Zappa makes it super easy to build and deploy server-less, event-driven Python applications on AWS Lambda + API Gateway.

Overview

Zappa Rocks!

Zappa - Serverless Python

Build Status Coverage PyPI Slack Gun.io Patreon

About

Zappa Slides

In a hurry? Click to see (now slightly out-dated) slides from Serverless SF!

Zappa makes it super easy to build and deploy server-less, event-driven Python applications (including, but not limited to, WSGI web apps) on AWS Lambda + API Gateway. Think of it as "serverless" web hosting for your Python apps. That means infinite scaling, zero downtime, zero maintenance - and at a fraction of the cost of your current deployments!

If you've got a Python web app (including Django and Flask apps), it's as easy as:

$ pip install zappa
$ zappa init
$ zappa deploy

and now you're server-less! Wow!

What do you mean "serverless"?

Okay, so there still is a server - but it only has a 40 millisecond life cycle! Serverless in this case means "without any permanent infrastructure."

With a traditional HTTP server, the server is online 24/7, processing requests one by one as they come in. If the queue of incoming requests grows too large, some requests will time out. With Zappa, each request is given its own virtual HTTP "server" by Amazon API Gateway. AWS handles the horizontal scaling automatically, so no requests ever time out. Each request then calls your application from a memory cache in AWS Lambda and returns the response via Python's WSGI interface. After your app returns, the "server" dies.

Better still, with Zappa you only pay for the milliseconds of server time that you use, so it's many orders of magnitude cheaper than VPS/PaaS hosts like Linode or Heroku - and in most cases, it's completely free. Plus, there's no need to worry about load balancing or keeping servers online ever again.

It's great for deploying serverless microservices with frameworks like Flask and Bottle, and for hosting larger web apps and CMSes with Django. Or, you can use any WSGI-compatible app you like! You probably don't need to change your existing applications to use it, and you're not locked into using it.

Zappa also lets you build hybrid event-driven applications that can scale to trillions of events a year with no additional effort on your part! You also get free SSL certificates, global app deployment, API access management, automatic security policy generation, precompiled C-extensions, auto keep-warms, oversized Lambda packages, and many other exclusive features!

And finally, Zappa is super easy to use. You can deploy your application with a single command out of the box!

Awesome!

Zappa Demo Gif

Installation and Configuration

Before you begin, make sure you are running Python 3.6/3.7/3.8 and you have a valid AWS account and your AWS credentials file is properly installed.

Zappa can easily be installed through pip, like so:

$ pip install zappa

Please note that Zappa must be installed into your project's virtual environment. The virtual environment name should not be the same as the Zappa project name, as this may cause errors.

(If you use pyenv and love to manage virtualenvs with pyenv-virtualenv, you just have to call pyenv local [your_venv_name] and it's ready. Conda users should comment here.)

Next, you'll need to define your local and server-side settings.

Running the Initial Setup / Settings

Zappa can automatically set up your deployment settings for you with the init command:

$ zappa init

This will automatically detect your application type (Flask/Django - Pyramid users see here) and help you define your deployment configuration settings. Once you finish initialization, you'll have a file named zappa_settings.json in your project directory defining your basic deployment settings. It will probably look something like this for most WSGI apps:

{
    // The name of your stage
    "dev": {
        // The name of your S3 bucket
        "s3_bucket": "lambda",

        // The modular python path to your WSGI application function.
        // In Flask and Bottle, this is your 'app' object.
        // Flask (your_module.py):
        // app = Flask()
        // Bottle (your_module.py):
        // app = bottle.default_app()
        "app_function": "your_module.app"
    }
}

or for Django:

{
    "dev": { // The name of your stage
       "s3_bucket": "lambda", // The name of your S3 bucket
       "django_settings": "your_project.settings" // The python path to your Django settings.
    }
}

Psst: If you're deploying a Django application with Zappa for the first time, you might want to read Edgar Roman's Django Zappa Guide.

You can define as many stages as your like - we recommend having dev, staging, and production.

Now, you're ready to deploy!

Basic Usage

Initial Deployments

Once your settings are configured, you can package and deploy your application to a stage called "production" with a single command:

$ zappa deploy production
Deploying..
Your application is now live at: https://7k6anj0k99.execute-api.us-east-1.amazonaws.com/production

And now your app is live! How cool is that?!

To explain what's going on, when you call deploy, Zappa will automatically package up your application and local virtual environment into a Lambda-compatible archive, replace any dependencies with versions with wheels compatible with lambda, set up the function handler and necessary WSGI Middleware, upload the archive to S3, create and manage the necessary Amazon IAM policies and roles, register it as a new Lambda function, create a new API Gateway resource, create WSGI-compatible routes for it, link it to the new Lambda function, and finally delete the archive from your S3 bucket. Handy!

Be aware that the default IAM role and policy created for executing Lambda applies a liberal set of permissions. These are most likely not appropriate for production deployment of important applications. See the section Custom AWS IAM Roles and Policies for Execution for more detail.

Updates

If your application has already been deployed and you only need to upload new Python code, but not touch the underlying routes, you can simply:

$ zappa update production
Updating..
Your application is now live at: https://7k6anj0k99.execute-api.us-east-1.amazonaws.com/production

This creates a new archive, uploads it to S3 and updates the Lambda function to use the new code, but doesn't touch the API Gateway routes.

Docker Workflows

In version 0.53.0, support was added to deploy & update Lambda functions using Docker. Refer to the blog post for more details about how to leverage this functionality, and when you may want to.

Rollback

You can also rollback the deployed code to a previous version by supplying the number of revisions to return to. For instance, to rollback to the version deployed 3 versions ago:

$ zappa rollback production -n 3

Scheduling

Zappa can be used to easily schedule functions to occur on regular intervals. This provides a much nicer, maintenance-free alternative to Celery! These functions will be packaged and deployed along with your app_function and called from the handler automatically. Just list your functions and the expression to schedule them using cron or rate syntax in your zappa_settings.json file:

{
    "production": {
       ...
       "events": [{
           "function": "your_module.your_function", // The function to execute
           "expression": "rate(1 minute)" // When to execute it (in cron or rate format)
       }],
       ...
    }
}

And then:

$ zappa schedule production

And now your function will execute every minute!

If you want to cancel these, you can simply use the unschedule command:

$ zappa unschedule production

And now your scheduled event rules are deleted.

See the example for more details.

Advanced Scheduling

Sometimes a function needs multiple expressions to describe its schedule. To set multiple expressions, simply list your functions, and the list of expressions to schedule them using cron or rate syntax in your zappa_settings.json file:

{
    "production": {
       ...
       "events": [{
           "function": "your_module.your_function", // The function to execute
           "expressions": ["cron(0 20-23 ? * SUN-THU *)", "cron(0 0-8 ? * MON-FRI *)"] // When to execute it (in cron or rate format)
       }],
       ...
    }
}

This can be used to deal with issues arising from the UTC timezone crossing midnight during business hours in your local timezone.

It should be noted that overlapping expressions will not throw a warning, and should be checked for, to prevent duplicate triggering of functions.

Undeploy

If you need to remove the API Gateway and Lambda function that you have previously published, you can simply:

$ zappa undeploy production

You will be asked for confirmation before it executes.

If you enabled CloudWatch Logs for your API Gateway service and you don't want to keep those logs, you can specify the --remove-logs argument to purge the logs for your API Gateway and your Lambda function:

$ zappa undeploy production --remove-logs

Package

If you want to build your application package without actually uploading and registering it as a Lambda function, you can use the package command:

$ zappa package production

If you have a zip callback in your callbacks setting, this will also be invoked.

{
    "production": { // The name of your stage
        "callbacks": {
            "zip": "my_app.zip_callback"// After creating the package
        }
    }
}

You can also specify the output filename of the package with -o:

$ zappa package production -o my_awesome_package.zip

How Zappa Makes Packages

Zappa will automatically package your active virtual environment into a package which runs smoothly on AWS Lambda.

During this process, it will replace any local dependencies with AWS Lambda compatible versions. Dependencies are included in this order:

  • Lambda-compatible manylinux wheels from a local cache
  • Lambda-compatible manylinux wheels from PyPI
  • Packages from the active virtual environment
  • Packages from the local project directory

It also skips certain unnecessary files, and ignores any .py files if .pyc files are available.

In addition, Zappa will also automatically set the correct execution permissions, configure package settings, and create a unique, auditable package manifest file.

To further reduce the final package file size, you can:

Template

Similarly to package, if you only want the API Gateway CloudFormation template, use the template command:

$ zappa template production --l your-lambda-arn -r your-role-arn

Note that you must supply your own Lambda ARN and Role ARNs in this case, as they may not have been created for you.

You can get the JSON output directly with --json, and specify the output file with --output.

Status

If you need to see the status of your deployment and event schedules, simply use the status command.

$ zappa status production

Tailing Logs

You can watch the logs of a deployment by calling the tail management command.

$ zappa tail production

By default, this will show all log items. In addition to HTTP and other events, anything printed to stdout or stderr will be shown in the logs.

You can use the argument --http to filter for HTTP requests, which will be in the Apache Common Log Format.

$ zappa tail production --http

Similarly, you can do the inverse and only show non-HTTP events and log messages:

$ zappa tail production --non-http

If you don't like the default log colors, you can turn them off with --no-color.

You can also limit the length of the tail with --since, which accepts a simple duration string:

$ zappa tail production --since 4h # 4 hours
$ zappa tail production --since 1m # 1 minute
$ zappa tail production --since 1mm # 1 month

You can filter out the contents of the logs with --filter, like so:

$ zappa tail production --http --filter "POST" # Only show POST HTTP requests

Note that this uses the CloudWatch Logs filter syntax.

To tail logs without following (to exit immediately after displaying the end of the requested logs), pass --disable-keep-open:

$ zappa tail production --since 1h --disable-keep-open

Remote Function Invocation

You can execute any function in your application directly at any time by using the invoke command.

For instance, suppose you have a basic application in a file called "my_app.py", and you want to invoke a function in it called "my_function". Once your application is deployed, you can invoke that function at any time by calling:

$ zappa invoke production 'my_app.my_function'

Any remote print statements made and the value the function returned will then be printed to your local console. Nifty!

You can also invoke interpretable Python 3.6/3.7/3.8 strings directly by using --raw, like so:

$ zappa invoke production "print(1 + 2 + 3)" --raw

For instance, it can come in handy if you want to create your first superuser on a RDS database running in a VPC (like Serverless Aurora): $ zappa invoke staging "from django.contrib.auth import get_user_model; User = get_user_model(); User.objects.create_superuser('username', 'email', 'password')" --raw

Django Management Commands

As a convenience, Zappa can also invoke remote Django 'manage.py' commands with the manage command. For instance, to perform the basic Django status check:

$ zappa manage production showmigrations admin

Obviously, this only works for Django projects which have their settings properly defined.

For commands which have their own arguments, you can also pass the command in as a string, like so:

$ zappa manage production "shell --version"

Commands which require direct user input, such as createsuperuser, should be replaced by commands which use zappa invoke --raw .

For more Django integration, take a look at the zappa-django-utils project.

(Please note that commands which take over 30 seconds to execute may time-out preventing output from being returned - but the command may continue to run. See this related issue for a work-around.)

SSL Certification

Zappa can be deployed to custom domain names and subdomains with custom SSL certificates, Let's Encrypt certificates, and AWS Certificate Manager (ACM) certificates.

Currently, the easiest of these to use are the AWS Certificate Manager certificates, as they are free, self-renewing, and require the least amount of work.

Once configured as described below, all of these methods use the same command:

$ zappa certify

When deploying from a CI/CD system, you can use:

$ zappa certify --yes

to skip the confirmation prompt.

Deploying to a Domain With AWS Certificate Manager

Amazon provides their own free alternative to Let's Encrypt called AWS Certificate Manager (ACM). To use this service with Zappa:

  1. Verify your domain in the AWS Certificate Manager console.
  2. In the console, select the N. Virginia (us-east-1) region and request a certificate for your domain or subdomain (sub.yourdomain.tld), or request a wildcard domain (*.yourdomain.tld).
  3. Copy the entire ARN of that certificate and place it in the Zappa setting certificate_arn.
  4. Set your desired domain in the domain setting.
  5. Call $ zappa certify to create and associate the API Gateway distribution using that certificate.

Deploying to a Domain With a Let's Encrypt Certificate (DNS Auth)

If you want to use Zappa on a domain with a free Let's Encrypt certificate using automatic Route 53 based DNS Authentication, you can follow this handy guide.

Deploying to a Domain With a Let's Encrypt Certificate (HTTP Auth)

If you want to use Zappa on a domain with a free Let's Encrypt certificate using HTTP Authentication, you can follow this guide.

However, it's now far easier to use Route 53-based DNS authentication, which will allow you to use a Let's Encrypt certificate with a single $ zappa certify command.

Deploying to a Domain With Your Own SSL Certs

  1. The first step is to create a custom domain and obtain your SSL cert / key / bundle.
  2. Ensure you have set the domain setting within your Zappa settings JSON - this will avoid problems with the Base Path mapping between the Custom Domain and the API invoke URL, which gets the Stage Name appended in the URI
  3. Add the paths to your SSL cert / key / bundle to the certificate, certificate_key, and certificate_chain settings, respectively, in your Zappa settings JSON
  4. Set route53_enabled to false if you plan on using your own DNS provider, and not an AWS Route53 Hosted zone.
  5. Deploy or update your app using Zappa
  6. Run $ zappa certify to upload your certificates and register the custom domain name with your API gateway.

Executing in Response to AWS Events

Similarly, you can have your functions execute in response to events that happen in the AWS ecosystem, such as S3 uploads, DynamoDB entries, Kinesis streams, SNS messages, and SQS queues.

In your zappa_settings.json file, define your event sources and the function you wish to execute. For instance, this will execute your_module.process_upload_function in response to new objects in your my-bucket S3 bucket. Note that process_upload_function must accept event and context parameters.

{
    "production": {
       ...
       "events": [{
            "function": "your_module.process_upload_function",
            "event_source": {
                  "arn":  "arn:aws:s3:::my-bucket",
                  "events": [
                    "s3:ObjectCreated:*" // Supported event types: http://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#supported-notification-event-types
                  ]
               }
            }],
       ...
    }
}

And then:

$ zappa schedule production

And now your function will execute every time a new upload appears in your bucket!

To access the key's information in your application context, you'll want process_upload_function to look something like this:

import boto3
s3_client = boto3.client('s3')

def process_upload_function(event, context):
    """
    Process a file upload.
    """

    # Get the uploaded file's information
    bucket = event['Records'][0]['s3']['bucket']['name'] # Will be `my-bucket`
    key = event['Records'][0]['s3']['object']['key'] # Will be the file path of whatever file was uploaded.

    # Get the bytes from S3
    s3_client.download_file(bucket, key, '/tmp/' + key) # Download this file to writable tmp space.
    file_bytes = open('/tmp/' + key).read()

Similarly, for a Simple Notification Service event:

        "events": [
            {
                "function": "your_module.your_function",
                "event_source": {
                    "arn":  "arn:aws:sns:::your-event-topic-arn",
                    "events": [
                        "sns:Publish"
                    ]
                }
            }
        ]

Optionally you can add SNS message filters:

        "events": [
            {
                "function": "your_module.your_function",
                "event_source": {
                    "arn":  "arn:aws:sns:::your-event-topic-arn",
                    "filters": {
                        "interests": ["python", "aws", "zappa"],
                        "version": ["1.0"]
                    },
                    ...
                }
            }
        ]

DynamoDB and Kinesis are slightly different as it is not event based but pulling from a stream:

       "events": [
           {
               "function": "replication.replicate_records",
               "event_source": {
                    "arn":  "arn:aws:dynamodb:us-east-1:1234554:table/YourTable/stream/2016-05-11T00:00:00.000",
                    "starting_position": "TRIM_HORIZON", // Supported values: TRIM_HORIZON, LATEST
                    "batch_size": 50, // Max: 1000
                    "enabled": true // Default is false
               }
           }
       ]

SQS is also pulling messages from a stream. At this time, only "Standard" queues can trigger lambda events, not "FIFO" queues. Read the AWS Documentation carefully since Lambda calls the SQS DeleteMessage API on your behalf once your function completes successfully.

       "events": [
           {
               "function": "your_module.process_messages",
               "event_source": {
                    "arn":  "arn:aws:sqs:us-east-1:12341234:your-queue-name-arn",
                    "batch_size": 10, // Max: 10. Use 1 to trigger immediate processing
                    "enabled": true // Default is false
               }
           }
       ]

For configuring Lex Bot's intent triggered events:

    "bot_events": [
        {
            "function": "lexbot.handlers.book_appointment.handler",
            "event_source": {
                "arn": "arn:aws:lex:us-east-1:01234123123:intent:TestLexEventNames:$LATEST", // optional. In future it will be used to configure the intent
                "intent":"intentName", // name of the bot event configured
                "invocation_source":"DialogCodeHook", // either FulfillmentCodeHook or DialogCodeHook
            }
        }
    ]

Events can also take keyword arguments:

       "events": [
            {
                "function": "your_module.your_recurring_function", // The function to execute
                "kwargs": {"key": "val", "key2": "val2"},  // Keyword arguments to pass. These are available in the event
                "expression": "rate(1 minute)" // When to execute it (in cron or rate format)
            }
       ]

To get the keyword arguments you will need to look inside the event dictionary:

def your_recurring_function(event, context):
    my_kwargs = event.get("kwargs")  # dict of kwargs given in zappa_settings file

You can find more example event sources here.

Asynchronous Task Execution

Zappa also now offers the ability to seamlessly execute functions asynchronously in a completely separate AWS Lambda instance!

For example, if you have a Flask API for ordering a pie, you can call your bake function seamlessly in a completely separate Lambda instance by using the zappa.asynchronous.task decorator like so:

from flask import Flask
from zappa.asynchronous import task
app = Flask(__name__)

@task
def make_pie():
    """ This takes a long time! """
    ingredients = get_ingredients()
    pie = bake(ingredients)
    deliver(pie)

@app.route('/api/order/pie')
def order_pie():
    """ This returns immediately! """
    make_pie()
    return "Your pie is being made!"

And that's it! Your API response will return immediately, while the make_pie function executes in a completely different Lambda instance.

When calls to @task decorated functions or the zappa.asynchronous.run command occur outside of Lambda, such as your local dev environment, the functions will execute immediately and locally. The zappa asynchronous functionality only works when in the Lambda environment or when specifying Remote Invocations.

Catching Exceptions

Putting a try..except block on an asynchronous task like this:

@task
def make_pie():
    try:
        ingredients = get_ingredients()
        pie = bake(ingredients)
        deliver(pie)
    except Fault as error:
        """send an email"""
    ...
    return Response('Web services down', status=503)

will cause an email to be sent twice for the same error. See asynchronous retries at AWS. To work around this side-effect, and have the fault handler execute only once, change the return value to:

@task
def make_pie():
    try:
        """code block"""
    except Fault as error:
        """send an email"""
    ...
    return {} #or return True

Task Sources

By default, this feature uses direct AWS Lambda invocation. You can instead use AWS Simple Notification Service as the task event source by using the task_sns decorator, like so:

from zappa.asynchronous import task_sns
@task_sns

Using SNS also requires setting the following settings in your zappa_settings:

{
  "dev": {
    ..
      "async_source": "sns", // Source of async tasks. Defaults to "lambda"
      "async_resources": true, // Create the SNS topic to use. Defaults to true.
    ..
    }
}

This will automatically create and subscribe to the SNS topic the code will use when you call the zappa schedule command.

Using SNS will also return a message ID in case you need to track your invocations.

Direct Invocation

You can also use this functionality without a decorator by passing your function to zappa.asynchronous.run, like so:

from zappa.asynchronous import run

run(your_function, args, kwargs) # Using Lambda
run(your_function, args, kwargs, service='sns') # Using SNS

Remote Invocations

By default, Zappa will use lambda's current function name and current AWS region. If you wish to invoke a lambda with a different function name/region or invoke your lambda from outside of lambda, you must specify the remote_aws_lambda_function_name and remote_aws_region arguments so that the application knows which function and region to use. For example, if some part of our pizza making application had to live on an EC2 instance, but we wished to call the make_pie() function on its own Lambda instance, we would do it as follows:

@task(remote_aws_lambda_function_name='pizza-pie-prod', remote_aws_region='us-east-1')
def make_pie():
   """ This takes a long time! """
   ingredients = get_ingredients()
   pie = bake(ingredients)
   deliver(pie)

If those task() parameters were not used, then EC2 would execute the function locally. These same remote_aws_lambda_function_name and remote_aws_region arguments can be used on the zappa.asynchronous.run() function as well.

Restrictions

The following restrictions to this feature apply:

  • Functions must have a clean import path -- i.e. no closures, lambdas, or methods.
  • args and kwargs must be JSON-serializable.
  • The JSON-serialized arguments must be within the size limits for Lambda (256K) or SNS (256K) events.

All of this code is still backwards-compatible with non-Lambda environments - it simply executes in a blocking fashion and returns the result.

Running Tasks in a VPC

If you're running Zappa in a Virtual Private Cloud (VPC), you'll need to configure your subnets to allow your lambda to communicate with services inside your VPC as well as the public Internet. A minimal setup requires two subnets.

In subnet-a:

  • Create a NAT
  • Create an Internet gateway
  • In the route table, create a route pointing the Internet gateway to 0.0.0.0/0.

In subnet-b:

  • Place your lambda function
  • In the route table, create a route pointing the NAT that belongs to subnet-a to 0.0.0.0/0.

You can place your lambda in multiple subnets that are configured the same way as subnet-b for high availability.

Some helpful resources are this tutorial, this other tutorial and this AWS doc page.

Responses

It is possible to capture the responses of Asynchronous tasks.

Zappa uses DynamoDB as the backend for these.

To capture responses, you must configure a async_response_table in zappa_settings. This is the DynamoDB table name. Then, when decorating with @task, pass capture_response=True.

Async responses are assigned a response_id. This is returned as a property of the LambdaAsyncResponse (or SnsAsyncResponse) object that is returned by the @task decorator.

Example:

from zappa.asynchronous import task, get_async_response
from flask import Flask, make_response, abort, url_for, redirect, request, jsonify
from time import sleep

app = Flask(__name__)

@app.route('/payload')
def payload():
    delay = request.args.get('delay', 60)
    x = longrunner(delay)
    return redirect(url_for('response', response_id=x.response_id))

@app.route('/async-response/
    
     '
    )
def response(response_id):
    response = get_async_response(response_id)
    if response is None:
        abort(404)

    if response['status'] == 'complete':
        return jsonify(response['response'])

    sleep(5)

    return "Not yet ready. Redirecting.", 302, {
        'Content-Type': 'text/plain; charset=utf-8',
        'Location': url_for('response', response_id=response_id, backoff=5),
        'X-redirect-reason': "Not yet ready.",
    }

@task(capture_response=True)
def longrunner(delay):
    sleep(float(delay))
    return {'MESSAGE': "It took {} seconds to generate this.".format(delay)}

Advanced Settings

There are other settings that you can define in your local settings to change Zappa's behavior. Use these at your own risk!

:::my-topic/queue", // Optional Dead Letter configuration for when Lambda async invoke fails thrice "debug": true, // Print Zappa configuration errors tracebacks in the 500. Default true. "delete_local_zip": true, // Delete the local zip archive after code updates. Default true. "delete_s3_zip": true, // Delete the s3 zip archive. Default true. "django_settings": "your_project.production_settings", // The modular path to your Django project's settings. For Django projects only. "domain": "yourapp.yourdomain.com", // Required if you're using a domain "base_path": "your-base-path", // Optional base path for API gateway custom domain base path mapping. Default None. Not supported for use with Application Load Balancer event sources. "environment_variables": {"your_key": "your_value"}, // A dictionary of environment variables that will be available to your deployed app. See also "remote_env" and "aws_environment_variables". Default {}. "events": [ { // Recurring events "function": "your_module.your_recurring_function", // The function to execute "expression": "rate(1 minute)" // When to execute it (in cron or rate format) }, { // AWS Reactive events "function": "your_module.your_reactive_function", // The function to execute "event_source": { "arn": "arn:aws:s3:::my-bucket", // The ARN of this event source "events": [ "s3:ObjectCreated:*" // The specific event to execute in response to. ] } } ], "endpoint_configuration": ["EDGE", "REGIONAL", "PRIVATE"], // Specify APIGateway endpoint None (default) or list `EDGE`, `REGION`, `PRIVATE` "exception_handler": "your_module.report_exception", // function that will be invoked in case Zappa sees an unhandled exception raised from your code "exclude": ["*.gz", "*.rar"], // A list of regex patterns to exclude from the archive. To exclude boto3 and botocore (available in an older version on Lambda), add "boto3*" and "botocore*". "extends": "stage_name", // Duplicate and extend another stage's settings. For example, `dev-asia` could extend from `dev-common` with a different `s3_bucket` value. "extra_permissions": [{ // Attach any extra permissions to this policy. Default None "Effect": "Allow", "Action": ["rekognition:*"], // AWS Service ARN "Resource": "*" }], "iam_authorization": false, // optional, use IAM to require request signing. Default false. Note that enabling this will override the authorizer configuration. "include": ["your_special_library_to_load_at_handler_init"], // load special libraries into PYTHONPATH at handler init that certain modules cannot find on path "authorizer": { "function": "your_module.your_auth_function", // Local function to run for token validation. For more information about the function see below. "arn": "arn:aws:lambda: : :function: ", // Existing Lambda function to run for token validation. "result_ttl": 300, // Optional. Default 300. The time-to-live (TTL) period, in seconds, that specifies how long API Gateway caches authorizer results. Currently, the maximum TTL value is 3600 seconds. "token_header": "Authorization", // Optional. Default 'Authorization'. The name of a custom authorization header containing the token that clients submit as part of their requests. "validation_expression": "^Bearer \\w+$", // Optional. A validation expression for the incoming token, specify a regular expression. }, "keep_warm": true, // Create CloudWatch events to keep the server warm. Default true. To remove, set to false and then `unschedule`. "keep_warm_expression": "rate(4 minutes)", // How often to execute the keep-warm, in cron and rate format. Default 4 minutes. "lambda_description": "Your Description", // However you want to describe your project for the AWS console. Default "Zappa Deployment". "lambda_handler": "your_custom_handler", // The name of Lambda handler. Default: handler.lambda_handler "layers": ["arn:aws:lambda: : :layer: : "], // optional lambda layers "lambda_concurrency": 10, // Sets the maximum number of simultaneous executions for a function, and reserves capacity for that concurrency level. Default is None. "lets_encrypt_key": "s3://your-bucket/account.key", // Let's Encrypt account key path. Can either be an S3 path or a local file path. "log_level": "DEBUG", // Set the Zappa log level. Can be one of CRITICAL, ERROR, WARNING, INFO and DEBUG. Default: DEBUG "manage_roles": true, // Have Zappa automatically create and define IAM execution roles and policies. Default true. If false, you must define your own IAM Role and role_name setting. "memory_size": 512, // Lambda function memory in MB. Default 512. "num_retained_versions":null, // Indicates the number of old versions to retain for the lambda. If absent, keeps all the versions of the function. "payload_compression": true, // Whether or not to enable API gateway payload compression (default: true) "payload_minimum_compression_size": 0, // The threshold size (in bytes) below which payload compression will not be applied (default: 0) "prebuild_script": "your_module.your_function", // Function to execute before uploading code "profile_name": "your-profile-name", // AWS profile credentials to use. Default 'default'. Removing this setting will use the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables instead. "project_name": "MyProject", // The name of the project as it appears on AWS. Defaults to a slugified `pwd`. "remote_env": "s3://my-project-config-files/filename.json", // optional file in s3 bucket containing a flat json object which will be used to set custom environment variables. "role_name": "MyLambdaRole", // Name of Zappa execution role. Default - -ZappaExecutionRole. To use a different, pre-existing policy, you must also set manage_roles to false. "role_arn": "arn:aws:iam::12345:role/app-ZappaLambdaExecutionRole", // ARN of Zappa execution role. Default to None. To use a different, pre-existing policy, you must also set manage_roles to false. This overrides role_name. Use with temporary credentials via GetFederationToken. "route53_enabled": true, // Have Zappa update your Route53 Hosted Zones when certifying with a custom domain. Default true. "runtime": "python3.6", // Python runtime to use on Lambda. Can be one of "python3.6", "python3.7" or "python3.8". Defaults to whatever the current Python being used is. "s3_bucket": "dev-bucket", // Zappa zip bucket, "slim_handler": false, // Useful if project >50M. Set true to just upload a small handler to Lambda and load actual project from S3 at runtime. Default false. "settings_file": "~/Projects/MyApp/settings/dev_settings.py", // Server side settings file location, "tags": { // Attach additional tags to AWS Resources "Key": "Value", // Example Key and value "Key2": "Value2", }, "timeout_seconds": 30, // Maximum lifespan for the Lambda function (default 30, max 900.) "touch": true, // GET the production URL upon initial deployment (default True) "touch_path": "/", // The endpoint path to GET when checking the initial deployment (default "/") "use_precompiled_packages": true, // If possible, use C-extension packages which have been pre-compiled for AWS Lambda. Default true. "vpc_config": { // Optional Virtual Private Cloud (VPC) configuration for Lambda function "SubnetIds": [ "subnet-12345678" ], // Note: not all availability zones support Lambda! "SecurityGroupIds": [ "sg-12345678" ] }, "xray_tracing": false // Optional, enable AWS X-Ray tracing on your lambda function. } } ">
 {
    "dev": {
        "alb_enabled": false, // enable provisioning of application load balancing resources. If set to true, you _must_ fill out the alb_vpc_config option as well.
        "alb_vpc_config": {
            "CertificateArn": "your_acm_certificate_arn", // ACM certificate ARN for ALB
            "SubnetIds": [], // list of subnets for ALB
            "SecurityGroupIds": [] // list of security groups for ALB
        },
        "api_key_required": false, // enable securing API Gateway endpoints with x-api-key header (default False)
        "api_key": "your_api_key_id", // optional, use an existing API key. The option "api_key_required" must be true to apply
        "apigateway_enabled": true, // Set to false if you don't want to create an API Gateway resource. Default true.
        "apigateway_description": "My funky application!", // Define a custom description for the API Gateway console. Default None.
        "assume_policy": "my_assume_policy.json", // optional, IAM assume policy JSON file
        "attach_policy": "my_attach_policy.json", // optional, IAM attach policy JSON file
        "apigateway_policy": "my_apigateway_policy.json", // optional, API Gateway resource policy JSON file
        "async_source": "sns", // Source of async tasks. Defaults to "lambda"
        "async_resources": true, // Create the SNS topic and DynamoDB table to use. Defaults to true.
        "async_response_table": "your_dynamodb_table_name",  // the DynamoDB table name to use for captured async responses; defaults to None (can't capture)
        "async_response_table_read_capacity": 1,  // DynamoDB table read capacity; defaults to 1
        "async_response_table_write_capacity": 1,  // DynamoDB table write capacity; defaults to 1
        "aws_endpoint_urls": { "aws_service_name": "endpoint_url" }, // a dictionary of endpoint_urls that emulate the appropriate service.  Usually used for testing, for instance with `localstack`.
        "aws_environment_variables" : {"your_key": "your_value"}, // A dictionary of environment variables that will be available to your deployed app via AWS Lambdas native environment variables. See also "environment_variables" and "remote_env" . Default {}.
        "aws_kms_key_arn": "your_aws_kms_key_arn", // Your AWS KMS Key ARN
        "aws_region": "aws-region-name", // optional, uses region set in profile or environment variables if not set here,
        "binary_support": true, // Enable automatic MIME-type based response encoding through API Gateway. Default true.
        "callbacks": { // Call custom functions during the local Zappa deployment/update process
            "settings": "my_app.settings_callback", // After loading the settings
            "zip": "my_app.zip_callback", // After creating the package
            "post": "my_app.post_callback", // After command has executed
        },
        "cache_cluster_enabled": false, // Use APIGW cache cluster (default False)
        "cache_cluster_size": 0.5, // APIGW Cache Cluster size (default 0.5)
        "cache_cluster_ttl": 300, // APIGW Cache Cluster time-to-live (default 300)
        "cache_cluster_encrypted": false, // Whether or not APIGW Cache Cluster encrypts data (default False)
        "certificate": "my_cert.crt", // SSL certificate file location. Used to manually certify a custom domain
        "certificate_key": "my_key.key", // SSL key file location. Used to manually certify a custom domain
        "certificate_chain": "my_cert_chain.pem", // SSL certificate chain file location. Used to manually certify a custom domain
        "certificate_arn": "arn:aws:acm:us-east-1:1234512345:certificate/aaaa-bbb-cccc-dddd", // ACM certificate ARN (needs to be in us-east-1 region).
        "cloudwatch_log_level": "OFF", // Enables/configures a level of logging for the given staging. Available options: "OFF", "INFO", "ERROR", default "OFF".
        "cloudwatch_data_trace": false, // Logs all data about received events. Default false.
        "cloudwatch_metrics_enabled": false, // Additional metrics for the API Gateway. Default false.
        "cognito": { // for Cognito event triggers
            "user_pool": "user-pool-id", // User pool ID from AWS Cognito
            "triggers": [{
                "source": "PreSignUp_SignUp", // triggerSource from http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html#cognito-user-pools-lambda-trigger-syntax-pre-signup
                "function": "my_app.pre_signup_function"
            }]
        },
        "context_header_mappings": { "HTTP_header_name": "API_Gateway_context_variable" }, // A dictionary mapping HTTP header names to API Gateway context variables
        "cors": false, // Enable Cross-Origin Resource Sharing. Default false. If true, simulates the "Enable CORS" button on the API Gateway console. Can also be a dictionary specifying lists of "allowed_headers", "allowed_methods", and string of "allowed_origin"
        "dead_letter_arn": "arn:aws:
            
             :::my-topic/queue"
            , // Optional Dead Letter configuration for when Lambda async invoke fails thrice
        "debug": true, // Print Zappa configuration errors tracebacks in the 500. Default true.
        "delete_local_zip": true, // Delete the local zip archive after code updates. Default true.
        "delete_s3_zip": true, // Delete the s3 zip archive. Default true.
        "django_settings": "your_project.production_settings", // The modular path to your Django project's settings. For Django projects only.
        "domain": "yourapp.yourdomain.com", // Required if you're using a domain
        "base_path": "your-base-path", // Optional base path for API gateway custom domain base path mapping. Default None. Not supported for use with Application Load Balancer event sources.
        "environment_variables": {"your_key": "your_value"}, // A dictionary of environment variables that will be available to your deployed app. See also "remote_env" and "aws_environment_variables". Default {}.
        "events": [
            {   // Recurring events
                "function": "your_module.your_recurring_function", // The function to execute
                "expression": "rate(1 minute)" // When to execute it (in cron or rate format)
            },
            {   // AWS Reactive events
                "function": "your_module.your_reactive_function", // The function to execute
                "event_source": {
                    "arn":  "arn:aws:s3:::my-bucket", // The ARN of this event source
                    "events": [
                        "s3:ObjectCreated:*" // The specific event to execute in response to.
                    ]
                }
            }
        ],
        "endpoint_configuration": ["EDGE", "REGIONAL", "PRIVATE"],  // Specify APIGateway endpoint None (default) or list `EDGE`, `REGION`, `PRIVATE`
        "exception_handler": "your_module.report_exception", // function that will be invoked in case Zappa sees an unhandled exception raised from your code
        "exclude": ["*.gz", "*.rar"], // A list of regex patterns to exclude from the archive. To exclude boto3 and botocore (available in an older version on Lambda), add "boto3*" and "botocore*".
        "extends": "stage_name", // Duplicate and extend another stage's settings. For example, `dev-asia` could extend from `dev-common` with a different `s3_bucket` value.
        "extra_permissions": [{ // Attach any extra permissions to this policy. Default None
            "Effect": "Allow",
            "Action": ["rekognition:*"], // AWS Service ARN
            "Resource": "*"
        }],
        "iam_authorization": false, // optional, use IAM to require request signing. Default false. Note that enabling this will override the authorizer configuration.
        "include": ["your_special_library_to_load_at_handler_init"], // load special libraries into PYTHONPATH at handler init that certain modules cannot find on path
        "authorizer": {
            "function": "your_module.your_auth_function", // Local function to run for token validation. For more information about the function see below.
            "arn": "arn:aws:lambda:
            
             :
             
              :function:
              
               "
              
             
            , // Existing Lambda function to run for token validation.
            "result_ttl": 300, // Optional. Default 300. The time-to-live (TTL) period, in seconds, that specifies how long API Gateway caches authorizer results. Currently, the maximum TTL value is 3600 seconds.
            "token_header": "Authorization", // Optional. Default 'Authorization'. The name of a custom authorization header containing the token that clients submit as part of their requests.
            "validation_expression": "^Bearer \\w+$", // Optional. A validation expression for the incoming token, specify a regular expression.
        },
        "keep_warm": true, // Create CloudWatch events to keep the server warm. Default true. To remove, set to false and then `unschedule`.
        "keep_warm_expression": "rate(4 minutes)", // How often to execute the keep-warm, in cron and rate format. Default 4 minutes.
        "lambda_description": "Your Description", // However you want to describe your project for the AWS console. Default "Zappa Deployment".
        "lambda_handler": "your_custom_handler", // The name of Lambda handler. Default: handler.lambda_handler
        "layers": ["arn:aws:lambda:
            
             :
             
              :layer:
              
               :
               
                "
               
              
             
            ], // optional lambda layers
        "lambda_concurrency": 10, // Sets the maximum number of simultaneous executions for a function, and reserves capacity for that concurrency level. Default is None.
        "lets_encrypt_key": "s3://your-bucket/account.key", // Let's Encrypt account key path. Can either be an S3 path or a local file path.
        "log_level": "DEBUG", // Set the Zappa log level. Can be one of CRITICAL, ERROR, WARNING, INFO and DEBUG. Default: DEBUG
        "manage_roles": true, // Have Zappa automatically create and define IAM execution roles and policies. Default true. If false, you must define your own IAM Role and role_name setting.
        "memory_size": 512, // Lambda function memory in MB. Default 512.
        "num_retained_versions":null, // Indicates the number of old versions to retain for the lambda. If absent, keeps all the versions of the function.
        "payload_compression": true, // Whether or not to enable API gateway payload compression (default: true)
        "payload_minimum_compression_size": 0, // The threshold size (in bytes) below which payload compression will not be applied (default: 0)
        "prebuild_script": "your_module.your_function", // Function to execute before uploading code
        "profile_name": "your-profile-name", // AWS profile credentials to use. Default 'default'. Removing this setting will use the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables instead.
        "project_name": "MyProject", // The name of the project as it appears on AWS. Defaults to a slugified `pwd`.
        "remote_env": "s3://my-project-config-files/filename.json", // optional file in s3 bucket containing a flat json object which will be used to set custom environment variables.
        "role_name": "MyLambdaRole", // Name of Zappa execution role. Default 
            
             -
             
              -ZappaExecutionRole. To use a different, pre-existing policy, you must also set manage_roles to false.
             
            
        "role_arn": "arn:aws:iam::12345:role/app-ZappaLambdaExecutionRole", // ARN of Zappa execution role. Default to None. To use a different, pre-existing policy, you must also set manage_roles to false. This overrides role_name. Use with temporary credentials via GetFederationToken.
        "route53_enabled": true, // Have Zappa update your Route53 Hosted Zones when certifying with a custom domain. Default true.
        "runtime": "python3.6", // Python runtime to use on Lambda. Can be one of "python3.6", "python3.7" or "python3.8". Defaults to whatever the current Python being used is.
        "s3_bucket": "dev-bucket", // Zappa zip bucket,
        "slim_handler": false, // Useful if project >50M. Set true to just upload a small handler to Lambda and load actual project from S3 at runtime. Default false.
        "settings_file": "~/Projects/MyApp/settings/dev_settings.py", // Server side settings file location,
        "tags": { // Attach additional tags to AWS Resources
            "Key": "Value",  // Example Key and value
            "Key2": "Value2",
            },
        "timeout_seconds": 30, // Maximum lifespan for the Lambda function (default 30, max 900.)
        "touch": true, // GET the production URL upon initial deployment (default True)
        "touch_path": "/", // The endpoint path to GET when checking the initial deployment (default "/")
        "use_precompiled_packages": true, // If possible, use C-extension packages which have been pre-compiled for AWS Lambda. Default true.
        "vpc_config": { // Optional Virtual Private Cloud (VPC) configuration for Lambda function
            "SubnetIds": [ "subnet-12345678" ], // Note: not all availability zones support Lambda!
            "SecurityGroupIds": [ "sg-12345678" ]
        },
        "xray_tracing": false // Optional, enable AWS X-Ray tracing on your lambda function.
    }
}

YAML Settings

If you prefer YAML over JSON, you can also use a zappa_settings.yml, like so:

---
dev:
  app_function: your_module.your_app
  s3_bucket: your-code-bucket
  events:
  - function: your_module.your_function
    event_source:
      arn: arn:aws:s3:::your-event-bucket
      events:
      - s3:ObjectCreated:*

You can also supply a custom settings file at any time with the -s argument, ex:

$ zappa deploy dev -s my-custom-settings.yml

Similarly, you can supply a zappa_settings.toml file:

[dev]
  app_function = "your_module.your_app"
  s3_bucket = "your-code-bucket"

Advanced Usage

Keeping The Server Warm

Zappa will automatically set up a regularly occurring execution of your application in order to keep the Lambda function warm. This can be disabled via the keep_warm setting.

Serving Static Files / Binary Uploads

Zappa is now able to serve and receive binary files, as detected by their MIME-type.

However, generally Zappa is designed for running your application code, not for serving static web assets. If you plan on serving custom static assets in your web application (CSS/JavaScript/images/etc.,), you'll likely want to use a combination of AWS S3 and AWS CloudFront.

Your web application framework will likely be able to handle this for you automatically. For Flask, there is Flask-S3, and for Django, there is Django-Storages.

Similarly, you may want to design your application so that static binary uploads go directly to S3, which then triggers an event response defined in your events setting! That's thinking serverlessly!

Enabling CORS

The simplest way to enable CORS (Cross-Origin Resource Sharing) for your Zappa application is to set cors to true in your Zappa settings file and update, which is the equivalent of pushing the "Enable CORS" button in the AWS API Gateway console. This is disabled by default, but you may wish to enable it for APIs which are accessed from other domains, etc.

You can also simply handle CORS directly in your application. Your web framework will probably have an extension to do this, such as django-cors-headers or Flask-CORS. Using these will make your code more portable.

Large Projects

AWS currently limits Lambda zip sizes to 50 megabytes. If your project is larger than that, set slim_handler: true in your zappa_settings.json. In this case, your fat application package will be replaced with a small handler-only package. The handler file then pulls the rest of the large project down from S3 at run time! The initial load of the large project may add to startup overhead, but the difference should be minimal on a warm lambda function. Note that this will also eat into the storage space of your application function. Note that AWS currently limits the /tmp directory storage to 512 MB, so your project must still be smaller than that.

Enabling Bash Completion

Bash completion can be enabled by adding the following to your .bashrc:

  eval "$(register-python-argcomplete zappa)"

register-python-argcomplete is provided by the argcomplete Python package. If this package was installed in a virtualenv then the command must be run there. Alternatively you can execute:

activate-global-python-argcomplete --dest=- > file

The file's contents should then be sourced in e.g. ~/.bashrc.

Enabling Secure Endpoints on API Gateway

API Key

You can use the api_key_required setting to generate an API key to all the routes of your API Gateway. The process is as follows:

  1. Deploy/redeploy (update won't work) and write down the id for the key that has been created
  2. Go to AWS console > Amazon API Gateway and
    • select "API Keys" and find the key value (for example key_value)
    • select "Usage Plans", create a new usage plan and link the API Key and the API that Zappa has created for you
  3. Send a request where you pass the key value as a header called x-api-key to access the restricted endpoints (for example with curl: curl --header "x-api-key: key_value"). Note that without the x-api-key header, you will receive a 403.

IAM Policy

You can enable IAM-based (v4 signing) authorization on an API by setting the iam_authorization setting to true. Your API will then require signed requests and access can be controlled via IAM policy. Unsigned requests will receive a 403 response, as will requesters who are not authorized to access the API. Enabling this will override the Authorizer configuration (see below).

API Gateway Lambda Authorizers

If you deploy an API endpoint with Zappa, you can take advantage of API Gateway Lambda Authorizers to implement a token-based authentication - all you need to do is to provide a function to create the required output, Zappa takes care of the rest. A good start for the function is the AWS Labs blueprint example.

If you are wondering for what you would use an Authorizer, here are some potential use cases:

  1. Call out to OAuth provider
  2. Decode a JWT token inline
  3. Lookup in a self-managed DB (for example DynamoDB)

Zappa can be configured to call a function inside your code to do the authorization, or to call some other existing lambda function (which lets you share the authorizer between multiple lambdas). You control the behavior by specifying either the arn or function_name values in the authorizer settings block.

For example, to get the Cognito identity, add this to a zappa_settings.yaml:

  context_header_mappings:
    user_id: authorizer.user_id

Which can now be accessed in Flask like this:

from flask import request

@route('/hello')
def hello_world:
   print(request.headers.get('user_id'))

Cognito User Pool Authorizer

You can also use AWS Cognito User Pool Authorizer by adding:

{
    "authorizer": {
        "type": "COGNITO_USER_POOLS",
        "provider_arns": [
            "arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}"
        ]
    }
}

API Gateway Resource Policy

You can also use API Gateway Resource Policies. Example of IP Whitelisting:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "execute-api:Invoke",
            "Resource": "execute-api:/*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": [
                        "1.2.3.4/32"
                    ]
                }
            }
        }
    ]
}

Setting Environment Variables

Local Environment Variables

If you want to set local environment variables for a deployment stage, you can simply set them in your zappa_settings.json:

{
    "dev": {
        ...
        "environment_variables": {
            "your_key": "your_value"
        }
    },
    ...
}

You can then access these inside your application with:

import os
your_value = os.environ.get('your_key')

If your project needs to be aware of the type of environment you're deployed to, you'll also be able to get SERVERTYPE (AWS Lambda), FRAMEWORK (Zappa), PROJECT (your project name) and STAGE (dev, production, etc.) variables at any time.

Remote AWS Environment Variables

If you want to use native AWS Lambda environment variables you can use the aws_environment_variables configuration setting. These are useful as you can easily change them via the AWS Lambda console or cli at runtime. They are also useful for storing sensitive credentials and to take advantage of KMS encryption of environment variables.

During development, you can add your Zappa defined variables to your locally running app by, for example, using the below (for Django, to manage.py).

if 'SERVERTYPE' in os.environ and os.environ['SERVERTYPE'] == 'AWS Lambda':
    import json
    import os
    json_data = open('zappa_settings.json')
    env_vars = json.load(json_data)['dev']['environment_variables']
    for key, val in env_vars.items():
        os.environ[key] = val

Remote Environment Variables

Any environment variables that you have set outside of Zappa (via AWS Lambda console or cli) will remain as they are when running update, unless they are also in aws_environment_variables, in which case the remote value will be overwritten by the one in the settings file. If you are using KMS-encrypted AWS environment variables, you can set your KMS Key ARN in the aws_kms_key_arn setting. Make sure that the values you set are encrypted in such case.

Note: if you rely on these as well as environment_variables, and you have the same key names, then those in environment_variables will take precedence as they are injected in the lambda handler.

Remote Environment Variables (via an S3 file)

S3 remote environment variables were added to Zappa before AWS introduced native environment variables for Lambda (via the console and cli). Before going down this route check if above make more sense for your usecase.

If you want to use remote environment variables to configure your application (which is especially useful for things like sensitive credentials), you can create a file and place it in an S3 bucket to which your Zappa application has access. To do this, add the remote_env key to zappa_settings pointing to a file containing a flat JSON object, so that each key-value pair on the object will be set as an environment variable and value whenever a new lambda instance spins up.

For example, to ensure your application has access to the database credentials without storing them in your version control, you can add a file to S3 with the connection string and load it into the lambda environment using the remote_env configuration setting.

super-secret-config.json (uploaded to my-config-bucket):

{
    "DB_CONNECTION_STRING": "super-secret:database"
}

zappa_settings.json:

{
    "dev": {
        ...
        "remote_env": "s3://my-config-bucket/super-secret-config.json",
    },
    ...
}

Now in your application you can use:

import os
db_string = os.environ.get('DB_CONNECTION_STRING')

API Gateway Context Variables

If you want to map an API Gateway context variable (http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html) to an HTTP header you can set up the mapping in zappa_settings.json:

{
    "dev": {
        ...
        "context_header_mappings": {
            "HTTP_header_name": "API_Gateway_context_variable"
        }
    },
    ...
}

For example, if you want to expose the $context.identity.cognitoIdentityId variable as the HTTP header CognitoIdentityId, and $context.stage as APIStage, you would have:

{
    "dev": {
        ...
        "context_header_mappings": {
            "CognitoIdentityId": "identity.cognitoIdentityId",
            "APIStage": "stage"
        }
    },
    ...
}

Catching Unhandled Exceptions

By default, if an unhandled exception happens in your code, Zappa will just print the stacktrace into a CloudWatch log. If you wish to use an external reporting tool to take note of those exceptions, you can use the exception_handler configuration option.

zappa_settings.json:

{
    "dev": {
        ...
        "exception_handler": "your_module.unhandled_exceptions",
    },
    ...
}

The function has to accept three arguments: exception, event, and context:

your_module.py

def unhandled_exceptions(e, event, context):
    send_to_raygun(e, event)  # gather data you need and send
    return True # Prevent invocation retry

You may still need a similar exception handler inside your application, this is just a way to catch exception which happen at the Zappa/WSGI layer (typically event-based invocations, misconfigured settings, bad Lambda packages, and permissions issues).

By default, AWS Lambda will attempt to retry an event based (non-API Gateway, e.g. CloudWatch) invocation if an exception has been thrown. However, you can prevent this by returning True, as in example above, so Zappa that will not re-raise the uncaught exception, thus preventing AWS Lambda from retrying the current invocation.

Using Custom AWS IAM Roles and Policies

Custom AWS IAM Roles and Policies for Deployment

You can specify which local profile to use for deploying your Zappa application by defining the profile_name setting, which will correspond to a profile in your AWS credentials file.

Custom AWS IAM Roles and Policies for Execution

The default IAM policy created by Zappa for executing the Lambda is very permissive. It grants access to all actions for all resources for types CloudWatch, S3, Kinesis, SNS, SQS, DynamoDB, and Route53; lambda:InvokeFunction for all Lambda resources; Put to all X-Ray resources; and all Network Interface operations to all EC2 resources. While this allows most Lambdas to work correctly with no extra permissions, it is generally not an acceptable set of permissions for most continuous integration pipelines or production deployments. Instead, you will probably want to manually manage your IAM policies.

To manually define the policy of your Lambda execution role, you must set manage_roles to false and define either the role_name or role_arn in your Zappa settings file.

- -ZappaExecutionRole. "role_arn": "arn:aws:iam::12345:role/app-ZappaLambdaExecutionRole", // ARN of your Zappa execution role. Optional. ... }, ... } ">
{
    "dev": {
        ...
        "manage_roles": false, // Disable Zappa client managing roles.
        "role_name": "MyLambdaRole", // Name of your Zappa execution role. Optional, default: 
    
     -
     
      -ZappaExecutionRole.
     
    
        "role_arn": "arn:aws:iam::12345:role/app-ZappaLambdaExecutionRole", // ARN of your Zappa execution role. Optional.
        ...
    },
    ...
}

Ongoing discussion about the minimum policy requirements necessary for a Zappa deployment can be found here. A more robust solution to managing these entitlements will likely be implemented soon.

To add permissions to the default Zappa execution policy, use the extra_permissions setting:

{
    "dev": {
        ...
        "extra_permissions": [{ // Attach any extra permissions to this policy.
            "Effect": "Allow",
            "Action": ["rekognition:*"], // AWS Service ARN
            "Resource": "*"
        }]
    },
    ...
}

AWS X-Ray

Zappa can enable AWS X-Ray support on your function with a configuration setting:

{
    "dev": {
        ...
        "xray_tracing": true
    },
    ...
}

This will enable it on the Lambda function and allow you to instrument your code with X-Ray. For example, with Flask:

from aws_xray_sdk.core import xray_recorder

app = Flask(__name__)

xray_recorder.configure(service='my_app_name')

@route('/hello')
@xray_recorder.capture('hello')
def hello_world:
    return 'Hello'

You may use the capture decorator to create subsegments around functions, or xray_recorder.begin_subsegment('subsegment_name') and xray_recorder.end_subsegment() within a function. The official X-Ray documentation for Python has more information on how to use this with your code.

Note that you may create subsegments in your code but an exception will be raised if you try to create a segment, as it is created by the lambda worker. This also means that if you use Flask you must not use the XRayMiddleware the documentation suggests.

Globally Available Server-less Architectures

Global Zappa Slides

Click to see slides from ServerlessConf London!

During the init process, you will be given the option to deploy your application "globally." This will allow you to deploy your application to all available AWS regions simultaneously in order to provide a consistent global speed, increased redundancy, data isolation, and legal compliance. You can also choose to deploy only to "primary" locations, the AWS regions with -1 in their names.

To learn more about these capabilities, see these slides from ServerlessConf London.

Raising AWS Service Limits

Out of the box, AWS sets a limit of 1000 concurrent executions for your functions. If you start to breach these limits, you may start to see errors like ClientError: An error occurred (LimitExceededException) when calling the PutTargets.." or something similar.

To avoid this, you can file a service ticket with Amazon to raise your limits up to the many tens of thousands of concurrent executions which you may need. This is a fairly common practice with Amazon, designed to prevent you from accidentally creating extremely expensive bug reports. So, before raising your service limits, make sure that you don't have any rogue scripts which could accidentally create tens of thousands of parallel executions that you don't want to pay for.

Dead Letter Queues

If you want to utilise AWS Lambda's Dead Letter Queue feature simply add the key dead_letter_arn, with the value being the complete ARN to the corresponding SNS topic or SQS queue in your zappa_settings.json.

You must have already created the corresponding SNS/SQS topic/queue, and the Lambda function execution role must have been provisioned with read/publish/sendMessage access to the DLQ resource.

Unique Package ID

For monitoring of different deployments, a unique UUID for each package is available in package_info.json in the root directory of your application's package. You can use this information or a hash of this file for such things as tracking errors across different deployments, monitoring status of deployments and other such things on services such as Sentry and New Relic. The package will contain:

{
  "build_platform": "darwin",
  "build_user": "frank",
  "build_time": "1509732511",
  "uuid": "9c2df9e6-30f4-4c0a-ac4d-4ecb51831a74"
}

Application Load Balancer Event Source

Zappa can be used to handle events triggered by Application Load Balancers (ALB). This can be useful in a few circumstances:

  • Since API Gateway has a hard limit of 30 seconds before timing out, you can use an ALB for longer running requests.
  • API Gateway is billed per-request; therefore, costs can become excessive with high throughput services. ALBs pricing model makes much more sense financially if you're expecting a lot of traffic to your Lambda.
  • ALBs can be placed within a VPC, which may make more sense for private endpoints than using API Gateway's private model (using AWS PrivateLink).

Like API Gateway, Zappa can automatically provision ALB resources for you. You'll need to add the following to your zappa_settings:

"alb_enabled": true,
"alb_vpc_config": {
    "CertificateArn": "arn:aws:acm:us-east-1:[your-account-id]:certificate/[certificate-id]",
    "SubnetIds": [
        // Here, you'll want to provide a list of subnets for your ALB, eg. 'subnet-02a58266'
    ],
    "SecurityGroupIds": [
        // And here, a list of security group IDs, eg. 'sg-fbacb791'
    ]
}

More information on using ALB as an event source for Lambda can be found here.

An important note: right now, Zappa will provision ONE lambda to ONE load balancer, which means using base_path along with ALB configuration is currently unsupported.

Endpoint Configuration

API Gateway can be configured to be only accessible in a VPC. To enable this; configure your VPC to support then set the endpoint_configuration to PRIVATE and set up Resource Policy on the API Gateway. A note about this; if you're using a private endpoint, Zappa won't be able to tell if the API is returning a successful status code upon deploy or update, so you'll have to check it manually to ensure your setup is working properly.

For full list of options for endpoint configuration refer to API Gateway EndpointConfiguration documentation

Example Private API Gateway configuration

zappa_settings.json:

{
    "dev": {
        ...
        "endpoint_configuration": ["PRIVATE"],
        "apigateway_policy": "apigateway_resource_policy.json",
        ...
    },
    ...
}

apigateway_resource_policy.json:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Principal": "*",
            "Action": "execute-api:Invoke",
            "Resource": "execute-api:/*",
            "Condition": {
                "StringNotEquals": {
                    "aws:sourceVpc": "{{vpcID}}" // UPDATE ME
                }
            }
        },
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "execute-api:Invoke",
            "Resource": "execute-api:/*"
        }
    ]
}

Zappa Guides

Zappa in the Press

Sites Using Zappa

Are you using Zappa? Let us know and we'll list your site here!

Related Projects

  • Mackenzie - AWS Lambda Infection Toolkit
  • NoDB - A simple, server-less, Pythonic object store based on S3.
  • zappa-cms - A tiny server-less CMS for busy hackers. Work in progress.
  • zappa-django-utils - Utility commands to help Django deployments.
  • flask-ask - A framework for building Amazon Alexa applications. Uses Zappa for deployments.
  • zappa-file-widget - A Django plugin for supporting binary file uploads in Django on Zappa.
  • zops - Utilities for teams and continuous integrations using Zappa.
  • cookiecutter-mobile-backend - A cookiecutter Django project with Zappa and S3 uploads support.
  • zappa-examples - Flask, Django, image uploads, and more!
  • zappa-hug-example - Example of a Hug application using Zappa.
  • Zappa Docker Image - A Docker image for running Zappa locally, based on Lambda Docker.
  • zappa-dashing - Monitor your AWS environment (health/metrics) with Zappa and CloudWatch.
  • s3env - Manipulate a remote Zappa environment variable key/value JSON object file in an S3 bucket through the CLI.
  • zappa_resize_image_on_fly - Resize images on the fly using Flask, Zappa, Pillow, and OpenCV-python.
  • zappa-ffmpeg - Run ffmpeg inside a lambda for serverless transformations.
  • gdrive-lambda - pass json data to a csv file for end users who use Gdrive across the organization.
  • travis-build-repeat - Repeat TravisCI builds to avoid stale test results.
  • wunderskill-alexa-skill - An Alexa skill for adding to a Wunderlist.
  • xrayvision - Utilities and wrappers for using AWS X-Ray with Zappa.
  • terraform-aws-zappa - Terraform modules for creating a VPC, RDS instance, ElastiCache Redis and CloudFront Distribution for use with Zappa.
  • zappa-sentry - Integration with Zappa and Sentry
  • IOpipe - Monitor, profile and analyze your Zappa apps.

Hacks

Zappa goes quite far beyond what Lambda and API Gateway were ever intended to handle. As a result, there are quite a few hacks in here that allow it to work. Some of those include, but aren't limited to..

  • Using VTL to map body, headers, method, params and query strings into JSON, and then turning that into valid WSGI.
  • Attaching response codes to response bodies, Base64 encoding the whole thing, using that as a regex to route the response code, decoding the body in VTL, and mapping the response body to that.
  • Packing and Base58 encoding multiple cookies into a single cookie because we can only map one kind.
  • Forcing the case permutations of "Set-Cookie" in order to return multiple headers at the same time.
  • Turning cookie-setting 301/302 responses into 200 responses with HTML redirects, because we have no way to set headers on redirects.

Contributing

This project is still young, so there is still plenty to be done. Contributions are more than welcome!

Please file tickets for discussion before submitting patches. Pull requests should target master and should leave Zappa in a "shippable" state if merged.

If you are adding a non-trivial amount of new code, please include a functioning test in your PR. For AWS calls, we use the placebo library, which you can learn to use in their README. The test suite will be run by Travis CI once you open a pull request.

Please include the GitHub issue or pull request URL that has discussion related to your changes as a comment in the code (example). This greatly helps for project maintainability, as it allows us to trace back use cases and explain decision making. Similarly, please make sure that you meet all of the requirements listed in the pull request template.

Please feel free to work on any open ticket, especially any ticket marked with the "help-wanted" label. If you get stuck or want to discuss an issue further, please join our Slack channel, where you'll find a community of smart and interesting people working dilligently on hard problems.

Zappa does not intend to conform to PEP8, isolate your commits so that changes to functionality with changes made by your linter.

Using a Local Repo

To use the git HEAD, you probably can't use pip install -e . Instead, you should clone the repo to your machine and then pip install /path/to/zappa/repo or ln -s /path/to/zappa/repo/zappa zappa in your local project.

Patrons

If you or your company uses Zappa, please consider giving what you can to support the ongoing development of the project!

You can become a patron by visiting our Patreon page.

Zappa is currently supported by these awesome individuals and companies:

  • Nathan Lawrence
  • LaunchLab
  • Sean Paley
  • Theo Chitayat
  • George Sibble
  • Joe Weiss
  • Nik Bora
  • Zerong Toby Wang
  • Gareth E
  • Matt Jackson
  • Sean Coates
  • Alexander Loschilov
  • Korey Peters
  • Joe Weiss
  • Kimmo Parvianen-Jalanko
  • Patrick Agin
  • Roberto Martinez
  • Charles Dimino
  • Doug Beney
  • Dan "The Man" Gayle
  • Juancito
  • Will Childs-Klein
  • Efi Merdler Kravitz
  • Philippe Trounev

Thank you very, very much!

Support / Development / Training / Consulting

Do you need help with..

  • Porting existing Flask and Django applications to Zappa?
  • Building new applications and services that scale infinitely?
  • Reducing your operations and hosting costs?
  • Adding new custom features into Zappa?
  • Training your team to use AWS and other server-less paradigms?

Good news! We're currently available for remote and on-site consulting for small, large and enterprise teams. Please contact [email protected] with your needs and let's work together!


Made by Gun.io

Comments
  • Updating a deployment fails at update_lambda_configuration

    Updating a deployment fails at update_lambda_configuration

    Updating a deployment fails at update_lambda_configuration due to a KeyError

    Context

    I've had no problems updating this deployment until today. Python version is 3.8.10.

    Expected Behavior

    Zappa should complete the update of the deployment successfully.

    Actual Behavior

    Zappa fails with the following output:

    $ zappa update prod
    Calling update for stage prod..
    Downloading and installing dependencies..
     - pyyaml==5.4.1: Downloading
    100%|███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 662k/662k [00:00<00:00, 6.57MB/s]
    Packaging project as zip.
    Uploading tellya2-prod-1631583880.zip (21.9MiB)..
    100%|█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 23.0M/23.0M [00:04<00:00, 4.86MB/s]
    Updating Lambda function code..
    Updating Lambda function configuration..
    Oh no! An error occurred! :(
    
    ==============
    
    Traceback (most recent call last):
      File "/Users/mark/.virtualenvs/tellya2_project/lib/python3.8/site-packages/zappa/cli.py", line 3422, in handle
        sys.exit(cli.handle())
      File "/Users/mark/.virtualenvs/tellya2_project/lib/python3.8/site-packages/zappa/cli.py", line 588, in handle
        self.dispatch_command(self.command, stage)
      File "/Users/mark/.virtualenvs/tellya2_project/lib/python3.8/site-packages/zappa/cli.py", line 641, in dispatch_command
        self.update(
      File "/Users/mark/.virtualenvs/tellya2_project/lib/python3.8/site-packages/zappa/cli.py", line 1165, in update
        self.lambda_arn = self.zappa.update_lambda_configuration(
      File "/Users/mark/.virtualenvs/tellya2_project/lib/python3.8/site-packages/zappa/core.py", line 1395, in update_lambda_configuration
        if lambda_aws_config["PackageType"] != "Image":
    KeyError: 'PackageType'
    
    ==============
    
    Need help? Found a bug? Let us know! :D
    File bug reports on GitHub here: https://github.com/Zappa/Zappa
    And join our Slack channel here: https://zappateam.slack.com
    Love!,
     ~ Team Zappa!
    

    Possible Fix

    None that I'm aware of.

    Steps to Reproduce

    Unfortunately this is a private code repository so I cannot provide any links.

    Your Environment

    • Zappa version used: 0.53.0
    • Operating System and Python version: MacOS 11.5.1 - Python 3.8.10
    • The output of pip freeze: argcomplete==1.12.3 asgiref==3.3.4 boto3==1.17.97 botocore==1.20.97 certifi==2021.5.30 cfn-flip==1.2.3 chardet==4.0.0 click==8.0.1 Django==3.2.4 django-appconf==1.0.4 django-compressor @ git+https://github.com/django-compressor/[email protected] django-formtools==2.3 django-libsass==0.9 django-otp==1.0.6 django-phonenumber-field==5.2.0 django-storages==1.11.1 django-tenants==3.3.1 django-two-factor-auth==1.13.1 durationpy==0.5 future==0.18.2 hjson==3.0.2 idna==2.10 jmespath==0.10.0 kappa==0.6.0 libsass==0.21.0 pbr==5.6.0 pep517==0.10.0 phonenumbers==8.12.25 pip-tools==6.1.0 placebo==0.9.0 psycopg2==2.9.1 psycopg2-binary==2.9.1 PyJWT==1.7.1 python-dateutil==2.8.1 python-slugify==5.0.2 pytz==2021.1 PyYAML==5.4.1 qrcode==6.1 rcssmin==1.0.6 requests==2.25.1 rjsmin==1.1.0 s3transfer==0.4.2 six==1.15.0 sqlparse==0.4.1 stevedore==3.3.0 text-unidecode==1.3 toml==0.10.2 tqdm==4.61.1 troposphere==2.7.0 twilio==6.61.0 urllib3==1.26.5 Werkzeug==0.16.1 wsgi-request-logger==0.4.6 zappa==0.53.0 zappa-django-utils==0.4.1
    • Your zappa_settings.json:
    {
        "dev": {
            "aws_region": "ap-northeast-1",
            "django_settings": "config.settings.dev",
            "profile_name": "default",
            "project_name": "tellya2",
            "runtime": "python3.8",
            "s3_bucket": "tellya2-dev",
            "keep_warm": false,
            "vpc_config": {
                "SubnetIds": ["subnet-085938da970945e07"],
                "SecurityGroupIds": ["sg-0353477a152c17539"]
            },
            "layers": ["arn:aws:lambda:ap-northeast-1:898466741470:layer:psycopg2-py38:1"],
            "delete_local_zip": true,
            "exclude": ["static", "psycopg2", "*.pyc", "pip", "pip-tools", "setuptools", "*.dist-info", "*.so"],
            "events": [{
                "function": "tellya2.lambda_functions.check_messages", 
                "expression": "rate(1 minute)"
            }]
        },
        "prod": {
            "aws_region": "ap-northeast-1",
            "django_settings": "config.settings.prod",
            "profile_name": "default",
            "project_name": "tellya2",
            "runtime": "python3.8",
            "s3_bucket": "tellya2-prod",
            "keep_warm": true,
            "vpc_config": {
                "SubnetIds": ["subnet-0042d4fa27f9253ae", "subnet-0768c029b7e2d32c3"],
                "SecurityGroupIds": ["sg-446b8d00"]
            },
            "layers": ["arn:aws:lambda:ap-northeast-1:898466741470:layer:psycopg2-py38:1"],
            "delete_local_zip": true,
            "exclude": ["static", "psycopg2", "pip*", "pip-tools*", "setuptools", "*.pyc", "*.dist-info", "*.so"],
            "events": [{
                "function": "tellya2.lambda_functions.check_messages", 
                "expression": "rate(1 minute)"
            }],
            "certificate_arn": "arn:aws:acm:us-east-1:214849182730:certificate/19237cc2-0571-4045-bc10-face4e581f3d",
            "domain": "[redacted]"
        }
    }
    
    opened by mdunc 25
  • werkzeug dependency version conflict for zappa and flask

    werkzeug dependency version conflict for zappa and flask

    Context

    I use pyenv and pipenv to manage the python version and virtualenv for my project. I have zappa installed successfully, but an attempt to update to the latest packages via pipenv update fails due to a dependency error. The relevant context from the dependency resolver is:

    There are incompatible versions in the resolved dependencies: werkzeug<1.0 (from zappa==0.52.0->-r /tmp/pipenv61nng6jnrequirements/pipenv-oxt4aw92-constraints.txt (line 4)) werkzeug>=2.0 (from flask==2.0.1->flask-cors==3.0.10->-r /tmp/pipenv61nng6jnrequirements/pipenv-oxt4aw92-constraints.txt (line 2)) I think this is because flask 2.x was recently released, and it naturally is requiring werkzeug 2.0 or greater. I saw there is an old issue #818 from back in 2020 where zappa pinned the wekzeug dependency to less than 1.0, but it's not clear (to me) where the import error from the original issue was happening.

    If it was in Flask, would it make sense to test this again now that new major versions of Flask and werkzeug have been released? If it was in zappa, I can't seem to find the code that references "secure_filename" in the original issue. However, it looks like the function has just been relocated so the following would work:

    from werkzeug.utils import secure_filename

    Expected Behavior

    I expected that the dependencies should be resolvable. I suppose that if the dependency resolver was clever enough, it would determine that no update was possible and just let me know everything was as up-to-date as possible, but I'm wondering if the old werkzeug constraint is actually valid.

    Actual Behavior

    Dependency resolution failed because the main project is pinned to an old version of wekzeug but the newer Flask dependency requires a newer werkzeug.

    Possible Fix

    One idea would be to simply require a version of Flask < 2.0. I don't really like this, as I'd think Zappa should probably be tracking Flask improvements. Another idea would be to test whether allowing newer Flask and wekzeug dependencies will now actually work together.

    Steps to Reproduce

    [email protected]:~/temp/zappa-dev$ cat Pipfile 
    [[source]]
    name = "pypi"
    url = "https://pypi.org/simple"
    verify_ssl = true
    
    [dev-packages]
    
    [packages]
    zappa = "*"
    flask-cors = "*"
    flask-talisman = "*"
    flask-seasurf = "*"
    
    [requires]
    python_version = "3.8"
    [email protected]:~/temp/zappa-dev$ pipenv install
    Creating a virtualenv for this project…
    Pipfile: /home/waldbiec/temp/zappa-dev/Pipfile
    Using /home/waldbiec/.pyenv/versions/3.8.6/bin/python3.8 (3.8.6) to create virtualenv…
    ⠹ Creating virtual environment...created virtual environment CPython3.8.6.final.0-64 in 108ms
      creator CPython3Posix(dest=/home/waldbiec/.virtualenvs/zappa-dev-830jh23n, clear=False, global=False)
      seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/home/waldbiec/.local/share/virtualenv)
        added seed packages: pip==21.0.1, setuptools==56.1.0, wheel==0.36.2
      activators BashActivator,CShellActivator,FishActivator,PowerShellActivator,PythonActivator,XonshActivator
    
    ✔ Successfully created virtual environment! 
    Virtualenv location: /home/waldbiec/.virtualenvs/zappa-dev-830jh23n
    Pipfile.lock not found, creating…
    Locking [dev-packages] dependencies…
    Locking [packages] dependencies…
    Building requirements...
    Resolving dependencies...
    ✘ Locking Failed! 
    [ResolutionFailure]:   File "/home/waldbiec/.local/lib/python3.6/site-packages/pipenv/resolver.py", line 785, in _main
    [ResolutionFailure]:       resolve_packages(pre, clear, verbose, system, write, requirements_dir, packages)
    [ResolutionFailure]:   File "/home/waldbiec/.local/lib/python3.6/site-packages/pipenv/resolver.py", line 746, in resolve_packages
    [ResolutionFailure]:       results, resolver = resolve(
    [ResolutionFailure]:   File "/home/waldbiec/.local/lib/python3.6/site-packages/pipenv/resolver.py", line 728, in resolve
    [ResolutionFailure]:       return resolve_deps(
    [ResolutionFailure]:   File "/home/waldbiec/.local/lib/python3.6/site-packages/pipenv/utils.py", line 1378, in resolve_deps
    [ResolutionFailure]:       results, hashes, markers_lookup, resolver, skipped = actually_resolve_deps(
    [ResolutionFailure]:   File "/home/waldbiec/.local/lib/python3.6/site-packages/pipenv/utils.py", line 1093, in actually_resolve_deps
    [ResolutionFailure]:       resolver.resolve()
    [ResolutionFailure]:   File "/home/waldbiec/.local/lib/python3.6/site-packages/pipenv/utils.py", line 818, in resolve
    [ResolutionFailure]:       raise ResolutionFailure(message=str(e))
    [pipenv.exceptions.ResolutionFailure]: Warning: Your dependencies could not be resolved. You likely have a mismatch in your sub-dependencies.
      First try clearing your dependency cache with $ pipenv lock --clear, then try the original command again.
     Alternatively, you can use $ pipenv install --skip-lock to bypass this mechanism, then run $ pipenv graph to inspect the situation.
      Hint: try $ pipenv lock --pre if it is a pre-release dependency.
    ERROR: Could not find a version that matches werkzeug<1.0,>=2.0 (from zappa==0.52.0->-r /tmp/pipenv4_gls8o7requirements/pipenv-ioee6zwm-constraints.txt (line 4))
    Tried: 0.1, 0.2, 0.3, 0.3.1, 0.4, 0.4.1, 0.5, 0.5.1, 0.6, 0.6.1, 0.6.2, 0.7, 0.7.1, 0.7.2, 0.8, 0.8.1, 0.8.2, 0.8.3, 0.9, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.10, 0.10.1, 0.10.2, 0.10.2, 0.10.4, 0.10.4, 0.11, 0.11, 0.11.1, 0.11.1, 0.11.2, 0.11.2, 0.11.3, 0.11.3, 0.11.4, 0.11.4, 0.11.5, 0.11.5, 0.11.6, 0.11.6, 0.11.7, 0.11.7, 0.11.8, 0.11.8, 0.11.9, 0.11.9, 0.11.10, 0.11.10, 0.11.11, 0.11.11, 0.11.12, 0.11.12, 0.11.13, 0.11.13, 0.11.14, 0.11.14, 0.11.15, 0.11.15, 0.12, 0.12, 0.12.1, 0.12.1, 0.12.2, 0.12.2, 0.13, 0.13, 0.14, 0.14, 0.14.1, 0.14.1, 0.15.0, 0.15.0, 0.15.1, 0.15.1, 0.15.2, 0.15.2, 0.15.3, 0.15.3, 0.15.4, 0.15.4, 0.15.5, 0.15.5, 0.15.6, 0.15.6, 0.16.0, 0.16.0, 0.16.1, 0.16.1, 1.0.0, 1.0.0, 1.0.1, 1.0.1, 2.0.0, 2.0.0, 2.0.1, 2.0.1
    Skipped pre-versions: 1.0.0rc1, 1.0.0rc1, 2.0.0rc1, 2.0.0rc1, 2.0.0rc2, 2.0.0rc2, 2.0.0rc3, 2.0.0rc3, 2.0.0rc4, 2.0.0rc4, 2.0.0rc5, 2.0.0rc5
    There are incompatible versions in the resolved dependencies:
      werkzeug<1.0 (from zappa==0.52.0->-r /tmp/pipenv4_gls8o7requirements/pipenv-ioee6zwm-constraints.txt (line 4))
      werkzeug>=2.0 (from flask==2.0.1->flask-cors==3.0.10->-r /tmp/pipenv4_gls8o7requirements/pipenv-ioee6zwm-constraints.txt (line 3))
    
    
    

    Your Environment

    • Zappa version used: zappa==0.52.0
    • Operating System and Python version: Ubuntu Linux 18.04 / Python 3.8.6
    • The output of pip freeze: No packages installed
    • Link to your project (optional): N/A
    • Your zappa_settings.json: N/A
    opened by cwaldbieser 25
  • AttributeError: 'Template' object has no attribute 'add_description'

    AttributeError: 'Template' object has no attribute 'add_description'

    Error deploy

    self.cf_template.add_description("Automatically generated with Zappa") AttributeError: 'Template' object has no attribute 'add_description'

    opened by MayaraMacielMatos 23
  • Coldstart can be drastically reduced by calling LambdaHandler externally

    Coldstart can be drastically reduced by calling LambdaHandler externally

    Description

    Coldstart can be drastically reduced by calling LambdaHandler externally.

    Before

    image image

    After

    image image image

    GitHub Issues

    https://github.com/Miserlou/Zappa/issues/1974 https://github.com/zappa/Zappa/issues/810

    opened by xncbf 20
  • Community Fork Time!

    Community Fork Time!

    Context

    It's been 4 months since this has seen any activity from a maintainer AFAIK, and I have multiple projects that depend on this.

    I don't know about other users, but I think I'm getting to the point where I'd rather we made a community fork than just wait for the docs to come up again/some of the issues be resolved.

    I say we, as I've never run an open source project and frankly don't have a clue what I'd be doing with it, but I can probably make some time to help out.

    Expected Behavior

    The project should be maintained, docs should be available some communication between users and maintainers would also be good. AFAIK The slack is down, the blog is down and the project is increasingly "rotting on the vine".

    Actual Behavior

    It's been dead since for ~ 4 months.

    Possible Fix

    Members of the community make a fork - organise and get to work.

    (I assume this is what you wanted? @jneves )

    opened by MerreM 20
  • Lambda update fails with ResourceConflictException

    Lambda update fails with ResourceConflictException

    Context

    Since today the zappa update method fails with the following error:

    Downloading and installing dependencies..
    Packaging project as zip.
    Uploading ***********-1631808391.tar.gz (50.2MiB)..
    100% 52.6M/52.6M [00:00<00:00, 101MB/s] 
    Uploading handler_***********-1631808473.zip (14.5MiB)..
    100% 15.2M/15.2M [00:00<00:00, 43.1MB/s]
    Updating Lambda function code..
    Updating Lambda function configuration..
    Oh no! An error occurred! :(
    
    ==============
    
    Traceback (most recent call last):
      File "/root/repo/venv/lib/python3.6/site-packages/zappa/cli.py", line 2785, in handle
        sys.exit(cli.handle())
      File "/root/repo/venv/lib/python3.6/site-packages/zappa/cli.py", line 510, in handle
        self.dispatch_command(self.command, stage)
      File "/root/repo/venv/lib/python3.6/site-packages/zappa/cli.py", line 557, in dispatch_command
        self.update(self.vargs['zip'], self.vargs['no_upload'])
      File "/root/repo/venv/lib/python3.6/site-packages/zappa/cli.py", line 975, in update
        aws_kms_key_arn=self.aws_kms_key_arn,
      File "/root/repo/venv/lib/python3.6/site-packages/zappa/core.py", line 1203, in update_lambda_configuration
        'Mode': 'Active' if self.xray_tracing else 'PassThrough'
      File "/root/repo/venv/lib/python3.6/site-packages/botocore/client.py", line 386, in _api_call
        return self._make_api_call(operation_name, kwargs)
      File "/root/repo/venv/lib/python3.6/site-packages/botocore/client.py", line 705, in _make_api_call
        raise error_class(parsed_response, operation_name)
    botocore.errorfactory.ResourceConflictException: An error occurred (ResourceConflictException) when calling the UpdateFunctionConfiguration operation: The operation cannot be performed at this time. An update is in progress for resource: arn:aws:lambda:us-east-********:function:***********
    
    ==============
    

    It seems like lambda introduced function states and the state needs to be checked during deployment. https://forums.aws.amazon.com/thread.jspa?messageID=995846&#995846

    In the error above this means that the state needs to be checked after Updating Lambda function code and before Updating Lambda function configuration

    Is there already a fix for this issue?

    opened by illing2005 18
  • remove library that aws lambda cannot find

    remove library that aws lambda cannot find

    Description

    I do not see why this hardcoded library is necessary in the source code. If someone wants to include it they can add it to include: []. We ran into this issue when updating from an old version of Zappa that did not have this hardcoded reference. We are also using MySQL. Happy to discuss alternatives, this just seemed the most straightforward solution. Thanks!

    GitHub Issues

    https://github.com/zappa/Zappa/issues/940

    opened by jottenlips 15
  • DEPRECATED ???

    DEPRECATED ???

    Just saw that the project got marked as deprecated :cry:

    Are there any plans to find new maintainers or move the project to an organization like jazzband?

    opened by illing2005 15
  • Update BINARY_SUPPORT to use Content-Encoding to identify if data is binary

    Update BINARY_SUPPORT to use Content-Encoding to identify if data is binary

    Description

    This PR re-implements the same functional change that was shown in a PR from the pre-fork Miserlou/zappa repository.

    The change in that PR didn't make it into the Zappa 52 release from what I can tell. My company has been using that PR's code (in combination with the flask_compress library) for a couple weeks without issue so I'm opening this PR that copies that code.

    Additional tests are added for coverage. I'm not confident that the test organization that I used is correct or idiomatic for this codebase -- please critique and I'll change if wanted!

    GitHub Issues

    #908

    Checklist I found in the contributors documentation:

    Before you submit this PR, please make sure that you meet these criteria:

    • Did you read the contributing guide?

      • Yes.
    • If this is a non-trivial commit, did you open a ticket for discussion?

    • Did you put the URL for that ticket in a comment in the code?

      • Yes.
    • If you made a new function, did you write a good docstring for it?

      • NA.
    • Did you avoid putting "_" in front of your new function for no reason?

      • NA.
    • Did you write a test for your new code?

      • Yes.
    • Did the Travis build pass?

      • Yes.
    • Did you improve (or at least not significantly reduce) the amount of code test coverage?

      • Yes.
    • Did you make sure this code actually works on Lambda, as well as locally?

      • Yes. My company has been using these functional changes in a fairly standard lambda environment for a couple weeks.
    • Did you test this code with all of Python 3.6, Python 3.7 and Python 3.8 ?

    • Does this commit ONLY relate to the issue at hand and have your linter shit all over the code?

      • The changes introduced in the commits are not outside the scope of the issue.
    opened by Quidge 15
  • Update/deploy a lambda using a Docker container image

    Update/deploy a lambda using a Docker container image

    Migrated from https://github.com/Miserlou/Zappa/pull/2192

    Background

    As discussed in #2188, AWS recently announced container image support for AWS Lambda. This means you can now package and deploy lambda functions as container images, instead of using zip files. The container image based approach will solve a lot of headaches caused by the zip file approach, particularly with file sizes (container images can be up to 10GB) and the dependency issues we all know & love.

    What does this PR do?

    1. Make the zappa update and zappa deploy commands accept a new docker_image_uri parameter. docker_image_uri must point to an image in Elastic Container Registry (ECR) that complies with these guidelines. Instructions on how to configure this docker image will be provided in an accompanying blog post.
    2. Add a new save-python-settings-file CLI command, which will be used to generate & save the zappa_settings.py file that must be included in your docker image

    Reproducible example

    See this repo which contains an example Dockerfile that can be used for testing.

    Discussion points for reviewers

    • Test cases I added
    • Accompanying blog post we can point users to for a more in-depth explanation/overview
    • Any other key zappa workflows that should be updated and/or tested in conjunction with this? I've tested the zappa update,zappa deploy,zappa rollback` commands for both creating from a zip file (traditional method) and from a docker image (new method)
    • If you would like this PR to be a bit smaller, I can pull out some of the stuff (new save-python-settings-file command, wait until lambda is ready function, etc.) into separate PRs

    Future Work & Next Steps

    • Add functionality to zappa to create new docker images. We've lost some of the zappa magic since you can no longer do a "1-line create & deploy" with zappa deploy, you need to first create your own docker and then deploy.
    • Implement zappa rollback, see this comment for details
    opened by ian-whitestone 14
  • Error when deploying the app using zappa

    Error when deploying the app using zappa

    Error botocore.errorfactory.NotFoundException: An error occurred (NotFoundException) when calling the GetRestApi operation: Invalid API identifier specified 341536805644:qiozpnwvc3

    Context

    I have no idea it started to crash at the final steps, earlier I had no issues related with deploying, now it started to crash. I think maybe it's because I aborted the deploying process while it was uploading due to my weak internet connection (because I'm in a different country at the moment)

    I use venv and Python 3.9.

    Expected Behavior

    Deploy the app and give me the link to the API Gateway where I can do all the requests to my lambda function

    Actual Behavior

    It does deploy the function on AWS Lambda, but it doesn't work, it shows me this: Traceback (most recent call last): File "/Users/dumitrucucu/Desktop/clients/Adrian Nicolaev/app/fluency-py/venv/lib/python3.9/site-packages/zappa/cli.py", line 3033, in handle sys.exit(cli.handle()) File "/Users/dumitrucucu/Desktop/clients/Adrian Nicolaev/app/fluency-py/venv/lib/python3.9/site-packages/zappa/cli.py", line 517, in handle self.dispatch_command(self.command, stage) File "/Users/dumitrucucu/Desktop/clients/Adrian Nicolaev/app/fluency-py/venv/lib/python3.9/site-packages/zappa/cli.py", line 559, in dispatch_command self.deploy(self.vargs["zip"], self.vargs["docker_image_uri"]) File "/Users/dumitrucucu/Desktop/clients/Adrian Nicolaev/app/fluency-py/venv/lib/python3.9/site-packages/zappa/cli.py", line 877, in deploy self.zappa.add_binary_support(api_id=api_id, cors=self.cors) File "/Users/dumitrucucu/Desktop/clients/Adrian Nicolaev/app/fluency-py/venv/lib/python3.9/site-packages/zappa/core.py", line 1954, in add_binary_support response = self.apigateway_client.get_rest_api(restApiId=api_id) File "/Users/dumitrucucu/Desktop/clients/Adrian Nicolaev/app/fluency-py/venv/lib/python3.9/site-packages/botocore/client.py", line 508, in _api_call return self._make_api_call(operation_name, kwargs) File "/Users/dumitrucucu/Desktop/clients/Adrian Nicolaev/app/fluency-py/venv/lib/python3.9/site-packages/botocore/client.py", line 915, in _make_api_call raise error_class(parsed_response, operation_name) botocore.errorfactory.NotFoundException: An error occurred (NotFoundException) when calling the GetRestApi operation: Invalid API identifier specified 341536805644:qiozpnwvc3

    Possible Fix

    I have no idea how zappa works at a lower level, I suppose it uses some AWS Apis, and the error above demonstrates that there's some error when it tries to interact with the AWS Api on the final steps.

    Steps to Reproduce

    1. zappa update dev

    Your Environment

    • Zappa version used:
    • 0.55.0
    • Operating System and Python version:
    • Mac OS Monterey 12.2 (21D49) and Python 3.9
    • The output of pip freeze:
    • aes==1.0.0 aniso8601==9.0.1 argcomplete==2.0.0 atomicwrites==1.4.1 attrs==22.1.0 boto3==1.24.59 botocore==1.27.59 CacheControl==0.12.10 cachetools==5.0.0 certifi==2021.10.8 cffi==1.15.1 cfn-flip==1.3.0 charset-normalizer==2.0.12 click==8.1.2 crypto==1.4.1 cryptocode==0.1 cryptography==38.0.1 Deprecated==1.2.13 dnspython==2.2.1 durationpy==0.5 email-validator==1.1.3 firebase-admin==5.2.0 Flask==2.0.2 Flask-Cors==3.0.10 Flask-JWT-Extended==4.3.1 Flask-RESTful==0.3.9 google-api-core==2.7.2 google-api-python-client==2.44.0 google-auth==2.6.5 google-auth-httplib2==0.1.0 google-cloud-core==2.3.0 google-cloud-firestore==2.4.0 google-cloud-storage==2.3.0 google-crc32c==1.3.0 google-resumable-media==2.3.2 googleapis-common-protos==1.56.0 grpcio==1.44.0 grpcio-status==1.44.0 hjson==3.1.0 httplib2==0.20.4 idna==3.3 iniconfig==1.1.1 itsdangerous==2.1.2 Jinja2==3.1.1 jmespath==1.0.1 kappa==0.6.0 MarkupSafe==2.1.1 more-itertools==8.14.0 msgpack==1.0.3 Naked==0.1.31 names==0.3.0 packaging==21.3 password-validator==1.0 placebo==0.9.0 pluggy==0.13.1 proto-plus==1.20.3 protobuf==3.20.0 py==1.11.0 pyasn1==0.4.8 pyasn1-modules==0.2.8 pycparser==2.21 pycrypto==2.6.1 pycryptodomex==3.14.1 pydash==5.1.0 PyJWT==2.3.0 pyparsing==3.0.8 pytest==4.6.11 pytest-requests==0.3.0 python-dateutil==2.8.2 python-dotenv==0.20.0 python-i18n==0.3.9 python-random-name-generator==0.0.6 python-slugify==6.1.2 pytz==2022.1 PyYAML==6.0 requests==2.27.1 rsa==4.8 s3transfer==0.6.0 shellescape==3.8.1 six==1.16.0 text-unidecode==1.3 toml==0.10.2 tomli==2.0.1 tqdm==4.64.0 trafaret==2.1.1 troposphere==4.1.0 twilio==7.8.1 uritemplate==4.1.1 urllib3==1.26.9 vonage==3.0.0 wcwidth==0.2.5 Werkzeug==2.1.1 wrapt==1.14.1 wsgi-request-logger==0.4.6 zappa==0.55.0
    • Link to your project (optional):
      • (private source)
    • Your zappa_settings.json: { "dev": { "app_function": "app.app", "profile_name": "default", "project_name": "fluency-py", "runtime": "python3.9", "s3_bucket": "zappa-qms1bxy5b", "aws_region": "us-east-1" } }
    opened by dumitruPuggle 13
  • CVE-2007-4559 Patch

    CVE-2007-4559 Patch

    Patching CVE-2007-4559

    Hi, we are security researchers from the Advanced Research Center at Trellix. We have began a campaign to patch a widespread bug named CVE-2007-4559. CVE-2007-4559 is a 15 year old bug in the Python tarfile package. By using extract() or extractall() on a tarfile object without sanitizing input, a maliciously crafted .tar file could perform a directory path traversal attack. We found at least one unsantized extractall() in your codebase and are providing a patch for you via pull request. The patch essentially checks to see if all tarfile members will be extracted safely and throws an exception otherwise. We encourage you to use this patch or your own solution to secure against CVE-2007-4559. Further technical information about the vulnerability can be found in this blog.

    If you have further questions you may contact us through this projects lead researcher Kasimir Schulz.

    opened by TrellixVulnTeam 0
  • PR-1123 Add Support for Graviton 2 / ARM Architecture (conflict fix)

    PR-1123 Add Support for Graviton 2 / ARM Architecture (conflict fix)

    opened by gaborschulz 6
  • All APIs not being fetched

    All APIs not being fetched

    Context

    As mentioned in the AWS Docs, we can have default limits of 600, 120 regional, and edge APIs respectively.

    But we're fetching only limited (500) APIs, refer to the LOCs below.

    https://github.com/zappa/Zappa/blob/73ee393dd48500d321d65e92aba31a5fd83e93ab/zappa/core.py#L2425

    https://github.com/zappa/Zappa/blob/73ee393dd48500d321d65e92aba31a5fd83e93ab/zappa/core.py#L2101

    Expected Behavior

    To fetch all the available APIs

    Actual Behavior

    Fetching only 500 APIs

    Possible Fix

    Please update it to fetch all the records.

    Steps to Reproduce

    Your Environment

    • Zappa version used:
    • Operating System and Python version:
    • The output of pip freeze:
    • Link to your project (optional):
    • Your zappa_settings.json:
    bug next-release-candidate 
    opened by DilLip-Chowdary-Codes 0
  • Added throw error when event function name is long

    Added throw error when event function name is long

    Description

    • Added exception handling for cases where event function names are long.
    • The problem is that if the function name is too long, the function name is cut off and lambda cannot be called from the Event Bridge.

    GitHub Issues

    • https://github.com/zappa/Zappa/issues/1036
    opened by goya813 1
  • Remove patron link from README

    Remove patron link from README

    Currently the zappa README contains a Patrons section and link maintained by the original author of the package.

    Since he has left the project this issue proposes to remove the Patron section in it's entirety.

    documentation next-release-candidate 
    opened by monkut 2
Releases(0.56.1)
  • 0.56.1(Dec 3, 2022)

    0.56.1

    • Fix FileNotFoundError in running_in_docker (#1201)
    • Use ZAPPA_RUNNING_IN_DOCKER environment variable to use any Python version inside Docker container (#1140)
    Source code(tar.gz)
    Source code(zip)
  • 0.56.0(Dec 1, 2022)

    0.56.0

    • Not recognizing virtaulenv created with pyenv (#1132)
    • Remove six from zappa dependencies (#1164)
    • Handle optional space in x-forwarded-for header (#1127)
    • [Migrated] #2077 Fix url decoding for query string (#879)
    • [Migrated] [async] Check if args/kwargs are JSON Serializable while running locally (#704)
    • [Migrated] Add on Docs: event_source from S3 with key_filters (#446)
    • [Migrated] Logs are missing query strings (#410)
    • [Migrated] Update BINARY_SUPPORT to use Content-Encoding to identify if data is binary (#908)
    • Remove obsolete check for Django version < 1.7 (#1158)
    • [Migrated] s3 zip includes files that should be matched by the exclude setting (#422)
    • Add exclude_glob documentation (#1052)
    • Unable to schedule SQS Batch Size of greater than 10 (#1117)
    • [Migrated] s3 zip includes files that should be matched by the exclude setting (#422)
    • Allow any Python version if using Docker image for Lambda (#1140)
    • Incorrect hosted zone match (#1190)
    • Issue while trying to install or download zappa without binary file (#1199)
    Source code(tar.gz)
    Source code(zip)
  • 0.55.0(Aug 9, 2022)

    0.55.0

    • Fix "cd workflow fired event outside of the create tags event" (#1152)
    • Remove 'futures' package requirement (#826,#808)
    • Remove function invoke command does not need quotes around function (#900)
    • Add python_requires to setup.py (#1111)
    • Remove python 3.6 support (#1151)
    • Update handler to be global if INSTANTIATE_LAMBDA_HANDLER_ON_IMPORT=True (#1096)
    • Fix async invocation in Python 3 (#1006)
    • Drastically reduce cold start times by calling LambdaHandler externally (#982)
    • Support Newest Manylinux Version for dependencies (#1083)
    • Decode zappa invoke output regardless of --no-color option (#1069)
    • Convert project to using 'pipenv' to manage dependencies (#1077)
    • Ensure unique scheduled event names (#1080)
    • Check isort in CI (#1078)
    • Use 'black' everywhere (#1076)
    • Update setup.py (#1050)
    Source code(tar.gz)
    Source code(zip)
  • 0.54.2(Jul 15, 2022)

  • 0.53.0(Jun 19, 2021)

Owner
Zappa
Team managing the zappa project
Zappa
Serverless Public Key Infrastructure Framework

Ottr: Serverless Public Key Infrastructure Framework Ottr is a serverless framework for Public Key Infrastructure (PKI) that aims to provide a robust

Airbnb 259 Dec 28, 2022
Serverless console based chat program made with PyDrive2.

Nautilus Serverless console based chat program made with PyDrive2. How To Use: After installing the program files from GitHub, they can be put anywher

legitimately_the_1984th_year_of_the_common_era_&_anno_domini_designations 0 Jul 30, 2022
Portfolio-tracker - This serverless application let's you keep track of your investment portfolios

Portfolio-tracker - This serverless application let's you keep track of your investment portfolios

José Coelho 1 Jan 23, 2022
Serverless function for replicating weather underground data to an influxDB database

Weather Underground → Influx DB 🌤 Serverless function for replicating Weather U

Ben Meier 1 Dec 30, 2021
⚡ Serverless Framework – Build web, mobile and IoT applications with serverless architectures using AWS Lambda, Azure Functions, Google CloudFunctions

⚡ Serverless Framework – Build web, mobile and IoT applications with serverless architectures using AWS Lambda, Azure Functions, Google CloudFunctions & more! –

Serverless 44k Jan 03, 2023
Python Serverless Microframework for AWS

AWS Chalice Chalice is a framework for writing serverless apps in python. It allows you to quickly create and deploy applications that use AWS Lambda.

Amazon Web Services 9.4k Jan 08, 2023
Repository for Research Paper: Serverless Thumbnail Generation

Serverless deployment on IBM Cloud Code Engine that uses the Lithops Framework to process images in parallel

Luca Mueller 2 Jan 12, 2022
Zappa makes it super easy to build and deploy server-less, event-driven Python applications on AWS Lambda + API Gateway.

Zappa makes it super easy to build and deploy server-less, event-driven Python applications (including, but not limited to, WSGI web apps) on AWS Lambda + API Gateway. Think of it as "serverless" web

Zappa 2.2k Jan 09, 2023
Chainlink Python Serverless External Adapter Template

This template shows a basic usecase of an external adapter written in Python for the CryptoCompare API. It can be ran locally, in Docker, AWS Lambda, or GCP Functions.

Chainlink Hackathon - Insureblox 1 Nov 17, 2021