AWS Lambda from the command line

Let’s create a python function called “add” and run it on AWS

$ mkdir aws_functions
$ cd aws_functions
$ mkdir add
$ cd add
# Create out nice little function
$ vim main.py
---main.py---
# Simple as it gets
def add(event, context):
return event['a'] + event['b']
----
# zip function -> main.zip
$ zip main.zip main.py

Nice! now we need to push this up to AWS lambda.

If you don’t already have the AWS command line interface (CLI) you can install it with pip like so.

$ sudo pip install awscli --ignore-installed six
# installation stuff

Now we create a AWS CLI user. This user is our entry into AWS. Refer here for more help.

# Create a user group 'lambda_group'
$ aws iam create-group --group-name lambda_group
# Create a user 'lambda_user'
$ aws iam create-user --user-name lambda_user
# Add our user to the group
$ aws iam add-user-to-group --user-name lambda_user --group-name lambda_group
# Create a password for this user
$ aws iam create-login-profile --user-name lambda_user --password My!User1Login8P@ssword
# Create an CLI access key for this user
$ aws iam create-access-key --user-name lambda_user
# Save the Secret and Access Key's some where safe

AWS allows users to perform operations defined by a policy. We are going to create a custom policy and pass it to our user.

# Create our policy granting all the lambda functionality
$ vim lambda_policy.json
---lambda_policy.json---

{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"iam:*",
"lambda:*"
],
"Resource": "*"
}]
}
# Grant this policy to our lambda_user
$ aws iam put-user-policy --user-name lambda_user --policy-name lambda_all --policy-document file://lambda_policy.json

Next we will configure our AWS cli to this user.

$ aws configure --profile lambda_user
> AWS Access Key ID [None]: <your_key>
> AWS Secret Access Key [None]: <your_secret>
> Default region name [None]: us-west-2
> Default output format [None]: json
# AWS stores this at ~/.aws/   
# go check it out
# Make sure you can connect
$ aws ec2 describe-regions
...

Good, we are almost there. Lambda functions also need a role. The role specifies what actions the function instance is capable of.

$ vim basic_lambda_role.json
---basic_lambda_role.json---
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": { "AWS" : "*" },
"Action": "sts:AssumeRole"
}]
}
$ aws iam create-role --role-name basic_lambda_role --assume-role-policy-document file://basic_lambda_role.json
...
# Hold on to "ARN" e.g:
"Arn": "arn:aws:iam::1234567:role/basic_lambda_role"

Next we are going to push our add function up onto aws.

$ aws lambda create-function \ 
--region us-west-2 \
--function-name add \
--zip-file fileb://main.zip \
--role <your_arn>\
--handler main.add \
--runtime python2.7 \
--profile lambda_user

Voila! And now to invoke it…

$ aws lambda invoke \
--invocation-type RequestResponse \
--function-name add \
--region us-west-2 \
--log-type Tail \
--payload '{"a":1, "b":2 }' \
--profile lambda_user \
outputfile.txt
# Voila!!
$ cat outputfile.txt
3

This is very bare bones, but I hope it helps.

  • JRS