Title
v
Vignesh Sankaran
01/24/2023, 1:15 PMI am struggling to get cerbos to work on AWS Lambda as a serverless service. Any help is appreciated.
a
Alex Olivier (Cerbos)
01/24/2023, 1:30 PMCan you share the policy file? Looks like a formatting error
(Good news is that means Cerbos instance is running now!)
v
Vignesh Sankaran
01/24/2023, 1:46 PMI resolved that but ended up on another error:
cerbos: error: failed to create store: failed to create workDir “/policies”: mkdir /policies: read-only file system
conf.default.yml,sam.yml
I think I need to remove the configs for S3 except bucket and re-try
I am re-trying with this config:
storage:
driver: “blob”
blob:
bucket: $BUCKET_URL
prefix: $BUCKET_PREFIX
workDir: ${HOME}/tmp/cerbos/work
updatePollInterval: 15s
downloadTimeout: 30s
requestTimeout: 10s
a
Alex Olivier (Cerbos)
01/24/2023, 2:03 PMYou shouldn’t have to change the default config unless you need to change the polling intervals
v
Vignesh Sankaran
01/24/2023, 2:11 PMNoted. But with default config I am ending up with the below error in the logs whenever I involve the deployed endpoint;
cerbos: error: failed to create store: failed to read blob configuration: workDir unspecified and failed to determine user cache dir: neither $XDG_CACHE_HOME nor $HOME are defined
I am looking at the right config to put in place for using AWS S3 as the storage
I am looking at here: https://docs.cerbos.dev/cerbos/latest/configuration/storage.html#blob-driver
and used the same config in this for AWS S3 (changed the bucket name and prefix), but unsure what to set for $HOME
I am stuck here:
“cerbos: error: failed to create store: failed to read blob configuration: workDir unspecified and failed to determine user cache dir: neither $XDG_CACHE_HOME nor $HOME are defined”
Left with no idea as to what to do here. Please suggest what will be right config in conf.yaml.
a
Alex Olivier (Cerbos)
01/24/2023, 2:19 PMIs this locally or in lambda?
v
Vignesh Sankaran
01/24/2023, 2:20 PMThis is in AWS Lambda.
Local it is working perfectly fine and also on AWS EC2.
log-events-viewer-result-3.csv
a
Alex Olivier (Cerbos)
01/24/2023, 2:20 PMThis is the default config for lambda - it hardcodes the path to workDir
auxData:
jwt:
disableVerification: true
storage:
driver: "blob"
blob:
bucket: $BUCKET_URL
prefix: $BUCKET_PREFIX
workDir: /tmp/workDir
updatePollInterval: 15sthen in the deployment BUCKET_URL and BUCKET_PREFIX are enviroment variables
v
Vignesh Sankaran
01/24/2023, 2:22 PMI tried this, will try again. I have also given fullS3Access policy to the CerbosServerFunction role too. Will try rightaway.
a
Alex Olivier (Cerbos)
01/24/2023, 2:22 PMthe config on here https://docs.cerbos.dev/cerbos/latest/configuration/storage.html#blob-driver is for if you are running in your own infra/ec2 rather than lambda
$HOME isnt’ defined in lambda