amazon-bedrock-agentcore-samples/02-use-cases/DB-performance-analyzer/scripts/create_lambda.sh

#!/bin/bash
set -e

# Get the script directory
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
PROJECT_DIR="$( cd "$SCRIPT_DIR/.." && pwd )"

# Load configurations
source "$PROJECT_DIR/config/iam_config.env"
source "$PROJECT_DIR/config/cognito_config.env"

echo "Creating Lambda functions for DB Performance Analyzer..."

# Use the correct path to the pg_analyze_performance.py file
PG_ANALYZE_PY_FILE="$SCRIPT_DIR/pg_analyze_performance.py"
if [ -f "$PG_ANALYZE_PY_FILE" ]; then
    echo "Using pg_analyze_performance.py from $PG_ANALYZE_PY_FILE"
else
    echo "Error: pg_analyze_performance.py not found at $PG_ANALYZE_PY_FILE"
    exit 1
fi

# Create a directory for the Lambda code
LAMBDA_DIR=$(mktemp -d)
echo "Creating Lambda package in $LAMBDA_DIR"
cp "$PG_ANALYZE_PY_FILE" "$LAMBDA_DIR/lambda_function.py"

# Create a zip file for the Lambda function
ZIP_FILE=$(mktemp).zip
(cd "$LAMBDA_DIR" && zip -r "$ZIP_FILE" .)
echo "Created zip file at $ZIP_FILE"

# Load VPC configuration if available
if [ -f "$PROJECT_DIR/config/vpc_config.env" ]; then
    source "$PROJECT_DIR/config/vpc_config.env"
    echo "Loaded VPC configuration"
    echo "VPC ID: $VPC_ID"
    echo "Subnet IDs: $SUBNET_IDS"
    echo "Lambda Security Group ID: $LAMBDA_SECURITY_GROUP_ID"
    echo "DB Security Group IDs: $DB_SECURITY_GROUP_IDS"
    
    # Check if LAMBDA_SECURITY_GROUP_ID is set
    if [ -z "$LAMBDA_SECURITY_GROUP_ID" ]; then
        echo "Error: LAMBDA_SECURITY_GROUP_ID is not set in vpc_config.env"
        exit 1
    fi
    
    # Prepare VPC config JSON
    VPC_CONFIG="{\"SubnetIds\":[\"${SUBNET_IDS//,/\",\"}\"],\"SecurityGroupIds\":[\"$LAMBDA_SECURITY_GROUP_ID\"]}"
    echo "VPC Config: $VPC_CONFIG"
    
    # Load layer configuration if available
    LAYERS_PARAM=""
    if [ -f "$PROJECT_DIR/config/layer_config.env" ]; then
        source "$PROJECT_DIR/config/layer_config.env"
        if [ ! -z "$PSYCOPG2_LAYER_ARN" ]; then
            LAYERS_PARAM="--layers $PSYCOPG2_LAYER_ARN"
            echo "Using psycopg2 layer: $PSYCOPG2_LAYER_ARN"
        else
            echo "Warning: PSYCOPG2_LAYER_ARN is empty in layer_config.env"
        fi
    else
        echo "Warning: layer_config.env not found at $PROJECT_DIR/config/layer_config.env"
        echo "Creating psycopg2 layer..."
        "$SCRIPT_DIR/create_psycopg2_layer.sh"
        if [ -f "$PROJECT_DIR/config/layer_config.env" ]; then
            source "$PROJECT_DIR/config/layer_config.env"
            if [ ! -z "$PSYCOPG2_LAYER_ARN" ]; then
                LAYERS_PARAM="--layers $PSYCOPG2_LAYER_ARN"
                echo "Using psycopg2 layer: $PSYCOPG2_LAYER_ARN"
            else
                echo "Error: PSYCOPG2_LAYER_ARN is still empty after creating layer"
                exit 1
            fi
        else
            echo "Error: layer_config.env still not found after creating layer"
            exit 1
        fi
    fi
    
    # Create the Lambda function with VPC configuration
    echo "Creating Lambda function with VPC configuration..."
    LAMBDA_RESPONSE=$(aws lambda create-function \
      --function-name DBPerformanceAnalyzer \
      --runtime python3.12 \
      --role $LAMBDA_ROLE_ARN \
      --handler lambda_function.lambda_handler \
      --zip-file fileb://$ZIP_FILE \
      --vpc-config "$VPC_CONFIG" \
      $LAYERS_PARAM \
      --timeout 30 \
      --environment "Variables={REGION=$AWS_REGION}" \
      --region $AWS_REGION)
    
else
    # Create the Lambda function without VPC configuration
    echo "Creating Lambda function without VPC configuration..."
    LAMBDA_RESPONSE=$(aws lambda create-function \
      --function-name DBPerformanceAnalyzer \
      --runtime python3.12 \
      --role $LAMBDA_ROLE_ARN \
      --handler lambda_function.lambda_handler \
      --zip-file fileb://$ZIP_FILE \
      --environment "Variables={REGION=$AWS_REGION}" \
      --region $AWS_REGION)
fi

LAMBDA_ARN=$(echo $LAMBDA_RESPONSE | jq -r '.FunctionArn')
echo "Lambda function created: $LAMBDA_ARN"

# Add permission for Gateway to invoke Lambda
echo "Adding permission for Gateway to invoke Lambda..."
echo "Gateway Role ARN: $GATEWAY_ROLE_ARN"

# Add permission for Gateway service to invoke Lambda
aws lambda add-permission \
  --function-name DBPerformanceAnalyzer \
  --statement-id GatewayServiceInvoke \
  --action lambda:InvokeFunction \
  --principal bedrock-agentcore.amazonaws.com \
  --region $AWS_REGION

# Add permission for Gateway role to invoke Lambda
aws lambda add-permission \
  --function-name DBPerformanceAnalyzer \
  --statement-id GatewayRoleInvoke \
  --action lambda:InvokeFunction \
  --principal $GATEWAY_ROLE_ARN \
  --region $AWS_REGION

# Clean up temporary files
rm -rf $LAMBDA_DIR
rm $ZIP_FILE

# Create config directory if it doesn't exist
mkdir -p "$PROJECT_DIR/config"

# Save Lambda ARN to config
cat > "$PROJECT_DIR/config/lambda_config.env" << EOF
export LAMBDA_ARN=$LAMBDA_ARN
EOF

# Create PGStat Lambda function
echo "Creating PGStat Lambda function..."

# Use the correct path to the pgstat_analyse_database.py file
PGSTAT_PY_FILE="$SCRIPT_DIR/pgstat_analyse_database.py"
if [ -f "$PGSTAT_PY_FILE" ]; then
    echo "Using pgstat_analyse_database.py from $PGSTAT_PY_FILE"
else
    echo "Error: pgstat_analyse_database.py not found at $PGSTAT_PY_FILE"
    exit 1
fi

# Create a directory for the Lambda code
PGSTAT_LAMBDA_DIR=$(mktemp -d)
echo "Creating PGStat Lambda package in $PGSTAT_LAMBDA_DIR"
cp "$PGSTAT_PY_FILE" "$PGSTAT_LAMBDA_DIR/lambda_function.py"

# Create a zip file for the Lambda function
PGSTAT_ZIP_FILE=$(mktemp).zip
(cd "$PGSTAT_LAMBDA_DIR" && zip -r "$PGSTAT_ZIP_FILE" .)
echo "Created PGStat zip file at $PGSTAT_ZIP_FILE"

# Create the Lambda function with VPC configuration if available
if [ -f "$PROJECT_DIR/config/vpc_config.env" ]; then
    # VPC config already loaded above
    
    # Create the Lambda function with VPC configuration
    echo "Creating PGStat Lambda function with VPC configuration..."
    PGSTAT_LAMBDA_RESPONSE=$(aws lambda create-function \
      --function-name PGStatAnalyzeDatabase \
      --runtime python3.12 \
      --role $LAMBDA_ROLE_ARN \
      --handler lambda_function.lambda_handler \
      --zip-file fileb://$PGSTAT_ZIP_FILE \
      --vpc-config "$VPC_CONFIG" \
      $LAYERS_PARAM \
      --timeout 300 \
      --environment "Variables={REGION=$AWS_REGION}" \
      --region $AWS_REGION)
    
else
    # Create the Lambda function without VPC configuration
    echo "Creating PGStat Lambda function without VPC configuration..."
    PGSTAT_LAMBDA_RESPONSE=$(aws lambda create-function \
      --function-name PGStatAnalyzeDatabase \
      --runtime python3.12 \
      --role $LAMBDA_ROLE_ARN \
      --handler lambda_function.lambda_handler \
      --zip-file fileb://$PGSTAT_ZIP_FILE \
      --timeout 300 \
      --environment "Variables={REGION=$AWS_REGION}" \
      --region $AWS_REGION)
fi

PGSTAT_LAMBDA_ARN=$(echo $PGSTAT_LAMBDA_RESPONSE | jq -r '.FunctionArn')
echo "PGStat Lambda function created: $PGSTAT_LAMBDA_ARN"

# Add permission for Gateway to invoke PGStat Lambda
echo "Adding permission for Gateway to invoke PGStat Lambda..."
echo "Gateway Role ARN: $GATEWAY_ROLE_ARN"

# Add permission for Gateway service to invoke PGStat Lambda
aws lambda add-permission \
  --function-name PGStatAnalyzeDatabase \
  --statement-id GatewayServiceInvoke \
  --action lambda:InvokeFunction \
  --principal bedrock-agentcore.amazonaws.com \
  --region $AWS_REGION

# Add permission for Gateway role to invoke PGStat Lambda
aws lambda add-permission \
  --function-name PGStatAnalyzeDatabase \
  --statement-id GatewayRoleInvoke \
  --action lambda:InvokeFunction \
  --principal $GATEWAY_ROLE_ARN \
  --region $AWS_REGION

# Clean up temporary files
rm -rf $PGSTAT_LAMBDA_DIR
rm $PGSTAT_ZIP_FILE

# Append PGStat Lambda ARN to config
cat >> "$PROJECT_DIR/config/lambda_config.env" << EOF
export PGSTAT_LAMBDA_ARN=$PGSTAT_LAMBDA_ARN
EOF

echo "Lambda functions setup completed successfully"