From bcc0fd9a5347df11aecf145720a0ab89e41cb047 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Wed, 2 Feb 2022 17:15:56 +0000 Subject: [PATCH] publish: make a layer public --- apm-lambda-extension/Makefile | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/apm-lambda-extension/Makefile b/apm-lambda-extension/Makefile index ced74827..cf49c445 100644 --- a/apm-lambda-extension/Makefile +++ b/apm-lambda-extension/Makefile @@ -53,6 +53,7 @@ publish-in-all-aws-regions: validate-layer-name get-all-aws-regions @while read AWS_DEFAULT_REGION; do \ echo "publish '$(ELASTIC_LAYER_NAME)' in $${AWS_DEFAULT_REGION}"; \ AWS_DEFAULT_REGION="$${AWS_DEFAULT_REGION}" ELASTIC_LAYER_NAME=$(ELASTIC_LAYER_NAME) $(MAKE) publish > $(AWS_FOLDER)/$${AWS_DEFAULT_REGION}; \ + AWS_DEFAULT_REGION="$${AWS_DEFAULT_REGION}" ELASTIC_LAYER_NAME=$(ELASTIC_LAYER_NAME) $(MAKE) grant-public-layer-access; \ done <.regions $(MAKE) create-arn-file @@ -66,6 +67,17 @@ publish: validate-layer-name validate-aws-default-region --license "Apache-2.0" \ --zip-file "fileb://./bin/extension.zip" +# Grant public access to the given LAYER in the given AWS region +grant-public-layer-access: validate-layer-name validate-aws-default-region + @aws lambda \ + --output json \ + add-layer-version-permission \ + --layer-name "$(ELASTIC_LAYER_NAME)" \ + --action lambda:GetLayerVersion \ + --principal '*' \ + --statement-id "$(ELASTIC_LAYER_NAME)-$(ARCHITECTURE)" \ + --version-number $$(jq -r .Version $(AWS_FOLDER)/$(AWS_DEFAULT_REGION)) > $(AWS_FOLDER)/.$(AWS_DEFAULT_REGION)-public + # Generate the file with the ARN entries create-arn-file: validate-suffix-arn-file @../.ci/create-arn-table.sh