[OSDEV-1886] Fix script for delete Lamda@Edge functions

.github/workflows/destroy.yml

@@ -69,7 +69,7 @@ jobs:
   destroy:
     runs-on: ubuntu-latest
     environment: ${{ inputs.deploy-env }}
-    needs: destroy_lambda_edge_function
+    needs: destroy_lambda_edge_functions
     steps:
       - name: Get Environment Name for ${{ vars.ENV_NAME }}
         id: get_env_name

.gitignore

@@ -93,3 +93,6 @@ venv.bak/
 db.dump
 latest_prod.dump
 dumps
+
+*.~
+*.bak

deployment/delete_lambda

@@ -19,7 +19,7 @@ LAMBDA_ARN="arn:aws:lambda:$REGION:$ACCOUNT_ID:function:$LAMBDA_NAME"
 
 echo "Deleting Lambda function: $LAMBDA_NAME"
 
-LAMBDA_VERSION=$(aws lambda list-versions-by-function --function-name "$LAMBDA_ARN" --region "$REGION" | jq -r '.Versions | max_by(.Version | tonumber) | .Version')
+LAMBDA_VERSION=$(aws lambda list-versions-by-function --function-name "$LAMBDA_ARN" --region "$REGION" | jq -r '.Versions | map(select(.Version != "$LATEST")) | max_by(.Version | tonumber) | .Version')
 
 DISTRIBUTION_ID=""
 for id in $(aws cloudfront list-distributions --query "DistributionList.Items[*].Id" --output text); do
@@ -39,16 +39,34 @@ if [ -z "$DISTRIBUTION_ID" ]; then
   exit 1
 fi
 
-echo "Fetching CloudFront distribution configuration..."
-json=$(aws cloudfront get-distribution-config --id "$DISTRIBUTION_ID")
-ETAG=$(echo "$json" | jq -r '.ETag')
-CONFIG=$(echo "$json" | jq '.DistributionConfig')
-
-CONFIG=$(echo "$CONFIG" | jq 'del(.DefaultCacheBehavior.LambdaFunctionAssociations.Items[] | select(.LambdaFunctionARN == "'$LAMBDA_ARN':'$LAMBDA_VERSION'"))')
+echo "Fetching current distribution config..."
+aws cloudfront get-distribution-config --id $DISTRIBUTION_ID > full-config.json
+
+ETAG=$(cat full-config.json | jq -r '.ETag')
+echo "ETag: $ETAG"
+
+cat full-config.json | jq '.DistributionConfig' > dist-config.json
+
+cat dist-config.json | jq --arg NAME "$LAMBDA_NAME" '
+  .DefaultCacheBehavior.LambdaFunctionAssociations |=
+    {
+      "Quantity": (
+        .Items
+        | map(select(.LambdaFunctionARN | contains($NAME) | not))
+        | length
+      ),
+      "Items": (
+        .Items
+        | map(select(.LambdaFunctionARN | contains($NAME) | not))
+      )
+    }
+' > new-config.json
 
 echo "Updating CloudFront distribution to detach Lambda@Edge..."
-UPDATED_CONFIG=$(echo "$CONFIG" | jq -c '.')
-aws cloudfront update-distribution --id "$DISTRIBUTION_ID" --if-match "$ETAG" --distribution-config "$UPDATED_CONFIG"
+aws cloudfront update-distribution \
+  --id $DISTRIBUTION_ID \
+  --distribution-config file://new-config.json \
+  --if-match $ETAG 2>&1
 
 echo "Waiting for CloudFront distribution deployment..."
 aws cloudfront wait distribution-deployed --id "$DISTRIBUTION_ID"
@@ -59,19 +77,25 @@ VERSIONS=$(aws lambda list-versions-by-function --function-name "$LAMBDA_ARN" --
 for version in $VERSIONS; do
   if [[ "$version" != "\$LATEST" ]]; then
     echo "Deleting Lambda version: $version"
-    aws lambda delete-function --function-name "$LAMBDA_ARN:$version" --region "$REGION"
-  fi
-done
-
-echo "Lambda function deletion initiated. Verifying..."
-
-while true; do
-  if ! aws lambda get-function --function-name "$LAMBDA_ARN" --region "$REGION" 2>/dev/null; then
-    echo "Lambda function successfully deleted."
-    break
+    while true; do
+      DELETE_RESPONSE=$(aws lambda delete-function --function-name "$LAMBDA_ARN:$version" --region "$REGION" 2>&1)
+      EXIT_CODE=$?
+
+      if [ $EXIT_CODE -eq 0 ]; then
+        echo "$(date '+%Y-%m-%d %H:%M:%S') - Function deleted successfully! 🎉"
+        exit 0
+      fi
+
+      if echo "$DELETE_RESPONSE" | grep -q "because it is a replicated function"; then
+        echo "$(date '+%Y-%m-%d %H:%M:%S') - Function still replicated. Waiting 5 minutes..."
+        sleep 300
+      else
+        echo "$(date '+%Y-%m-%d %H:%M:%S') - Unexpected error:"
+        echo "$DELETE_RESPONSE"
+        exit 1
+      fi
+    done
   fi
-  echo "Waiting for Lambda function to be deleted..."
-  sleep 30
 done
 
 echo "Process completed successfully."

deployment/environments/terraform-preprod.tfvars

@@ -16,20 +16,20 @@ bastion_instance_type = "t3.nano"
 rds_allocated_storage = "256"
 rds_engine_version = "16"
 rds_parameter_group_family = "postgres16"
-rds_instance_type = "db.m6in.4xlarge"
+rds_instance_type = "db.t3.micro"
 rds_database_identifier = "opensupplyhub-enc-pp"
 rds_database_name = "opensupplyhub"
 rds_multi_az = false
 rds_storage_encrypted = true
 
-app_ecs_desired_count = "10"
+app_ecs_desired_count = "1"
 app_ecs_deployment_min_percent = "100"
 app_ecs_deployment_max_percent = "400"
-app_fargate_cpu = "2048"
-app_fargate_memory = "4096"
+app_fargate_cpu = "512"
+app_fargate_memory = "1024"
 
-cli_fargate_cpu = "2048"
-cli_fargate_memory = "8192"
+cli_fargate_cpu = "256"
+cli_fargate_memory = "1024"
 
 gunicorn_worker_timeout = "240"
 
@@ -51,11 +51,11 @@ dedupe_hub_live = true
 dedupe_hub_name = "deduplicate"
 dedupe_hub_version = 1
 app_cc_ecs_desired_count = 0
-app_dd_fargate_cpu = 4096
-app_dd_fargate_memory = 16384
+app_dd_fargate_cpu = 2048
+app_dd_fargate_memory = 4096
 app_dd_ecs_desired_count = 1
 
-opensearch_instance_type = "m6g.large.search"
+opensearch_instance_type = "t3.small.search"
 
 app_logstash_fargate_cpu = 256
-app_logstash_fargate_memory = 2048
+app_logstash_fargate_memory = 2048