diff --git a/packages/@aws-cdk/aws-lambda-python/README.md b/packages/@aws-cdk/aws-lambda-python/README.md index 2a8de2d34c4de..ef52db457ef2b 100644 --- a/packages/@aws-cdk/aws-lambda-python/README.md +++ b/packages/@aws-cdk/aws-lambda-python/README.md @@ -167,9 +167,34 @@ new lambda.PythonFunction(this, 'function', { entry, runtime: Runtime.PYTHON_3_8, bundling: { - buildArgs: { PIP_INDEX_URL: indexUrl }, + environment: { PIP_INDEX_URL: indexUrl }, }, }); ``` -This type of an example should work for `pip` and `poetry` based dependencies, but will not work for `pipenv`. +The index URL or the token are only used during bundling and thus not included in the final asset. Setting only environment variable for `PIP_INDEX_URL` or `PIP_EXTRA_INDEX_URL` should work for accesing private Python repositories with `pip`, `pipenv` and `poetry` based dependencies. + +If you also want to use the Code Artifact repo for building the base Docker image for bundling, use `buildArgs`. However, note that setting custom build args for bundling will force the base bundling image to be rebuilt every time (i.e. skip the Docker cache). Build args can be customized as: + +```ts +import { execSync } from 'child_process'; + +const entry = '/path/to/function'; +const image = DockerImage.fromBuild(entry); + +const domain = 'my-domain'; +const domainOwner = '111122223333'; +const repoName = 'my_repo'; +const region = 'us-east-1'; +const codeArtifactAuthToken = execSync(`aws codeartifact get-authorization-token --domain ${domain} --domain-owner ${domainOwner} --query authorizationToken --output text`).toString().trim(); + +const indexUrl = `https://aws:${codeArtifactAuthToken}@${domain}-${domainOwner}.d.codeartifact.${region}.amazonaws.com/pypi/${repoName}/simple/`; + +new lambda.PythonFunction(this, 'function', { + entry, + runtime: Runtime.PYTHON_3_8, + bundling: { + buildArgs: { PIP_INDEX_URL: indexUrl }, + }, +}); +``` diff --git a/packages/@aws-cdk/aws-lambda-python/lib/bundling.ts b/packages/@aws-cdk/aws-lambda-python/lib/bundling.ts index ddd3e167204c9..bd2020a5a228b 100644 --- a/packages/@aws-cdk/aws-lambda-python/lib/bundling.ts +++ b/packages/@aws-cdk/aws-lambda-python/lib/bundling.ts @@ -51,6 +51,7 @@ export class Bundling implements CdkBundlingOptions { public readonly image: DockerImage; public readonly command: string[]; + public readonly environment?: { [key: string]: string }; constructor(props: BundlingProps) { const { @@ -78,6 +79,7 @@ export class Bundling implements CdkBundlingOptions { }); this.image = image ?? defaultImage; this.command = ['bash', '-c', chain(bundlingCommands)]; + this.environment = props.environment; } private createBundlingCommand(options: BundlingCommandOptions): string[] { diff --git a/packages/@aws-cdk/aws-lambda-python/lib/types.ts b/packages/@aws-cdk/aws-lambda-python/lib/types.ts index 1f2b1e8c7aabf..e818eadc4401b 100644 --- a/packages/@aws-cdk/aws-lambda-python/lib/types.ts +++ b/packages/@aws-cdk/aws-lambda-python/lib/types.ts @@ -30,6 +30,13 @@ export interface BundlingOptions { */ readonly buildArgs?: { [key: string]: string }; + /** + * Environment variables defined when bundling runs. + * + * @default - no environment variables are defined. + */ + readonly environment?: { [key: string]: string; }; + /** * Determines how asset hash is calculated. Assets will get rebuild and * uploaded only if their hash has changed. diff --git a/packages/@aws-cdk/aws-lambda-python/test/bundling.test.ts b/packages/@aws-cdk/aws-lambda-python/test/bundling.test.ts index 4af556b3b9a62..a75ecc8625960 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/bundling.test.ts +++ b/packages/@aws-cdk/aws-lambda-python/test/bundling.test.ts @@ -229,3 +229,22 @@ test('Bundling with custom build args', () => { }), })); }); + +test('Bundling with custom environment vars`', () => { + const entry = path.join(__dirname, 'lambda-handler'); + Bundling.bundle({ + entry: entry, + runtime: Runtime.PYTHON_3_7, + environment: { + KEY: 'value', + }, + }); + + expect(Code.fromAsset).toHaveBeenCalledWith(entry, expect.objectContaining({ + bundling: expect.objectContaining({ + environment: { + KEY: 'value', + }, + }), + })); +});