I am struggling to get cerbos to work on AWS Lambd...
# helpv
Vignesh Sankaran
01/24/2023, 1:15 PMI am struggling to get cerbos to work on AWS Lambda as a serverless service. Any help is appreciated.
a
Alex Olivier (Cerbos)
01/24/2023, 1:30 PM
Can you share the policy file? Looks like a formatting error
Alex Olivier (Cerbos)
01/24/2023, 1:36 PM
(Good news is that means Cerbos instance is running now!)
v
Vignesh Sankaran
01/24/2023, 1:46 PMI resolved that but ended up on another error:
cerbos: error: failed to create store: failed to create workDir “/policies”: mkdir /policies: read-only file system
Vignesh Sankaran
01/24/2023, 1:46 PMconf.default.yml,sam.yml
Vignesh Sankaran
01/24/2023, 1:47 PMI think I need to remove the configs for S3 except bucket and re-try
Vignesh Sankaran
01/24/2023, 1:56 PMI am re-trying with this config:
storage:
driver: “blob”
blob:
bucket: $BUCKET_URL
prefix: $BUCKET_PREFIX
workDir: ${HOME}/tmp/cerbos/work
updatePollInterval: 15s
downloadTimeout: 30s
requestTimeout: 10s
a
Alex Olivier (Cerbos)
01/24/2023, 2:03 PM
You shouldn’t have to change the default config unless you need to change the polling intervals
v
Vignesh Sankaran
01/24/2023, 2:11 PMNoted. But with default config I am ending up with the below error in the logs whenever I involve the deployed endpoint;
cerbos: error: failed to create store: failed to read blob configuration: workDir unspecified and failed to determine user cache dir: neither $XDG_CACHE_HOME nor $HOME are defined
Vignesh Sankaran
01/24/2023, 2:11 PMI am looking at the right config to put in place for using AWS S3 as the storage
Vignesh Sankaran
01/24/2023, 2:12 PMI am looking at here: https://docs.cerbos.dev/cerbos/latest/configuration/storage.html#blob-driver
and used the same config in this for AWS S3 (changed the bucket name and prefix), but unsure what to set for $HOME
Vignesh Sankaran
01/24/2023, 2:19 PMI am stuck here:
“cerbos: error: failed to create store: failed to read blob configuration: workDir unspecified and failed to determine user cache dir: neither $XDG_CACHE_HOME nor $HOME are defined”
Left with no idea as to what to do here. Please suggest what will be right config in conf.yaml.
a
Alex Olivier (Cerbos)
01/24/2023, 2:19 PM
Is this locally or in lambda?
v
Vignesh Sankaran
01/24/2023, 2:20 PMThis is in AWS Lambda.
Local it is working perfectly fine and also on AWS EC2.
Vignesh Sankaran
01/24/2023, 2:20 PMa
Alex Olivier (Cerbos)
01/24/2023, 2:20 PM
This is the default config for lambda - it hardcodes the path to workDir
Copy code
auxData:
jwt:
disableVerification: true
storage:
driver: "blob"
blob:
bucket: $BUCKET_URL
prefix: $BUCKET_PREFIX
workDir: /tmp/workDir
updatePollInterval: 15sAlex Olivier (Cerbos)
01/24/2023, 2:21 PM
then in the deployment BUCKET_URL and BUCKET_PREFIX are enviroment variables
v
Vignesh Sankaran
01/24/2023, 2:22 PMI tried this, will try again. I have also given fullS3Access policy to the CerbosServerFunction role too. Will try rightaway.
a
Alex Olivier (Cerbos)
01/24/2023, 2:22 PM
the config on here https://docs.cerbos.dev/cerbos/latest/configuration/storage.html#blob-driver is for if you are running in your own infra/ec2 rather than lambda
$HOME isnt’ defined in lambda
10 Views