====== AWS Lambda ======
===== Lambda =====
$ aws lambda list-functions --profile nonprod_admin | jq .[][].FunctionName | grep -i 'dev\|test'
in lambda python, read tags in from Lambda environment:-
import os
TAGS = [{"Key": k, "Value": v} for k, v in json.loads(os.environ["TAGS"]).items()]
create_something
Tags=TAGS
In the terraform to build it:-
resource "aws_lambda_function" "create_roles_for_users" {
filename = "${module.create_roles_for_users.zip_path}"
function_name = "${local.name_prefix}-create-roles-for-users"
handler = "lambda_function.lambda_handler"
role = "${aws_iam_role.create_roles_for_users.arn}"
runtime = "python3.7"
source_code_hash = "${module.create_roles_for_users.base64sha256}"
timeout = 30
tags = "${module.vars.tags}"
environment {
variables {
ARTIFACT_S3_BUCKET = "${aws_s3_bucket.account_creation_artifact_s3_bucket.id}"
IAM_POLICY_DEFINITION_PREFIX = "${local.default_policy_prefix}"
ORGS_DEFAULT_ROLE_NAME_SSM_PARAM = "${aws_ssm_parameter.orgs_default_role_name.name}"
TAGS = "${jsonencode(module.vars.tags)}"
}
}
==== Using Parameter Store ====
def readparameter(parameter):
parameter_client = boto3.client('ssm')
parameter_response = parameter_client.get_parameter(
Name=parameter,
)
# logger.info('Value of %s is %s', parameter, parameter_response['Parameter']['Value'])
return parameter_response
# Main Handler
def handler(event, context):
# Paths to parameters in Parameter store.
parameter_bucket = "/path/to/Bucket"
s3_bucket = readparameter(parameter_bucket)
print("Bucket is:- ", s3_bucket['Parameter']['Value'])
==== Run Lambda from cli ====
#!/bin/bash
#export http_proxy=http://clientproxy.company.com:8080
#export https_proxy=http://clientproxy.company.com:8080
echo "Testing aws access:-"
aws sts get-caller-identity
echo "Running Lambda invocation with event data:-"
cat eventdata.json
echo "Starting Lambda:-"
aws lambda invoke \
--region eu-west-2 \
--function-name copy_repo_file \
--cli-binary-format raw-in-base64-out \
--payload file://eventdata.json response.json
Event data example:-
{
"filename": "catbert.gif",
"user_name": "centos",
"bucket_ref": "centos-data"
}
==== Cloud Formation version in YAML ====
AWSTemplateFormatVersion: 2010-09-09
Resources:
LambdaRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- 'sts:AssumeRole'
LambdaPolicy:
Type: 'AWS::IAM::Policy'
Properties:
PolicyName: LambdaPolicy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- 'logs:CreateLogGroup'
Resource: '*'
Roles:
- !Ref LambdaRole
TagTest:
Type: 'AWS::Lambda::Function'
DeletionPolicy: Delete
Properties:
Code:
ZipFile: |
import json
def lambda_handler(event, context):
print('REQUEST RECEIVED:\n' + json.dumps(event))
return
FunctionName: TagTest
Tags:
- Key: "Tag1"
Value: "TagValue"
- Key: "CreatedBy"
Value: "CloudFormation"
Handler: index.lambda_handler
Role: !GetAtt
- LambdaRole
- Arn
Runtime: python3.12
Timeout: 10