- GraalVM (if you have SdkMan!, execute
sdk envor setsdkman_auto_env=truein~/.sdkman/etc/config) - GraalVM Native Image (
gu install native-image)
./mvnw packageNote that for the Lambda deployment to work, you need to build a linux-amd64 native image. At this point in time, cross compilation doesn't seem to work so if you are on Mac or Windows, you might need a VM if you're planning to build this locally.
- gotf
- Terraform Cloud Workspace (optional)
- Packaged artifacts
- DataStax Astra account + client API tokens
- AWS account + IAM user
The Astra admin token should have permissions to create databases and keyspaces. Ideally you want a separate application token that can only access databases and keyspaces. At the point of writing this it was not possible to create the application token through Terraform.
The IAM user can use the following AWS managed policies:
AWSLambda_FullAccessCloudWatchFullAccessAmazonAPIGatewayAdministratorAmazonSSMFullAccess
Also add this inline policy to allow the management of Lambda roles and policies:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:AttachRolePolicy",
"iam:CreatePolicy",
"iam:CreateRole",
"iam:DeletePolicy",
"iam:DeleteRole",
"iam:DetachRolePolicy",
"iam:ListEntitiesForPolicy",
"iam:ListInstanceProfilesForRole",
"iam:ListPolicyVersions",
"iam:TagRole"
],
"Resource": "*"
}
]
}gotf -m tf login
echo 'astra_client_token = "AstraCS:ZZZ' > tf/secrets.auto.tfvars
echo 'astra_db_client_id = "XXX"' >> tf/secrets.auto.tfvars
echo 'astra_db_client_secret = "YYY"' >> tf/secrets.auto.tfvars
echo 'astra_db_client_token = "AstraCS:ZZZ"' >> tf/secrets.auto.tfvars
gotf -m tf initgotf -m tf applygotf -m tf destroyaws lambda invoke --function-name serverless-astra-graalvm --log-type Tail --payload "{}" response.json