Upgrade memory for pieriandx glue lambdas

[alexiswl]

Note that this still doesn't seem to fix the issue.

https://ap-southeast-2.console.aws.amazon.com/states/home?region=ap-southeast-2#/v2/executions/details/arn:aws:states:ap-southeast-2:843407916570:execution:nails-cttsov2-complete-to-pdx-sfn:f9fde40f-5986-437a-80b5-adcc0f34f07e

Fails because the 'get recap info' step times out.

Most recent logs don't show anything

https://ap-southeast-2.console.aws.amazon.com/cloudwatch/home?region=ap-southeast-2#logsV2:log-groups/log-group/$252Faws$252Flambda$252FOrcaBusBeta-StackyMcStack-cttsov2topieriandxgetDat-K0RFO3ts0afo/log-events/2024$252F10$252F31$252F$255B7$255Dd4b12f54af964991a4c0244662496c1f

Max memory used is only about 116 Mb, far shy of the 2048 limit.

[alexiswl]

Figured out the lambda error.

Thank you, you were right! Logging.info not writing to console. Lambdas was getting stuck waking up the redcap lambda because I used

props.redcapLambdaObj.latestVersion.grantInvoke(getDataFromRedCapPyLambdaObj.currentVersion);

But props.redcapLambdaObj.latestVersion ARN resolves to just arn:aws:lambda:ap-southeast-2:843407916570:function:redcap-apis-dev-lambda-function:$LATEST

Rather than the actual version number.

With print statements in the error section for the wake_up_lambdas step I get

Error warming up lambda: An error occurred (AccessDeniedException) when calling the Invoke operation: User: arn:aws:sts::843407916570:assumed-role/OrcaBusBeta-StackyMcStack-cttsov2topieriandxgetData-9VmCQBR11lGe/OrcaBusBeta-StackyMcStack-cttsov2topieriandxgetDat-jd4Ts7DTHeYC is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:ap-southeast-2:843407916570:function:redcap-apis-dev-lambda-function because no identity-based policy allows the lambda:InvokeFunction action

So instead of
props.redcapLambdaObj.latestVersion.grantInvoke(getDataFromRedCapPyLambdaObj.currentVersion);
Instead need to switch to

    getDataFromRedCapPyLambdaObj.addToRolePolicy(
      new iam.PolicyStatement(
        {
          actions: ['lambda:Invoke'],
          resources: [
            `${props.redcapLambdaObj.functionArn}`,
            `${props.redcapLambdaObj.functionArn}:${props.redcapLambdaObj.latestVersion.version}`
          ],
        }
      )
    )

The fact that logger.info isn't working is concerning, I used the logger command across almost all python functions, will try debug this for a future PR

[alexiswl]

    getDataFromRedCapPyLambdaObj.addToRolePolicy(
      new iam.PolicyStatement(
        {
          actions: ['lambda:Invoke'],
          resources: [
            `${props.redcapLambdaObj.functionArn}`,
            `${props.redcapLambdaObj.functionArn}:${props.redcapLambdaObj.latestVersion.version}`
          ],
        }
      )
    )

This didn't work, latestVersion.version also returns just $LATEST rather than the number, using a NagSuppression instead

[victorskl]

Suppress the nag globally if need be. For now.

Would be nice if we can merge this fix in. Before Run 236 hits to O3. No pressure! :D

[alexiswl]

Ditto, adding the cdk nag suppression after the infringing line / construct method resolved the issue