
fi
echo "${publish_output}" > "${AWS_FOLDER}/${region}"
layer_version=$(echo "${publish_output}" | jq '.Version')
echo "Grant public layer access ${FULL_LAYER_NAME}:${layer_version} in ${region}"
grant_access_output=$(aws lambda \
if ! grant_access_output=$(aws --cli-connect-timeout 30 lambda \
--output json \
add-layer-version-permission \
--region="${region}" \
--layer-name="${FULL_LAYER_NAME}" \
--action="lambda:GetLayerVersion" \
--principal='*' \
--statement-id="${FULL_LAYER_NAME}" \
--version-number="${layer_version}")
--version-number="${layer_version}"); then
echo "WARNING: Failed to grant public access in ${region}"
failed_regions+=("${region}")
continue
fi
echo "${grant_access_output}" > "${AWS_FOLDER}/.${region}-public"
done

sh -c "./.ci/create-arn-table.sh"

if [ ${#failed_regions[@]} -gt 0 ]; then
echo "WARNING: Failed to publish to the following regions: ${failed_regions[*]}"
echo "WARNING: The layer is not available in those regions. Please publish manually or investigate connectivity."
fi
Loading