**Nice to Have** IAMBIC Upgrade/Update and associated workflow endpoint for Lambda function apps. about iambic HOT 6 OPEN

I run iambic using docker run

alias iambic="docker run -it -u $(id -u):$(id -g) -v ${HOME}/.aws:/app/.aws:ro -e AWS_CONFIG_FILE=/app/.aws/config -e AWS_SHARED_CREDENTIALS_FILE=/app/.aws/credentials -e "AWS_PROFILE" -e HOME=/app -v /home/datfinesoul/github/undefined-io/iambic-templates:/templates:Z public.ecr.aws/iambic/iambic:latest"

For me running iambic upgrade would still be useful if that generated changes for the supporting infrastructure. In terms of the executable upgrading itself, would upgrade still be possible using the way I run it?

Potentially I see two ways of doing this.. 1: would be just repulling the updated container, or two you could bash into the container using docker exec and issue the command that way

from iambic.

I run iambic using docker run

alias iambic="docker run -it -u $(id -u):$(id -g) -v ${HOME}/.aws:/app/.aws:ro -e AWS_CONFIG_FILE=/app/.aws/config -e AWS_SHARED_CREDENTIALS_FILE=/app/.aws/credentials -e "AWS_PROFILE" -e HOME=/app -v /home/datfinesoul/github/undefined-io/iambic-templates:/templates:Z public.ecr.aws/iambic/iambic:latest"

For me running iambic upgrade would still be useful if that generated changes for the supporting infrastructure. In terms of the executable upgrading itself, would upgrade still be possible using the way I run it?

from iambic.

if you wanted there might be a way to do it as a scheduled Cron job inside the docker container to every 48 hours or so run iambic upgrade

from iambic.

Slack conversation for reference: https://noqcommunity.slack.com/archives/C02P9E8BDK6/p1684167712633089

from iambic.

@mxw-sec For NOQ, we would do a terraform apply at https://github.com/noqdev/iambic/tree/main/deployment/github_app. (We actually have terraform monorepo for other stuffs in the company, we will have a slightly modified version like s3 states instead of local states). (Background on why we have terraform there because there is the container image pushing piece (ECR), lambda update piece. So terraform happens to be least path of resistance when I was working at the AWS deployment piece. Looking for feedback there.)

How are you deploying your lambda workflow? Knowing how you typically manage such lambda environment may lead to other solutions.

from iambic.

In this case I used the provided terraform modules. But I wonder if a Cloudformation Stack wouldn't be a better long term solution once the upgrade command is added.

Mainly for the fact that not everyone has terraform in their environment, let alone the experience to actually apply tf stacks.

Could there be a built in function one day inside iambic to deploy a CF stack for the integration, same way yall create the IAM roles??

iambic integrate

But that is future state for sure.

from iambic.