Last active
June 25, 2020 19:09
-
-
Save joekiller/ffddfe4942c09d4c9e5bc507aacc1076 to your computer and use it in GitHub Desktop.
Enable Lambda X-Ray on all functions via AWS CLI
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| fns=($(aws lambda list-functions --query "Functions[].FunctionName" --output text)) | |
| GrantWrite () { | |
| aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess --role-name $(ROLE=$(aws lambda get-function --function-name $1 --query "Configuration.Role" --output text);echo ${ROLE##*/}) | |
| } | |
| XRay () { | |
| aws lambda update-function-configuration --function-name $1 --tracing-config Mode=Active >/dev/null && echo $1 OK || (GrantWrite $1; aws lambda update-function-configuration --function-name $1 --tracing-config Mode=Active > /dev/null && echo $1 OK || echo $1 FAILED) | |
| } | |
| for f in ${fns[@]}; do XRay $f; done |
@gvasquez-waypoint I agree, IAM can have a slight lag on associate policy
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Seems like it's missing some kind of "wait state" between the grant and the lambda update, as the permissions don't get propagated to the lambdas right away, but if you just wait (or run the script twice) it succeeds, otherwise you get errors like:
An error occurred (InvalidParameterValueException) when calling the UpdateFunctionConfiguration operation: The provided execution role does not have permissions to call PutTraceSegments on XRAY