AWS Lambda from the command line

Jacob Steeves
Sep 11, 2016 · 2 min read

Let’s create a python function called “add” and run it on AWS

$ mkdir aws_functions
$ cd aws_functions
$ mkdir add
$ cd add
# Create out nice little function
$ vim
# Simple as it gets
def add(event, context):
return event['a'] + event['b']
# zip function ->
$ zip

Nice! now we need to push this up to AWS lambda.

If you don’t already have the AWS command line interface (CLI) you can install it with pip like so.

$ sudo pip install awscli --ignore-installed six
# installation stuff

Now we create a AWS CLI user. This user is our entry into AWS. Refer here for more help.

# Create a user group 'lambda_group'
$ aws iam create-group --group-name lambda_group
# Create a user 'lambda_user'
$ aws iam create-user --user-name lambda_user
# Add our user to the group
$ aws iam add-user-to-group --user-name lambda_user --group-name lambda_group
# Create a password for this user
$ aws iam create-login-profile --user-name lambda_user --password My!User1Login8P@ssword
# Create an CLI access key for this user
$ aws iam create-access-key --user-name lambda_user
# Save the Secret and Access Key's some where safe

AWS allows users to perform operations defined by a policy. We are going to create a custom policy and pass it to our user.

# Create our policy granting all the lambda functionality
$ vim lambda_policy.json

"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"Resource": "*"
# Grant this policy to our lambda_user
$ aws iam put-user-policy --user-name lambda_user --policy-name lambda_all --policy-document file://lambda_policy.json

Next we will configure our AWS cli to this user.

$ aws configure --profile lambda_user> AWS Access Key ID [None]: <your_key>
> AWS Secret Access Key [None]: <your_secret>
> Default region name [None]: us-west-2
> Default output format [None]: json
# AWS stores this at ~/.aws/
# go check it out
# Make sure you can connect
$ aws ec2 describe-regions

Good, we are almost there. Lambda functions also need a role. The role specifies what actions the function instance is capable of.

$ vim basic_lambda_role.json
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": { "AWS" : "*" },
"Action": "sts:AssumeRole"
$ aws iam create-role --role-name basic_lambda_role --assume-role-policy-document file://basic_lambda_role.json
# Hold on to "ARN" e.g:
"Arn": "arn:aws:iam::1234567:role/basic_lambda_role"

Next we are going to push our add function up onto aws.

$ aws lambda create-function \ 
--region us-west-2 \
--function-name add \
--zip-file fileb:// \
--role <your_arn>\
--handler main.add \
--runtime python2.7 \
--profile lambda_user

Voila! And now to invoke it…

$ aws lambda invoke \
--invocation-type RequestResponse \
--function-name add \
--region us-west-2 \
--log-type Tail \
--payload '{"a":1, "b":2 }' \
--profile lambda_user \
# Voila!!
$ cat outputfile.txt

This is very bare bones, but I hope it helps.

  • JRS

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store