AWS Deploy Lambda Function, API Gateway, Invoke/Call another Lambda Function, Save to S3, Public Access etc.

洪健翔 Hung, Chien-hsiang
5 min readMay 31, 2023

--

Original article, not truncated by Medium — AWS Deploy Lambda Function, API Gateway, Invoke/Call another Lambda Function, Save to S3, Public Access etc. — Hung, Chien-Hsiang | Blog (chienhsiang-hung.github.io)

Flow Outline

AWS

PowerPlatform

Lambda

S3

PowerAutomate

POST

(delay 2 mins)
GET

invoke RequestResponse

wampdfs

HtmltoPDF

TableandChart

PowerApps

WIT

WAM_monthly_statement

Structure

(ABSTRACT EXAMPLE)

TableandChart

  • Code
  • Python 3.9 (Architecture x86_64), HTML and CSS
  • main package — matplotlib
  • Layers
  • dataVisLayer (custom)
  • AWSDataWrangler-Python39
  • numerize (custom)

HtmltoPDF

  • Code
  • Python 3.9 (Architecture x86_64)
  • main package — pandas, PyPDF2
  • custom-fonts
  • Layers
  • wkhtmltopdf
  • pandas
  • fonts
  • PyPDF2

How to Deploy a Lambda Function

Regions

First check your region.

Find the nearest (server) region.

choose Singapore for Operation (in Asia)

Create function

Lambda > Functions > Create function

Add trigger (API Gateway)

Layers

2 ways to add layers

  • Add layer AWSSDKPandas-Python310 at the Functions page (AWSDataWrangler-Python39 upgrades to AWSSDKPandas-Python310)

Lambda > Layers

If you can’t find the ARN or you need to customize some packages inside.

  • Create layer
  • Layer configuration

Including library dependencies in a layer:

Layer paths for each Lambda runtime

RuntimePath

Node.js

nodejs/node_modules

nodejs/node14/node_modules (NODE_PATH)

nodejs/node16/node_modules (NODE_PATH)

nodejs/node18/node_modules (NODE_PATH)

Python

python

python/lib/python3.10/site-packages(site directories)

Java

java/lib (CLASSPATH)

Ruby

ruby/gems/2.7.0 (GEM_PATH)

ruby/lib (RUBYLIB)

All runtimes

bin (PATH)

lib (LD_LIBRARY_PATH)

See Creating and sharing Lambda layers — AWS Lambda (amazon.com).

Runtime Check

Remember to check your function runtime. Make sure the runtime of layers and the function are the same.

AWS Data Wrangler

And, for AWSDataWrangler-Python39 (PythonXX should meet your runtime version as well), the ARN should be arn:aws:lambda:YOUR-REGION:336392948345:layer:AWSDataWrangler-Python39:2. For example, AWS Data Wrangler Lambda Layer - 2.15.0 (Python 3.9) and region Singapore will be arn:aws:lambda:ap-southeast-1:336392948345:layer:AWSDataWrangler-Python39:2.

Configuration

Timeout

Task timed out after 3.09 seconds…

General configuration Timeout 3 sec (default) set to 10 min (max).

Existing role

And, from here, choose an Existing role.

You have to create it manually for your lambda function if you want to use it to call another function.

Environment variables

(For HtmltoPDF function)

Roles

IAM > Roles

Create role

to create a role and add permission

add permissions (or create policy)

Invoke Role

To invoke another lambda function in AWS.

  • Permissions policies — Customer managed — InvokeHtmltoPDF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"lambda:InvokeFunction",
"lambda:InvokeAsync"
],
"Resource": "arn:aws:lambda:region:account-id:function:function-name"
}
]
}
  • Resource: lambda function arn1, replaceregion, account-id and function-name.
  • Permissions policies — AWS managed — AWSLambdaBasicExecutionRole
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
}

lambda to s3

lambda-s3-role

  • Permissions policies — AWS managed — AWSLambdaExecute
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:*"
],
"Resource": "arn:aws:logs:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::*"
}
]
}

Amazon S3

Create bucket

Configuration

General configuration

  • Bucket name (Bucket with the same name already exists: Bucket name must be globally unique and must not contain spaces or uppercase letters. See rules for bucket naming)
  • AWS Region

Object Ownership

  • ACLs enabled
  • Bucket owner preferred

Block Public Access settings for this bucket

  • untick Block all public access
  • I acknowledge that the current settings might result in this bucket and the objects within becoming public.

Bucket Versioning — Disable

Default encryption

  • Encryption key type
  • Amazon S3 managed keys (SSE-S3)
  • Bucket Key
  • Disable

Advanced settings

  • Object Lock
  • Disable

Object URL

For it to work publicly, you need to add a Bucket policy to make the Bucket Publicly accessible.

Go to Amazon S3 > Buckets > YOURBUCKET > Permissions > Bucket policy

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::YOUTBUCKETNAME/*"
}
]
}

Replace the Resource with your Bucket.

Be careful, the objects in this bucket will all be publicly available by default. So don’t leak your Object URL (bucket name and file name) out.

Once you’ve applied the policy successfully, you will see the changes made in the Permission overview sector.

Now you can access the object through the Object URL.

Connectors

update codes’ connection

Lambda function to Lambda function

import boto3
client = boto3.client('lambda')

response = client.invoke(
# arn:aws:lambda:region:account-id:function:function-name
FunctionName = 'arn:aws:lambda:REGION:ACCOUNT-ID:function:FUNCTION-NAME',
InvocationType = 'RequestResponse',
Payload = json.dumps({
'example': your_var,
})
)
# responseFromChild = json.load(response['Payload'])

Lambda function to S3

Lambda function save/upload to S3

import boto3

s3 = boto3.resource('s3')
s3.meta.client.upload_file("/tmp/TEST_FILE.txt", 'YOUR_BUCKET_NAME', "NEW_FILE_NAME.txt")

Deploy

2 ways to manually CI/CD

Download and Upload

  1. Actions > Export function > Download deployment package
  1. (edit your code package)
  2. Compress your files > Upload from > .zip file

Edit on the Portal

  1. Save
  2. Deploy

--

--

No responses yet