AWS CDK Asset AWS CLI v1

Warnings

• gotcha This package specifically provides AWS CLI v1. If you require AWS CLI v2, you MUST use the `aws-cdk-asset-awscli-v2` package instead. Mixing versions or mistakenly assuming v2 can lead to unexpected behavior or missing features.
  Fix: Verify the required AWS CLI version. If v2 is needed, install `aws-cdk-asset-awscli-v2` and import `AwsCliLayer` from there.
• gotcha The AWS CLI layer is substantial in size (around 50MB unzipped). This can contribute to increased Lambda cold start times and potentially push your deployment package size close to Lambda limits. Only include it if truly necessary.
  Fix: Evaluate if a custom layer with only the specific tools or subset of AWS CLI commands you need could be more efficient. Benchmark cold start times in your application.
• gotcha This asset package has specific Python runtime requirements (e.g., `~=3.9` as per PyPI). Using a Lambda function with an incompatible Python runtime (e.g., Python 3.7 or Python 3.12 if not supported) may lead to runtime errors when the CLI attempts to execute.
  Fix: Ensure your Lambda function's runtime (`lambda_.Runtime.PYTHON_X_Y`) matches the `requires_python` specification of the installed `aws-cdk-asset-awscli-v1` version.

Install

• pip install aws-cdk-asset-awscli-v1 aws-cdk-lib Install library and AWS CDK

Imports

• AwsCliLayer

  from aws_cdk_asset_awscli_v1 import AwsCliLayer

  The `AwsCliLayer` from this package is a separate asset construct, not directly part of `aws-cdk-lib`'s core `aws_lambda` module.

Quickstart

This quickstart demonstrates how to create an `AwsCliLayer` and attach it to a Lambda function. The Lambda's code then executes a simple AWS CLI command (`aws s3 ls`). Remember to grant the Lambda's execution role the necessary IAM permissions for any AWS CLI commands it will run.

import os
from aws_cdk import (
    App,
    Stack,
    aws_lambda as lambda_,
)
from aws_cdk_asset_awscli_v1 import AwsCliLayer

class MyAwsCliStack(Stack):
    def __init__(self, scope: App, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)

        # Create the AWS CLI v1 Lambda Layer
        aws_cli_layer = AwsCliLayer(self, "AwsCliV1Layer")

        # Define a Lambda function that uses the layer
        lambda_function = lambda_.Function(
            self,
            "MyLambdaWithAwsCli",
            runtime=lambda_.Runtime.PYTHON_3_9, # Ensure compatibility with asset's Python requirement
            handler="index.handler",
            code=lambda_.Code.from_inline(
                """
import json
import subprocess

def handler(event, context):
    try:
        # Example: run 'aws s3 ls' to list S3 buckets
        # The Lambda's IAM role must have s3:ListBucket permissions.
        result = subprocess.run(['aws', 's3', 'ls'], capture_output=True, text=True, check=True)
        return {
            'statusCode': 200,
            'body': json.dumps({'message': 'AWS CLI executed successfully', 'output': result.stdout})
        }
    except subprocess.CalledProcessError as e:
        return {
            'statusCode': 500,
            'body': json.dumps({'error': f"AWS CLI error: {e.stderr}"})
        }
    except Exception as e:
        return {
            'statusCode': 500,
            'body': json.dumps({'error': str(e)})
        }
                """
            ),
            layers=[aws_cli_layer],
            # Add IAM permissions required for CLI commands, e.g., s3:ListBucket for 'aws s3 ls'
            # For a production setup, consider defining a more granular policy.
            # lambda_function.add_to_role_policy(iam.PolicyStatement(actions=["s3:ListBucket"], resources=["arn:aws:s3:::*"]))
        )

app = App()
MyAwsCliStack(app, "MyAwsCliStack")
app.synth()