func-api-firmware-status-patch
Overview
Manages the Lambda function that handles authenticated firmware status transitions via PATCH /firmware/{zip_name}/status. Drives the release state machine: READY_TO_TEST → TESTING → RELEASED → REVOKED. When transitioning to RELEASED, the function copies binaries to the public S3 bucket. When transitioning to REVOKED, it moves the public-bucket object to the revoked/ prefix and sets a TTL.
CloudFormation Stack
firefly-func-api-firmware-status-patch
CloudWatch Logs
| Setting | Value |
|---|---|
| Log group | /aws/lambda/firefly-func-api-firmware-status-patch |
| Retention | 30 days |
Dependencies
Deploy Dependencies
| Workflow | Reason |
|---|---|
| api-gateway | API Gateway ID and Cognito JWT Authorizer ID required as SAM parameters |
| shared-layer | Lambda layer ARN must be resolvable at SAM build/deploy time |
Delete Dependencies
None — this workflow has no prerequisites.
Required By
Required By Deploy
| Workflow | Reason |
|---|---|
| run-integration-tests | Status-patch endpoint must exist before integration tests run |
Required By Delete
| Workflow | Reason |
|---|---|
| api-gateway | All Lambda integrations must be removed before the API Gateway stack can be deleted |
| shared-layer | Layer cannot be deleted while functions still reference it |
Deploy Workflow
Description
Looks up the API Gateway ID and the Cognito JWT Authorizer ID from the firefly-api-gateway stack outputs, then builds and deploys the function. The route is protected by the Cognito JWT authorizer.
Steps
- Configure AWS credentials.
- Look up
ApiIdandAuthorizerIdfrom thefirefly-api-gatewaystack outputs. - SAM build.
- SAM deploy with parameters:
ApiIdAuthorizerIdDynamoDbFirmwareTableName(from vars)FirmwarePrivateBucketName(from secrets)FirmwarePublicBucketName(from secrets)EnvironmentName(target environment)
State machine transitions handled:
| Transition | Side Effect |
|---|---|
→ RELEASED | Copies firmware binaries to public S3 bucket |
→ REVOKED | Moves public S3 object to revoked/ prefix; sets DynamoDB TTL |
Sequence Diagram
Delete Workflow
Description
Runs sam delete to remove the CloudFormation stack and the Lambda function.
Steps
- Configure AWS credentials.
- SAM delete
firefly-func-api-firmware-status-patch.
Sequence Diagram
Failure Scenarios
| Scenario | Behavior |
|---|---|
| Authorizer ID lookup fails | describe-stacks returns an error or the output key is absent; workflow fails. The api-gateway stack must be fully deployed with the Cognito JWT authorizer before this workflow runs. |
| Public S3 bucket secret missing | Function deploys successfully but the RELEASED transition fails at runtime when attempting to copy to the public bucket. |