feat: lambda-power-tuning

[zMynxx]

User description

• feat: added powertuning with config ready to test the lambda performence and optimize for cost.
• feat: lamnda arn updated on both examples.
• fix: stack name updated.
• feat: invoked and updated lambda config.

---

PR Type

Enhancement

---

Description

• Add AWS Lambda Power Tuning infrastructure with execution scripts

• Increase Lambda memory from 512MB to 1024MB and timeout to 45 seconds

• Create GitHub Actions workflow for automated Lambda performance analysis

• Add configuration files for simple and advanced power tuning scenarios

---

Diagram Walkthrough

flowchart LR
  A["Lambda Configuration"] -->|"Increase memory/timeout"| B["CDK Stack Update"]
  C["Power Tuning Scripts"] -->|"Execute analysis"| D["AWS Step Functions"]
  E["GitHub Actions Workflow"] -->|"Trigger analysis"| F["Power Tuning Action"]
  F -->|"Run execution"| D
  G["Config Templates"] -->|"Define scenarios"| D

Loading

File Walkthrough

	Relevant files
Configuration changes	4 files cdk-app-stack.ts Update Lambda memory and timeout configuration                      +2/-3      simple-execution-input.json Add simple power tuning configuration template                      +14/-0    adv-execution-input.json Add advanced power tuning configuration template                  +27/-0    trust-policy.json Add IAM trust policy for Lambda execution role                      +12/-0
Enhancement	5 files execute.sh Add Lambda power tuning execution script                                  +67/-0    action.yaml Create GitHub Actions composite action for power tuning    +77/-0    lambda-analysis.yaml Add Lambda analysis workflow dispatcher                                    +40/-0    execute.sh Add power tuning execution script with AWS CLI                      +67/-0    run.sh Add Lambda function deployment setup script                            +28/-0

---

[codiumai-pr-agent-free]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🔴	AWS account exposure Description: AWS Lambda ARN containing AWS account ID 747477446688 is hardcoded in configuration file, exposing sensitive account information that could be used for reconnaissance or targeted attacks. adv-execution-input.json [2-2] Referred Code "lambdaARN": "arn:aws:lambda:us-east-1:747477446688:function:prod-AwsLambdaCalculatorS-AwsLambdaCalculatorLambd-1k47ZCQqMsV3", "num": 50,
	Hardcoded AWS credentials Description: AWS Lambda ARN containing AWS account ID 747477446688 is hardcoded in configuration file, exposing sensitive account information. simple-execution-input.json [2-2] Referred Code "lambdaARN": "arn:aws:lambda:us-east-1:747477446688:function:prod-AwsLambdaCalculatorS-AwsLambdaCalculatorLambd-1k47ZCQqMsV3", "num": 3,
	Invalid IAM configuration Description: IAM role ARN contains placeholder AWS account ID 1234567890 which will cause runtime failures, but also demonstrates hardcoded account IDs in infrastructure code. run.sh [23-23] Referred Code --role arn:aws:iam::1234567890:role/lambda-basic-execution \ --handler lambda_function.lambda_handler \
	Missing AWS role configuration Description: GitHub Actions workflow is missing the required role-to-assume parameter for AWS credentials configuration, which will cause authentication failures and may lead to fallback to less secure credential methods. lambda-analysis.yaml [32-32] Referred Code role-duration-seconds: 1800
⚪	Hardcoded AWS profile Description: AWS profile name zMynx is hardcoded in the script, which may reference user-specific credentials and could lead to unauthorized access if the profile contains elevated permissions. execute.sh [14-14] Referred Code PROFILE="zMynx" REGION="us-east-1"
	User profile exposure Description: AWS profile name zMynx is hardcoded in the script, potentially exposing user-specific credential configuration. run.sh [3-3] Referred Code PROFILE="zMynx" REGION="us-east-1"
Ticket Compliance
⚪	🎫 No ticket provided - [ ] Create ticket/issue <!-- /create_ticket --create_ticket=true --> </details></td></tr>
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
⚪	No custom compliance provided Follow the guide to enable custom compliance check.
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[github-actions]

☂️ Python Coverage

current status: ✅

Overall Coverage

Lines	Covered	Coverage	Threshold	Status
774	769	99%	0%	🟢

New Files

No new covered files...

Modified Files

No covered modified files...

updated for commit: c7e2829 by action🐍

[github-actions]

Coverage report

This PR does not seem to contain any modification to coverable code.

[Copilot]

Pull Request Overview

This PR adds AWS Lambda Power Tuning functionality to optimize Lambda performance and cost. The changes include configuration files, shell scripts for execution, and GitHub Actions workflow integration to automate performance testing across different memory configurations.

Key changes:

• Lambda memory increased from 512MB to 1024MB and timeout extended from 30s to 45s based on power tuning results
• Added power tuning infrastructure with execution scripts and configuration files for both simple and advanced testing scenarios
• Integrated GitHub Actions workflow to automate Lambda analysis with configurable input parameters

Reviewed Changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
serverless/cdk-app/lib/cdk-app-stack.ts	Updated Lambda memory and timeout settings based on power tuning optimization
power-tuning/trust-policy.json	IAM trust policy for Lambda execution role
power-tuning/simple-execution-input.json	Basic power tuning configuration with test payloads
power-tuning/run.sh	Script to create Lambda function for benchmarking
power-tuning/execute.sh	Script to execute Step Functions state machine for power tuning
power-tuning/adv-execution-input.json	Advanced power tuning configuration with multiple test scenarios
.github/workflows/lambda-analysis.yaml	GitHub Actions workflow for automated Lambda analysis
.github/actions/aws-lambda-power-tuning/execute.sh	GitHub Action script to run power tuning
.github/actions/aws-lambda-power-tuning/action.yaml	GitHub Action definition for power tuning integration

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The default filename 'sample-execution-input.json' does not match any file in the power-tuning directory. It should be 'simple-execution-input.json' to match the actual filename.

Suggested change

	INPUT=$(cat "${1:-sample-execution-input.json}") # or use a static string
	INPUT=$(cat "${1:-simple-execution-input.json}") # or use a static string

[codiumai-pr-agent-free]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	✅ Correct the path to the action Suggestion Impact: The suggestion was directly implemented. The commit changed the uses path from ./.github/actions/lambda-calc to ./.github/actions/aws-lambda-power-tuning exactly as suggested. code diff: - uses: ./.github/actions/lambda-calc + uses: ./.github/actions/aws-lambda-power-tuning Correct the uses path in the workflow file to point to the correct custom action directory, changing it from ./.github/actions/lambda-calc to ./.github/actions/aws-lambda-power-tuning. .github/workflows/lambda-analysis.yaml [34-40] - name: Run Lambda Power Tuning Script - uses: ./.github/actions/lambda-calc + uses: ./.github/actions/aws-lambda-power-tuning env: CONFIG_JSON_DIRECTORY: ${{ github.workspace}}/${{ github.event.inputs.config_json_directory }} with: config_json_directory: ${{ env.CONFIG_JSON_DIRECTORY }} config_json_name: ${{ github.event.inputs.config_json_name }} [Suggestion processed] Suggestion importance[1-10]: 10 __ Why: The suggestion points out a fatal error in the workflow file; the path to the custom action is incorrect, which would cause the entire workflow to fail.	High
	Exit with error on failure Modify the script to exit with a non-zero status code and redirect the error message to stderr when the Step Function execution fails. .github/actions/aws-lambda-power-tuning/execute.sh [49-52] elif test "$STATUS" == "FAILED"; then # exit if failed - echo -e "\nThe execution failed, you can check the execution logs with the following script:\naws stepfunctions get-execution-history --execution-arn $EXECUTION_ARN" - break + echo -e "\nThe execution failed, you can check the execution logs with the following script:\naws stepfunctions get-execution-history --execution-arn $EXECUTION_ARN" >&2 + exit 1 Apply / Chat Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies a critical bug where the script exits with a success code on failure, which would break the error handling logic in the consuming GitHub Action.	High
	Remove hardcoded AWS profile and region Remove the hardcoded PROFILE and REGION variables and the associated --profile and --region flags from aws CLI commands to allow the script to use credentials from the environment. .github/actions/aws-lambda-power-tuning/execute.sh [14-23] -PROFILE="default" -REGION="us-east-1" - # retrieve state machine ARN STATE_MACHINE_ARN=$(aws stepfunctions list-state-machines \ --query "stateMachines[?contains(name,\`${STACK_NAME}\`)]|[0].stateMachineArn" \ - --output text \ - --profile $PROFILE \ - --region $REGION | + --output text | cat) Apply / Chat Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies that hardcoded AWS credentials will break the intended OIDC authentication, making the action non-functional in a CI/CD environment.	Medium
Update

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud