Rewrite to remove sensitive files. Adding script for baking. Adding readme. Making changes for x-account permissions

Allowing the app to be packaged with custom env config

Renaming config files to be more forms specific

Naming packages does nothing for lambda

Updating readme to reflect addition config + scripts

improvements to powershell script

Add a canned ACL for the S3 upload to that we don't have permission issues cross-account.

Remove baked config. Add ACL permission. Alter package script

Author: joshuat

.gitignore

@@ -1,2 +1,4 @@
 node_modules
 .DS_Store
+package
+LambdaFunction.zip

README.md

@@ -16,6 +16,14 @@ Managing table redundancy and backups involves many moving parts. Please read [D
 
 [dynamodb-replicator](https://github.com/mapbox/dynamodb-replicator) provides several CLI tools to help manage your DynamoDB table.
 
+### Config and Packaging
+
+For windows users: a powershell script is available to packing the lambda function with all the packages it needs.
+
+```
+> npm install
+> .\package.ps1
+
 ### diff-record
 
 Given two tables and an item's key, this script looks up the record in both tables and checks for consistency.

backup.js

@@ -46,7 +46,8 @@ module.exports = function(config, context, done) {
     s3.upload({
         Bucket: config.backup.bucket,
         Key: key,
-        Body: data
+        Body: data,
+        ACL: 'bucket-owner-full-control'
     }, function(err) {
         if (err) return next(err);
         log('[segment %s] Uploaded dynamo backup to s3://%s/%s', index, config.backup.bucket, key);

index.js

@@ -9,11 +9,6 @@ module.exports.streambotReplicate = streambot(replicate);
 module.exports.backup = incrementalBackup;
 module.exports.streambotBackup = streambot(incrementalBackup);
 
-// process.env.BackupBucket = 'dynamo-incremental-backups'
-// process.env.BackupPrefix = 'forms.blue'
-// process.env.MultiTenancyColumn = 'InstanceId'
-//process.env.PlainTextKeyAsFilename = true;
-
 function replicate(event, context, callback) {
     var replicaConfig = {
         table: process.env.ReplicaTable,
@@ -174,7 +169,11 @@ function incrementalBackup(event, context, callback) {
                 };
 
                 var req = change.eventName === 'REMOVE' ? 'deleteObject' : 'putObject';
-                if (req === 'putObject') params.Body = JSON.stringify(change.dynamodb.NewImage);
+
+                if (req === 'putObject') {
+                    params.Body = JSON.stringify(change.dynamodb.NewImage);
+                    params.ACL = 'bucket-owner-full-control';
+                }
 
                 s3[req](params, function(err) {
                     if (err) console.log(

package.ps1

@@ -0,0 +1,31 @@
+Write-Output "Packaging Lambda app"
+if (Test-Path .\package) {
+  Remove-Item .\package -Recurse -Force
+}
+
+New-Item .\package -type directory -f | Out-Null
+New-Item .\package\temp -type directory -f | Out-Null
+Write-Output "Copying dependencies..."
+Copy-Item .\backup.js .\package\temp\
+Copy-Item .\diff.js .\package\temp\
+Copy-Item .\s3-backfill.js .\package\temp\
+Copy-Item .\s3-snapshot.js .\package\temp\
+robocopy  .\node_modules\ .\package\temp\ /E | Out-Null
+Write-Output "Dependencies sorted"
+
+Write-Output "Generating output..."
+Copy-Item .\index.js .\package\temp\
+Write-Output "Output generated"
+
+Add-Type -assembly "system.io.compression.filesystem"
+$currentPath = (Get-Item -Path ".\" -Verbose).FullName
+$sourcePath = $currentPath + "\package\temp"
+$outputFile = $currentPath + "\LambdaFunction.zip"
+
+if (Test-Path $outputFile) {
+  Remove-Item $outputFile -Force
+}
+
+[io.compression.zipfile]::CreateFromDirectory($sourcePath, $outputFile)
+
+Write-Output "λ function ready to be uploaded at: $($outputFile)"

s3-snapshot.js

@@ -47,7 +47,8 @@ module.exports = function(config, done) {
     var upload = s3.upload({
         Bucket: config.destination.bucket,
         Key: config.destination.key,
-        Body: gzip
+        Body: gzip,
+        ACL: 'bucket-owner-full-control'
     }).on('httpUploadProgress', function(details) {
         if (details.part !== partsLoaded) {
             log(