AWS Deploy Lambda Function, API Gateway, Invoke/Call another Lambda Function, Save to S3, Public Access etc.

Flow Outline

Structure

(ABSTRACT EXAMPLE)

TableandChart

• Code
  • Python 3.9 (Architecture x86_64), HTML and CSS
    • main package - matplotlib
• Layers
  • dataVisLayer (custom)
  • AWSDataWrangler-Python39
  • numerize (custom)

HtmltoPDF

• Code
  • Python 3.9 (Architecture x86_64)
    • main package - pandas, PyPDF2
    • custom-fonts
• Layers
  • wkhtmltopdf
  • pandas
  • fonts
  • PyPDF2

How to Deploy a Lambda Function

Regions

First check your region.

Create function

Lambda > Functions > Create function

Add trigger (API Gateway)

Layers

2 ways to add layers

• Add layer AWSSDKPandas-Python310 at the Functions page (AWSDataWrangler-Python39 upgrades to AWSSDKPandas-Python310)

  

Lambda > Layers

If you can’t find the ARN or you need to customize some packages inside.

• Create layer

  

• Layer configuration

  

Including library dependencies in a layer:

See Creating and sharing Lambda layers - AWS Lambda (amazon.com).

Runtime Check

Remember to check your function runtime. Make sure the runtime of layers and the function are the same.

AWS Data Wrangler

And, for AWSDataWrangler-Python39 (PythonXX should meet your runtime version as well), the ARN should be arn:aws:lambda:YOUR-REGION:336392948345:layer:AWSDataWrangler-Python39:2. For example, AWS Data Wrangler Lambda Layer - 2.15.0 (Python 3.9) and region Singapore will be arn:aws:lambda:ap-southeast-1:336392948345:layer:AWSDataWrangler-Python39:2.

Configuration

Timeout

Task timed out after 3.09 seconds…

General configuration Timeout 3 sec (default) set to 10 min (max).

Existing role

And, from here, choose an Existing role.

Environment variables

(For HtmltoPDF function)

Roles

IAM > Roles

Create role

to create a role and add permission

Invoke Role

To invoke another lambda function in AWS.

• Permissions policies - Customer managed - InvokeHtmltoPDF

  1 2 3 4 5 6 7 8 9 10 11 12 13 14

  { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "lambda:InvokeFunction", "lambda:InvokeAsync" ], "Resource": "arn:aws:lambda:region:account-id:function:function-name" } ] }

  Resource: lambda function arn¹, replaceregion, account-id and function-name.

• Permissions policies - AWS managed - AWSLambdaBasicExecutionRole

  1 2 3 4 5 6 7 8 9 10 11 12 13 14

  { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*" } ] }

lambda to s3

lambda-s3-role

• Permissions policies - AWS managed - AWSLambdaExecute

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

  { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:*" ], "Resource": "arn:aws:logs:*:*:*" }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject" ], "Resource": "arn:aws:s3:::*" } ] }

Amazon S3

Create bucket

Configuration

General configuration

• Bucket name (Bucket with the same name already exists: Bucket name must be globally unique and must not contain spaces or uppercase letters. See rules for bucket naming)

• AWS Region

Object Ownership

• ACLs enabled
• Bucket owner preferred

Block Public Access settings for this bucket

• untick Block all public access
• I acknowledge that the current settings might result in this bucket and the objects within becoming public.

Bucket Versioning - Disable

Default encryption

• Encryption key type

  Amazon S3 managed keys (SSE-S3)

• Bucket Key

  Disable

Advanced settings

• Object Lock

  Disable

Object URL

For it to work publicly, you need to add a Bucket policy to make the Bucket Publicly accessible.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::YOUTBUCKETNAME/*"
        }
    ]
}

Replace the Resource with your Bucket.

Be careful, the objects in this bucket will all be publicly available by default. So don’t leak your Object URL (bucket name and file name) out.

Once you’ve applied the policy successfully, you will see the changes made in the Permission overview sector.

Connectors

update codes’ connection

Lambda function to Lambda function

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

import boto3
client = boto3.client('lambda')

response  = client.invoke(
    # arn:aws:lambda:region:account-id:function:function-name
    FunctionName = 'arn:aws:lambda:REGION:ACCOUNT-ID:function:FUNCTION-NAME',
    InvocationType = 'RequestResponse',
    Payload = json.dumps({
        'example': your_var,
    })
)
# responseFromChild = json.load(response['Payload'])

Lambda function to S3

Lambda function save/upload to S3

1
2
3
4

import boto3

s3 = boto3.resource('s3')
s3.meta.client.upload_file("/tmp/TEST_FILE.txt", 'YOUR_BUCKET_NAME', "NEW_FILE_NAME.txt")

Deploy

2 ways to manually CI/CD

Download and Upload

1. Actions > Export function > Download deployment package

   

2. (edit your code package)
3. Compress your files > Upload from > .zip file

   

Edit on the Portal

1. Save
2. Deploy