====== AWS Lambda ======

===== Lambda =====

<code>
$ aws lambda list-functions --profile nonprod_admin | jq .[][].FunctionName | grep -i 'dev\|test'
</code>

in lambda python, read tags in from Lambda environment:-

<code python>
import os
TAGS = [{"Key": k, "Value": v} for k, v in json.loads(os.environ["TAGS"]).items()]

create_something
 Tags=TAGS

</code>


In the terraform to build it:-

<code terraform>
resource "aws_lambda_function" "create_roles_for_users" {
  filename         = "${module.create_roles_for_users.zip_path}"
  function_name    = "${local.name_prefix}-create-roles-for-users"
  handler          = "lambda_function.lambda_handler"
  role             = "${aws_iam_role.create_roles_for_users.arn}"
  runtime          = "python3.7"
  source_code_hash = "${module.create_roles_for_users.base64sha256}"
  timeout          = 30
  tags             = "${module.vars.tags}"
  environment {
    variables {
      ARTIFACT_S3_BUCKET               = "${aws_s3_bucket.account_creation_artifact_s3_bucket.id}"
      IAM_POLICY_DEFINITION_PREFIX     = "${local.default_policy_prefix}"
      ORGS_DEFAULT_ROLE_NAME_SSM_PARAM = "${aws_ssm_parameter.orgs_default_role_name.name}"
      TAGS                             = "${jsonencode(module.vars.tags)}"
    }
  }
</code>

==== Using Parameter Store ====

<code python>
def readparameter(parameter):
    parameter_client = boto3.client('ssm')
    parameter_response = parameter_client.get_parameter(
        Name=parameter,
    )
    # logger.info('Value of %s is %s', parameter, parameter_response['Parameter']['Value'])
    return parameter_response

# Main Handler
def handler(event, context):
    # Paths to parameters in Parameter store.
    parameter_bucket = "/path/to/Bucket"

    s3_bucket = readparameter(parameter_bucket)
    print("Bucket is:- ", s3_bucket['Parameter']['Value'])
</code>


==== Run Lambda from cli ====

<code bash>
#!/bin/bash

#export http_proxy=http://clientproxy.company.com:8080
#export https_proxy=http://clientproxy.company.com:8080
echo "Testing aws access:-"
aws sts get-caller-identity

echo "Running Lambda invocation with event data:-"
cat eventdata.json
echo "Starting Lambda:-"
aws lambda invoke \
  --region eu-west-2  \
  --function-name copy_repo_file \
  --cli-binary-format raw-in-base64-out \
  --payload file://eventdata.json response.json

</code>

Event data example:-
<code json>
{
"filename": "catbert.gif",
"user_name": "centos",
"bucket_ref": "centos-data"
}
</code>



==== Cloud Formation version in YAML ====


<code yaml>
AWSTemplateFormatVersion: 2010-09-09

Resources:
  LambdaRole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - lambda.amazonaws.com
            Action:
              - 'sts:AssumeRole'
  LambdaPolicy:
    Type: 'AWS::IAM::Policy'
    Properties:
      PolicyName: LambdaPolicy
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Action:
              - 'logs:CreateLogGroup'
            Resource: '*'
      Roles:
        - !Ref LambdaRole

  TagTest:
    Type: 'AWS::Lambda::Function'
    DeletionPolicy: Delete
    Properties:
      Code:
        ZipFile: |
          import json
          def lambda_handler(event, context):
            print('REQUEST RECEIVED:\n' + json.dumps(event))
            return
      FunctionName: TagTest
      Tags:
        - Key: "Tag1"
          Value: "TagValue"
        - Key: "CreatedBy"
          Value: "CloudFormation"
      Handler: index.lambda_handler
      Role: !GetAtt
        - LambdaRole
        - Arn
      Runtime: python3.12
      Timeout: 10
</code>