Contents

AWS Deploy Lambda Function, API Gateway, Invoke/Call another Lambda Function, Save to S3, Public Access etc.

Flow Outline

Structure

(ABSTRACT EXAMPLE)

TableandChart

  • Code
    • Python 3.9 (Architecture x86_64), HTML and CSS
      • main package - matplotlib
  • Layers
    • dataVisLayer (custom)
    • AWSDataWrangler-Python39
    • numerize (custom)

HtmltoPDF

  • Code
    • Python 3.9 (Architecture x86_64)
      • main package - pandas, PyPDF2
      • custom-fonts
  • Layers
    • wkhtmltopdf
    • pandas
    • fonts
    • PyPDF2

How to Deploy a Lambda Function

Regions

First check your region.

/blog/posts/2023/aws-deploy-lambda-function-api-gateway-invoke-call-another-lambda-function-save-to-s3-public-access-etc/RegionsManagement.png
RegionsManagement.png
Find the nearest (server) region.
/blog/posts/2023/aws-deploy-lambda-function-api-gateway-invoke-call-another-lambda-function-save-to-s3-public-access-etc/NearestRegion.png
NearestRegion.png
choose Singapore for Operation (in Asia)

Create function

Lambda > Functions > Create function

/blog/posts/2023/aws-deploy-lambda-function-api-gateway-invoke-call-another-lambda-function-save-to-s3-public-access-etc/Create-function.png
Create-function.png

Add trigger (API Gateway)

/blog/posts/2023/aws-deploy-lambda-function-api-gateway-invoke-call-another-lambda-function-save-to-s3-public-access-etc/Function-overview.png
Function-overview.png
/blog/posts/2023/aws-deploy-lambda-function-api-gateway-invoke-call-another-lambda-function-save-to-s3-public-access-etc/Add-trigger.png
Add-trigger.png

Layers

2 ways to add layers

  • Add layer AWSSDKPandas-Python310 at the Functions page (AWSDataWrangler-Python39 upgrades to AWSSDKPandas-Python310)
    /blog/posts/2023/aws-deploy-lambda-function-api-gateway-invoke-call-another-lambda-function-save-to-s3-public-access-etc/Add-AWS-layers-AWSSDKPandas-Python310.png
    Add-AWS-layers-AWSSDKPandas-Python310.png

Lambda > Layers

If you can’t find the ARN or you need to customize some packages inside.

  • Create layer
    /blog/posts/2023/aws-deploy-lambda-function-api-gateway-invoke-call-another-lambda-function-save-to-s3-public-access-etc/Create-layer.png
    Create-layer.png
  • Layer configuration
    /blog/posts/2023/aws-deploy-lambda-function-api-gateway-invoke-call-another-lambda-function-save-to-s3-public-access-etc/Layer-configuration.png
    Layer-configuration.png

Including library dependencies in a layer:

Layer paths for each Lambda runtime
RuntimePath

Node.js

nodejs/node_modules

nodejs/node14/node_modules (NODE_PATH)

nodejs/node16/node_modules (NODE_PATH)

nodejs/node18/node_modules (NODE_PATH)

Python

python

python/lib/python3.10/site-packages(site directories)

Java

java/lib (CLASSPATH)

Ruby

ruby/gems/2.7.0 (GEM_PATH)

ruby/lib (RUBYLIB)

All runtimes

bin (PATH)

lib (LD_LIBRARY_PATH)

See Creating and sharing Lambda layers - AWS Lambda (amazon.com).

Runtime Check

Remember to check your function runtime. Make sure the runtime of layers and the function are the same.

/blog/posts/2023/aws-deploy-lambda-function-api-gateway-invoke-call-another-lambda-function-save-to-s3-public-access-etc/Runtime-settings.png
Runtime-settings.png

AWS Data Wrangler

And, for AWSDataWrangler-Python39 (PythonXX should meet your runtime version as well), the ARN should be arn:aws:lambda:YOUR-REGION:336392948345:layer:AWSDataWrangler-Python39:2. For example, AWS Data Wrangler Lambda Layer - 2.15.0 (Python 3.9) and region Singapore will be arn:aws:lambda:ap-southeast-1:336392948345:layer:AWSDataWrangler-Python39:2.

/blog/posts/2023/aws-deploy-lambda-function-api-gateway-invoke-call-another-lambda-function-save-to-s3-public-access-etc/AWS-Data-Wrangler-Lambda-Layer.png
AWS-Data-Wrangler-Lambda-Layer.png

Configuration

Timeout

Task timed out after 3.09 seconds…

General configuration Timeout 3 sec (default) set to 10 min (max).

/blog/posts/2023/aws-deploy-lambda-function-api-gateway-invoke-call-another-lambda-function-save-to-s3-public-access-etc/Timeout.png
Timeout.png

Existing role

And, from here, choose an Existing role.

/blog/posts/2023/aws-deploy-lambda-function-api-gateway-invoke-call-another-lambda-function-save-to-s3-public-access-etc/Basic-settings.png
Basic-settings.png
You have to create it manually for your lambda function if you want to use it to call another function.

Environment variables

(For HtmltoPDF function)

/blog/posts/2023/aws-deploy-lambda-function-api-gateway-invoke-call-another-lambda-function-save-to-s3-public-access-etc/Environment-variables-for-HtmltoPDF.png
Environment-variables-for-HtmltoPDF.png

Roles

IAM > Roles

Create role

to create a role and add permission

/blog/posts/2023/aws-deploy-lambda-function-api-gateway-invoke-call-another-lambda-function-save-to-s3-public-access-etc/create-a-role.png
create-a-role.png
/blog/posts/2023/aws-deploy-lambda-function-api-gateway-invoke-call-another-lambda-function-save-to-s3-public-access-etc/Select-trusted-entity.png
Select-trusted-entity.png
add permissions (or create policy)
/blog/posts/2023/aws-deploy-lambda-function-api-gateway-invoke-call-another-lambda-function-save-to-s3-public-access-etc/Add-permissions.png
Add-permissions.png
/blog/posts/2023/aws-deploy-lambda-function-api-gateway-invoke-call-another-lambda-function-save-to-s3-public-access-etc/Create-policy-Specify-permissions.png
Create-policy-Specify-permissions.png

Invoke Role

To invoke another lambda function in AWS.

  • Permissions policies - Customer managed - InvokeHtmltoPDF

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "VisualEditor0",
                "Effect": "Allow",
                "Action": [
                    "lambda:InvokeFunction",
                    "lambda:InvokeAsync"
                ],
                "Resource": "arn:aws:lambda:region:account-id:function:function-name"
            }
        ]
    }
    

    Resource: lambda function arn1, replaceregion, account-id and function-name.

  • Permissions policies - AWS managed - AWSLambdaBasicExecutionRole

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "logs:CreateLogGroup",
                    "logs:CreateLogStream",
                    "logs:PutLogEvents"
                ],
                "Resource": "*"
            }
        ]
    }
    
lambda to s3

lambda-s3-role

  • Permissions policies - AWS managed - AWSLambdaExecute
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "logs:*"
                ],
                "Resource": "arn:aws:logs:*:*:*"
            },
            {
                "Effect": "Allow",
                "Action": [
                    "s3:GetObject",
                    "s3:PutObject"
                ],
                "Resource": "arn:aws:s3:::*"
            }
        ]
    }
    

Amazon S3

Create bucket

Configuration

General configuration

  • Bucket name (Bucket with the same name already exists: Bucket name must be globally unique and must not contain spaces or uppercase letters. See rules for bucket naming)

  • AWS Region

Object Ownership

  • ACLs enabled
  • Bucket owner preferred

Block Public Access settings for this bucket

  • untick Block all public access
  • I acknowledge that the current settings might result in this bucket and the objects within becoming public.

Bucket Versioning - Disable

Default encryption

  • Encryption key type

    Amazon S3 managed keys (SSE-S3)

  • Bucket Key

    Disable

Advanced settings

  • Object Lock

    Disable

Object URL

For it to work publicly, you need to add a Bucket policy to make the Bucket Publicly accessible.

/blog/posts/2023/aws-deploy-lambda-function-api-gateway-invoke-call-another-lambda-function-save-to-s3-public-access-etc/Object-overview.png
Object-overview.png
Go to Amazon S3 > Buckets > YOURBUCKET > Permissions > Bucket policy

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::YOUTBUCKETNAME/*"
        }
    ]
}

Replace the Resource with your Bucket.

Be careful, the objects in this bucket will all be publicly available by default. So don’t leak your Object URL (bucket name and file name) out.

Once you’ve applied the policy successfully, you will see the changes made in the Permission overview sector.

/blog/posts/2023/aws-deploy-lambda-function-api-gateway-invoke-call-another-lambda-function-save-to-s3-public-access-etc/S3-permission-access-public.png
S3-permission-access-public.png
Now you can access the object through the Object URL.

Connectors

update codes’ connection

Lambda function to Lambda function

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
import boto3
client = boto3.client('lambda')

response  = client.invoke(
    # arn:aws:lambda:region:account-id:function:function-name
    FunctionName = 'arn:aws:lambda:REGION:ACCOUNT-ID:function:FUNCTION-NAME',
    InvocationType = 'RequestResponse',
    Payload = json.dumps({
        'example': your_var,
    })
)
# responseFromChild = json.load(response['Payload'])

Lambda function to S3

Lambda function save/upload to S3

1
2
3
4
import boto3

s3 = boto3.resource('s3')
s3.meta.client.upload_file("/tmp/TEST_FILE.txt", 'YOUR_BUCKET_NAME', "NEW_FILE_NAME.txt")

Deploy

2 ways to manually CI/CD

Download and Upload

  1. Actions > Export function > Download deployment package
    /blog/posts/2023/aws-deploy-lambda-function-api-gateway-invoke-call-another-lambda-function-save-to-s3-public-access-etc/Export-function.png
    Export-function.png
  2. (edit your code package)
  3. Compress your files > Upload from > .zip file
    /blog/posts/2023/aws-deploy-lambda-function-api-gateway-invoke-call-another-lambda-function-save-to-s3-public-access-etc/Upload-from-zip-file.png
    Upload-from-zip-file.png

Edit on the Portal

  1. Save
  2. Deploy