Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue32/event source concurrency #34

Merged
merged 5 commits into from
Nov 22, 2023
Merged

Issue32/event source concurrency #34

merged 5 commits into from
Nov 22, 2023

Conversation

chuckwondo
Copy link
Collaborator

@chuckwondo chuckwondo commented Nov 15, 2023
edited
Loading

What I am changing

  • How we manage concurrency on our downloader lambda function to avoid throttling issues
  • Broken integration test stack deployment
  • A broken integration test
  • Addressing several dependabot security alerts

How I did it

I removed reserved concurrency on the downloader lambda in the CDK stack, and replaced it with maximum concurrency on invocation from an SQS event source, as described in Introducing maximum concurrency of AWS Lambda functions when using Amazon SQS as an event source

To fix the broken integration test stack deployment, I had to restore the previously removed Pipfile from the db layer. We should address comprehensive replacement of pipenv in an isolated issue to avoid having partial replacement causing odd interactions, such as the one that broke integration test stack deployment.

To fix the broken integration test, I updated the test to match the latest Copernicus API URL syntax.

To address the following dependabot security alerts, I upgraded requests, pytest, pytest-cov, and pytest-docker:

  • Unintended leak of Proxy-Authorization header in requests
  • ReDoS in py library when used with subversion

Although we don't use subversion, I took the opportunity to upgrade pytest and friends to their latest versions.

How you can test it

CRITICAL: Due to how the CDK manages resources, before deploying the changes in this PR, you must first manually remove the existing event source trigger on the downloader lambda function. Otherwise, deployment will fail, indicating that you are attempting to create a trigger between the lambda and the queue, but such a trigger already exists. (See aws/aws-cdk#18706)

Specifically, before deploying, you should do the following:

  • Create a snapshot of the DB, just in case the minor version bump goes awry (Aurora Postgres 11.15 is no longer available for new deployments)

  • Remove the existing trigger via the AWS Console as follows:

    1. Navigate to the downloader lambda function that is specific to the stack that you intend to redeploy
    2. Below the lambda function diagram, select the Configuration tab along the horizontal set of tabs
    3. From the vertical tabs on the left, select the Triggers tab
    4. Check the checkbox to the left of the only trigger that should be listed
    5. Click the Delete button to the upper right of the list of triggers

Once the existing trigger is deleted, you should be able to deploy the new code, which will recreate the trigger, and will set the trigger's maximum concurrency to 14:

image

@chuckwondo
Fix deploy-integration and integration-tests
0cf62e1
@chuckwondo
Set event source mapping max concurrency
306dcaa
@chuckwondo
Upgrade requests to 2.31.0
170bbdd 
Address dependabot alert, Unintended leak of Proxy-Authorization header
in requests, by upgrading requests to 2.31.0.
@chuckwondo
Upgrade pytest and plugins
bb7c48e 
Address dependabot alert: ReDoS in py library when used with subversion.

Although we do not use subversion, this alert served as a good prompt to
upgrade our pytest dependencies to their latest versions.
@chuckwondo chuckwondo mentioned this pull request Nov 15, 2023
Closed
@chuckwondo
Bump minor version of Aurora Postgres to 11.21
d704576 
Version 11.15 is no longer available for new deployments, resulting in
the following error during deployment: "Cannot find version 11.15 for
aurora-postgresql"
sharkinsspatial
sharkinsspatial reviewed Nov 20, 2023
View reviewed changes
cdk/downloader_stack.py
@@ -80,7 +79,7 @@ def __init__(
self,
id=f"{identifier}-downloader-rds",
engine=aws_rds.DatabaseClusterEngine.aurora_postgres(
version=aws_rds.AuroraPostgresEngineVersion.VER_11_15
version=aws_rds.AuroraPostgresEngineVersion.of("11.21", "11")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@chuckwondo Will this trigger an upgrade of our Postgres engine version on upgrade?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's definitely a good question. Since it's a minor version bump, that shouldn't be a problem, particularly since the system is not continually running, as long as deployment occurs after the daily cron job completes, so there's no DB activity during deployment.

However, I suggest adding 1 additional step prior to deployment: create a DB snapshot after the cron job finishes.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I updated the steps in the PR comment to include taking a DB snapshot.

@sharkinsspatial sharkinsspatial merged commit 21a1283 into main Nov 22, 2023
3 checks passed
@sharkinsspatial sharkinsspatial deleted the issue32/event-source-concurrency branch November 22, 2023 19:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sharkinsspatial sharkinsspatial sharkinsspatial approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@chuckwondo @sharkinsspatial