When you call aws lambda get-function --function-name FunctionName, you'll see a CodeSha256 key. I don't know what it's Sha256'ing, though. It doesn't match shasum -a 256 FunctionName.zip, where FunctionName.zip is the package I had uploaded.
What I'd like to be able to do, for an existing lambda, is generate the sha256 from the code I'm about to upload that would match the sha256 amazon gives back in get-function. Any help is appreciated, as I haven't been able to find any information on this anywhere, except for Amazon saying it's "the SHA256 hash of the deployment package"
Okay, I figured it out. All the methods for generating a sha 256 hash output it in hex, but amazon is returning it in base64.
So, to totally answer my own question, here's how to (with node), check to see if you're about to upload the same zip.
#!/usr/bin/env node
var crypto = require('crypto');
var fs = require('fs');
var path = require('path');
var AWS = require('aws-sdk');
var lambda = new AWS.Lambda({
region: 'us-west-2'
});
var lambdaName = 'CreatePost';
var filePath = path.resolve(__dirname, 'tmp/create-post.zip');
lambda.getFunction({
FunctionName: lambdaName
}, function (error, data) {
if (error) {
console.error(error);
return process.exit(1);
}
var lambdaSha256 = data.Configuration.CodeSha256;
var shasum = crypto.createHash('sha256');
fs.createReadStream(filePath)
.on("data", function (chunk) {
shasum.update(chunk);
})
.on("end", function () {
var sha256 = shasum.digest('base64');
if (sha256 === lambdaSha256) {
console.log("No need to upload, sha hashes are the same");
} else {
console.log("That needs to be uploaded again son.")
}
process.exit();
});
});