From f9ce87befd085cfa9f8316824fccd1e6709ef288 Mon Sep 17 00:00:00 2001 From: sumoanema Date: Tue, 31 Mar 2026 13:54:43 +0530 Subject: [PATCH 1/4] SUMO-278456 | Changes to fix arn fidings with ESC AWS region. Changes script to print the correct ARN based on dynamically fetching partition by aws cli command --- scripts/delete_old_layer_versions.sh | 6 +++++- scripts/zip.sh | 7 ++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/scripts/delete_old_layer_versions.sh b/scripts/delete_old_layer_versions.sh index b8893b4..c1a1037 100644 --- a/scripts/delete_old_layer_versions.sh +++ b/scripts/delete_old_layer_versions.sh @@ -38,7 +38,11 @@ for arch in "${ARCHITECTURES[@]}"; do layer_name="${binary_name}-${arch}" for region in "${AWS_REGIONS[@]}"; do - echo "Layer Arn: arn:aws:lambda:${region}::layer:${layer_name}:${layer_version} deleted from Region ${region}" + # Dynamically get the partition for the region from AWS + caller_arn=$(aws sts get-caller-identity --region ${region} --profile ${AWS_PROFILE} --query 'Arn' --output text) + partition=$(echo ${caller_arn} | cut -d':' -f2) + + echo "Layer Arn: arn:${partition}:lambda:${region}::layer:${layer_name}:${layer_version} deleted from Region ${region}" aws lambda delete-layer-version --layer-name ${layer_name} --version-number ${layer_version} --region ${region} done done diff --git a/scripts/zip.sh b/scripts/zip.sh index 983d5f0..3e49f6f 100755 --- a/scripts/zip.sh +++ b/scripts/zip.sh @@ -88,7 +88,12 @@ for arch in "${ARCHITECTURES[@]}"; do --description "The SumoLogic Extension collects lambda logs and send it to Sumo Logic." \ --license-info "Apache-2.0" --zip-file fileb://$(pwd)/${extension_zip_dir}/${binary_name}.zip \ --profile ${AWS_PROFILE} --region ${region} --output text --query Version ) - echo "Layer Arn: arn:aws:lambda:${region}::layer:${layer_name}:${layer_version} deployed to Region ${region}" + + # Dynamically get the partition for the region from AWS + caller_arn=$(aws sts get-caller-identity --region ${region} --profile ${AWS_PROFILE} --query 'Arn' --output text) + partition=$(echo ${caller_arn} | cut -d':' -f2) + + echo "Layer Arn: arn:${partition}:lambda:${region}::layer:${layer_name}:${layer_version} deployed to Region ${region}" echo "Setting public permissions for layer version: ${layer_version}" aws lambda add-layer-version-permission --layer-name ${layer_name} --statement-id ${layer_name}-prod --version-number $layer_version --principal '*' --action lambda:GetLayerVersion --region ${region} --profile ${AWS_PROFILE} From 934e0f24da7b736274fb6781ff73729ee4804d36 Mon Sep 17 00:00:00 2001 From: sumoanema Date: Wed, 1 Apr 2026 11:41:17 +0530 Subject: [PATCH 2/4] adding aws_profile to delete script as suggested in copilot review --- scripts/delete_old_layer_versions.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/delete_old_layer_versions.sh b/scripts/delete_old_layer_versions.sh index c1a1037..8db7175 100644 --- a/scripts/delete_old_layer_versions.sh +++ b/scripts/delete_old_layer_versions.sh @@ -43,6 +43,6 @@ for arch in "${ARCHITECTURES[@]}"; do partition=$(echo ${caller_arn} | cut -d':' -f2) echo "Layer Arn: arn:${partition}:lambda:${region}::layer:${layer_name}:${layer_version} deleted from Region ${region}" - aws lambda delete-layer-version --layer-name ${layer_name} --version-number ${layer_version} --region ${region} + aws lambda delete-layer-version --layer-name ${layer_name} --version-number ${layer_version} --region ${region} --profile ${AWS_PROFILE} done done From a4f9d98ab6f43461d2f1d7233ad0e728ddfbe3da Mon Sep 17 00:00:00 2001 From: sumoanema Date: Thu, 2 Apr 2026 14:08:57 +0530 Subject: [PATCH 3/4] Introducing handling for different aws profile - seperate for ESC in zip.sh deployment script --- scripts/delete_old_layer_versions.sh | 21 +++++++++++++++++++-- scripts/zip.sh | 22 +++++++++++++++++++--- 2 files changed, 38 insertions(+), 5 deletions(-) diff --git a/scripts/delete_old_layer_versions.sh b/scripts/delete_old_layer_versions.sh index 8db7175..aa07250 100644 --- a/scripts/delete_old_layer_versions.sh +++ b/scripts/delete_old_layer_versions.sh @@ -18,13 +18,21 @@ AWS_REGIONS=( eu-central-1 us-west-1 us-west-2 + eusc-de-east-1 ) if [[ -z "${AWS_PROFILE}" ]]; then export AWS_PROFILE="personal" fi + +# Set AWS_PROFILE_EUSC for European Sovereign Cloud regions (can be overridden via environment) +if [[ -z "${AWS_PROFILE_EUSC}" ]]; then + export AWS_PROFILE_EUSC="esc_personal" +fi + echo "Using AWS_PROFILE: ${AWS_PROFILE}" +echo "Using AWS_PROFILE_EUSC: ${AWS_PROFILE_EUSC}" binary_name="sumologic-extension" @@ -38,11 +46,20 @@ for arch in "${ARCHITECTURES[@]}"; do layer_name="${binary_name}-${arch}" for region in "${AWS_REGIONS[@]}"; do + # Auto-detect profile based on region prefix + if [[ "${region}" =~ ^eusc- ]]; then + profile="${AWS_PROFILE_EUSC}" + else + profile="${AWS_PROFILE}" + fi + + echo "Deleting from region ${region} using profile ${profile}" + # Dynamically get the partition for the region from AWS - caller_arn=$(aws sts get-caller-identity --region ${region} --profile ${AWS_PROFILE} --query 'Arn' --output text) + caller_arn=$(aws sts get-caller-identity --region ${region} --profile ${profile} --query 'Arn' --output text) partition=$(echo ${caller_arn} | cut -d':' -f2) echo "Layer Arn: arn:${partition}:lambda:${region}::layer:${layer_name}:${layer_version} deleted from Region ${region}" - aws lambda delete-layer-version --layer-name ${layer_name} --version-number ${layer_version} --region ${region} --profile ${AWS_PROFILE} + aws lambda delete-layer-version --layer-name ${layer_name} --version-number ${layer_version} --region ${region} --profile ${profile} done done diff --git a/scripts/zip.sh b/scripts/zip.sh index 3e49f6f..478814b 100755 --- a/scripts/zip.sh +++ b/scripts/zip.sh @@ -54,6 +54,11 @@ for arch in "${ARCHITECTURES[@]}"; do export AWS_PROFILE="personal" fi + # Set AWS_PROFILE_EUSC for European Sovereign Cloud regions (can be overridden via environment) + if [[ -z "${AWS_PROFILE_EUSC}" ]]; then + export AWS_PROFILE_EUSC="esc_personal" + fi + AWS_REGIONS=( us-east-1 us-east-2 @@ -76,27 +81,38 @@ for arch in "${ARCHITECTURES[@]}"; do us-west-1 us-west-2 ca-west-1 + eusc-de-east-1 ) echo "Using AWS_PROFILE: ${AWS_PROFILE}" + echo "Using AWS_PROFILE_EUSC: ${AWS_PROFILE_EUSC}" # We have layer name as sumologic-extension. Please change name for local testing. layer_name="${binary_name}-${arch}" for region in "${AWS_REGIONS[@]}"; do + # Auto-detect profile based on region prefix + if [[ "${region}" =~ ^eusc- ]]; then + profile="${AWS_PROFILE_EUSC}" + else + profile="${AWS_PROFILE}" + fi + + echo "Deploying to region ${region} using profile ${profile}" + layer_version=$(aws lambda publish-layer-version --layer-name ${layer_name} \ --description "The SumoLogic Extension collects lambda logs and send it to Sumo Logic." \ --license-info "Apache-2.0" --zip-file fileb://$(pwd)/${extension_zip_dir}/${binary_name}.zip \ - --profile ${AWS_PROFILE} --region ${region} --output text --query Version ) + --profile ${profile} --region ${region} --output text --query Version ) # Dynamically get the partition for the region from AWS - caller_arn=$(aws sts get-caller-identity --region ${region} --profile ${AWS_PROFILE} --query 'Arn' --output text) + caller_arn=$(aws sts get-caller-identity --region ${region} --profile ${profile} --query 'Arn' --output text) partition=$(echo ${caller_arn} | cut -d':' -f2) echo "Layer Arn: arn:${partition}:lambda:${region}::layer:${layer_name}:${layer_version} deployed to Region ${region}" echo "Setting public permissions for layer version: ${layer_version}" - aws lambda add-layer-version-permission --layer-name ${layer_name} --statement-id ${layer_name}-prod --version-number $layer_version --principal '*' --action lambda:GetLayerVersion --region ${region} --profile ${AWS_PROFILE} + aws lambda add-layer-version-permission --layer-name ${layer_name} --statement-id ${layer_name}-prod --version-number $layer_version --principal '*' --action lambda:GetLayerVersion --region ${region} --profile ${profile} # aws lambda add-layer-version-permission --layer-name ${layer_name} --statement-id ${layer_name}-dev --version-number ${layer_version} --principal '956882708938' --action lambda:GetLayerVersion --region ${region} done From 03cc084d9a79b8f431cd8a95c5d3c5bee371fff7 Mon Sep 17 00:00:00 2001 From: sumoanema Date: Fri, 3 Apr 2026 14:22:18 +0530 Subject: [PATCH 4/4] Creting seperate script for special aws partition which can be extended further for other non-standard partition - keeping the default script zip.sh unchanged --- scripts/delete_old_layer_versions.sh | 27 +----- ...e_old_layer_versions_special_partitions.sh | 34 +++++++ scripts/zip.sh | 29 +----- scripts/zip_special_partitions.sh | 88 +++++++++++++++++++ 4 files changed, 129 insertions(+), 49 deletions(-) create mode 100644 scripts/delete_old_layer_versions_special_partitions.sh create mode 100644 scripts/zip_special_partitions.sh diff --git a/scripts/delete_old_layer_versions.sh b/scripts/delete_old_layer_versions.sh index aa07250..1273340 100644 --- a/scripts/delete_old_layer_versions.sh +++ b/scripts/delete_old_layer_versions.sh @@ -18,21 +18,13 @@ AWS_REGIONS=( eu-central-1 us-west-1 us-west-2 - eusc-de-east-1 ) if [[ -z "${AWS_PROFILE}" ]]; then export AWS_PROFILE="personal" fi - -# Set AWS_PROFILE_EUSC for European Sovereign Cloud regions (can be overridden via environment) -if [[ -z "${AWS_PROFILE_EUSC}" ]]; then - export AWS_PROFILE_EUSC="esc_personal" -fi - echo "Using AWS_PROFILE: ${AWS_PROFILE}" -echo "Using AWS_PROFILE_EUSC: ${AWS_PROFILE_EUSC}" binary_name="sumologic-extension" @@ -46,20 +38,7 @@ for arch in "${ARCHITECTURES[@]}"; do layer_name="${binary_name}-${arch}" for region in "${AWS_REGIONS[@]}"; do - # Auto-detect profile based on region prefix - if [[ "${region}" =~ ^eusc- ]]; then - profile="${AWS_PROFILE_EUSC}" - else - profile="${AWS_PROFILE}" - fi - - echo "Deleting from region ${region} using profile ${profile}" - - # Dynamically get the partition for the region from AWS - caller_arn=$(aws sts get-caller-identity --region ${region} --profile ${profile} --query 'Arn' --output text) - partition=$(echo ${caller_arn} | cut -d':' -f2) - - echo "Layer Arn: arn:${partition}:lambda:${region}::layer:${layer_name}:${layer_version} deleted from Region ${region}" - aws lambda delete-layer-version --layer-name ${layer_name} --version-number ${layer_version} --region ${region} --profile ${profile} + echo "Layer Arn: arn:aws:lambda:${region}::layer:${layer_name}:${layer_version} deleted from Region ${region}" + aws lambda delete-layer-version --layer-name ${layer_name} --version-number ${layer_version} --region ${region} --profile ${AWS_PROFILE} done -done +done \ No newline at end of file diff --git a/scripts/delete_old_layer_versions_special_partitions.sh b/scripts/delete_old_layer_versions_special_partitions.sh new file mode 100644 index 0000000..9c3b03b --- /dev/null +++ b/scripts/delete_old_layer_versions_special_partitions.sh @@ -0,0 +1,34 @@ +AWS_REGIONS=( + eusc-de-east-1 + ) + +# Set AWS_PROFILE_EUSC for European Sovereign Cloud regions (can be overridden via environment) +if [[ -z "${AWS_PROFILE_EUSC}" ]]; then + export AWS_PROFILE_EUSC="esc_personal" +fi + +echo "Using AWS_PROFILE_EUSC: ${AWS_PROFILE_EUSC}" + +binary_name="sumologic-extension" + +ARCHITECTURES=( + amd64 + arm64 +) +layer_version=1 +for arch in "${ARCHITECTURES[@]}"; do + + layer_name="${binary_name}-${arch}" + + for region in "${AWS_REGIONS[@]}"; do + + echo "Deleting from region ${region} using profile ${AWS_PROFILE_EUSC}" + + # Dynamically get the partition for the region from AWS + caller_arn=$(aws sts get-caller-identity --region ${region} --profile ${AWS_PROFILE_EUSC} --query 'Arn' --output text) + partition=$(echo ${caller_arn} | cut -d':' -f2) + + echo "Layer Arn: arn:${partition}:lambda:${region}::layer:${layer_name}:${layer_version} deleted from Region ${region}" + aws lambda delete-layer-version --layer-name ${layer_name} --version-number ${layer_version} --region ${region} --profile ${AWS_PROFILE_EUSC} + done +done \ No newline at end of file diff --git a/scripts/zip.sh b/scripts/zip.sh index 478814b..b15cb92 100755 --- a/scripts/zip.sh +++ b/scripts/zip.sh @@ -54,11 +54,6 @@ for arch in "${ARCHITECTURES[@]}"; do export AWS_PROFILE="personal" fi - # Set AWS_PROFILE_EUSC for European Sovereign Cloud regions (can be overridden via environment) - if [[ -z "${AWS_PROFILE_EUSC}" ]]; then - export AWS_PROFILE_EUSC="esc_personal" - fi - AWS_REGIONS=( us-east-1 us-east-2 @@ -81,39 +76,23 @@ for arch in "${ARCHITECTURES[@]}"; do us-west-1 us-west-2 ca-west-1 - eusc-de-east-1 ) echo "Using AWS_PROFILE: ${AWS_PROFILE}" - echo "Using AWS_PROFILE_EUSC: ${AWS_PROFILE_EUSC}" # We have layer name as sumologic-extension. Please change name for local testing. layer_name="${binary_name}-${arch}" for region in "${AWS_REGIONS[@]}"; do - # Auto-detect profile based on region prefix - if [[ "${region}" =~ ^eusc- ]]; then - profile="${AWS_PROFILE_EUSC}" - else - profile="${AWS_PROFILE}" - fi - - echo "Deploying to region ${region} using profile ${profile}" - layer_version=$(aws lambda publish-layer-version --layer-name ${layer_name} \ --description "The SumoLogic Extension collects lambda logs and send it to Sumo Logic." \ --license-info "Apache-2.0" --zip-file fileb://$(pwd)/${extension_zip_dir}/${binary_name}.zip \ - --profile ${profile} --region ${region} --output text --query Version ) - - # Dynamically get the partition for the region from AWS - caller_arn=$(aws sts get-caller-identity --region ${region} --profile ${profile} --query 'Arn' --output text) - partition=$(echo ${caller_arn} | cut -d':' -f2) - - echo "Layer Arn: arn:${partition}:lambda:${region}::layer:${layer_name}:${layer_version} deployed to Region ${region}" + --profile ${AWS_PROFILE} --region ${region} --output text --query Version ) + echo "Layer Arn: arn:aws:lambda:${region}::layer:${layer_name}:${layer_version} deployed to Region ${region}" echo "Setting public permissions for layer version: ${layer_version}" - aws lambda add-layer-version-permission --layer-name ${layer_name} --statement-id ${layer_name}-prod --version-number $layer_version --principal '*' --action lambda:GetLayerVersion --region ${region} --profile ${profile} + aws lambda add-layer-version-permission --layer-name ${layer_name} --statement-id ${layer_name}-prod --version-number $layer_version --principal '*' --action lambda:GetLayerVersion --region ${region} --profile ${AWS_PROFILE} # aws lambda add-layer-version-permission --layer-name ${layer_name} --statement-id ${layer_name}-dev --version-number ${layer_version} --principal '956882708938' --action lambda:GetLayerVersion --region ${region} done -done +done \ No newline at end of file diff --git a/scripts/zip_special_partitions.sh b/scripts/zip_special_partitions.sh new file mode 100644 index 0000000..4222cb9 --- /dev/null +++ b/scripts/zip_special_partitions.sh @@ -0,0 +1,88 @@ +#!/bin/bash -x +# Assuming the zip.sh script is run from inside the scripts folder + +# clean up of old target directories +cd .. +TARGET_DIR=target +if [ -d "$TARGET_DIR" ]; then + echo "removing old ${TARGET_DIR}" + rm -r ${TARGET_DIR}; +fi + +# Add GO packages to GOPATH. Not needed if you are using Go modules +# export GOPATH=${HOME}/GO:${PATH}:$(pwd) + +echo "Creating an binary executable using the go build command for Linux Systems." +binary_name="sumologic-extension" + + +ARCHITECTURES=( + amd64 + arm64 +) + +for arch in "${ARCHITECTURES[@]}"; do + + echo "Creating an binary executable for $arch" + extension_bin_dir="${TARGET_DIR}/${arch}/extensions" + extension_zip_dir="${TARGET_DIR}/${arch}/zip" + mkdir -p "${extension_bin_dir}" + mkdir -p "${extension_zip_dir}" + + env GOOS="linux" GOARCH="$arch" go build -o "${extension_bin_dir}/${binary_name}" "lambda-extensions/${binary_name}.go" + + status=$? + if [ $status -ne 0 ]; then + echo "Binary Generation Failed" + exit 1 + fi + chmod +x "${extension_bin_dir}/${binary_name}" + + echo "Creating the Zip file binary in extension folder." + cd "${TARGET_DIR}/${arch}" + zip -r "zip/${binary_name}.zip" "extensions/${binary_name}" + tar -czvf "zip/${binary_name}-${arch}.tar.gz" -C extensions "${binary_name}" + status=$? + if [ $status -ne 0 ]; then + echo "Zip Generation Failed" + exit 1 + fi + cd - + + echo "Create lambda Layer from the new ZIP file in the provided AWS_PROFILE aws account." + # Set AWS_PROFILE_EUSC for European Sovereign Cloud regions (can be overridden via environment) + if [[ -z "${AWS_PROFILE_EUSC}" ]]; then + export AWS_PROFILE_EUSC="esc_personal" + fi + + AWS_REGIONS=( + eusc-de-east-1 + ) + + + echo "Using AWS_PROFILE_EUSC: ${AWS_PROFILE_EUSC}" + + # We have layer name as sumologic-extension. Please change name for local testing. + layer_name="${binary_name}-${arch}" + + for region in "${AWS_REGIONS[@]}"; do + + echo "Deploying to region ${region} using profile ${AWS_PROFILE_EUSC}" + + layer_version=$(aws lambda publish-layer-version --layer-name ${layer_name} \ + --description "The SumoLogic Extension collects lambda logs and send it to Sumo Logic." \ + --license-info "Apache-2.0" --zip-file fileb://$(pwd)/${extension_zip_dir}/${binary_name}.zip \ + --profile ${AWS_PROFILE_EUSC} --region ${region} --output text --query Version ) + + # Dynamically get the partition for the region from AWS + caller_arn=$(aws sts get-caller-identity --region ${region} --profile ${AWS_PROFILE_EUSC} --query 'Arn' --output text) + partition=$(echo ${caller_arn} | cut -d':' -f2) + + echo "Layer Arn: arn:${partition}:lambda:${region}::layer:${layer_name}:${layer_version} deployed to Region ${region}" + + echo "Setting public permissions for layer version: ${layer_version}" + aws lambda add-layer-version-permission --layer-name ${layer_name} --statement-id ${layer_name}-prod --version-number $layer_version --principal '*' --action lambda:GetLayerVersion --region ${region} --profile ${AWS_PROFILE_EUSC} + # aws lambda add-layer-version-permission --layer-name ${layer_name} --statement-id ${layer_name}-dev --version-number ${layer_version} --principal '956882708938' --action lambda:GetLayerVersion --region ${region} + done + +done \ No newline at end of file