Skip to main content

Setting Up Lambda Functions with S3 Event Triggers

Hands-On Lab

 

Photo of Moosa Khalid

Moosa Khalid

AWS Training Architect II

Length

01:00:00

Difficulty

Intermediate

Lambda event triggers are extremely useful for automating serverless workflow, as they help trigger Lambda code/logic and have use cases from monitoring to processing online purchase orders and emailing receipts. In this lab, we'll create a Lambda function from scratch and create an S3 event trigger to execute our Lambda logic.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Setting Up Lambda Functions with S3 Event Triggers

Introduction

Lambda event triggers are extremely useful for automating serverless workflow, as they help trigger Lambda code/logic and have use cases from monitoring to processing online purchase orders and emailing receipts. In this lab, we'll create a Lambda function from scratch and create an S3 event trigger to execute our Lambda logic.

Solution

Log in to the live AWS environment using the credentials provided. Make sure you're in the N. Virginia (us-east-1) region throughout the lab.

Open a terminal session and log in to the provided EC2 instance via SSH using the credentials provided on the lab page:

ssh cloud_user@<PUBLIC IP>

Create IAM Role for Lambda

  1. Change to the directory where the necessary files are located:

    cd exercise_files/Section4-AppLayer/Lab1-LambdaS3EventTrigger/
  2. Create an IAM role for Lambda:

    aws iam create-role --role-name LambdaIAMRole --description "Lambda Role" --assume-role-policy-document file://lambda_assume_role_policy.json
  3. Copy the role ARN returned in the output and paste it into a text file, as we'll need it later.

Create a Policy for the Lambda Function and Attach It to Role

  1. Add a policy:

    aws iam create-policy --policy-name LambdaRolePolicy --policy-document file://lambda_execution_policy.json
  2. Attach the policy to the role, replacing <POLICY_ARN> with the policy ARN included in the output of the previous command:

    aws iam attach-role-policy --role-name "LambdaIAMRole" --policy-arn <POLICY_ARN>

Create SNS Topic and Subscribe Your Email Address to It

  1. Create topic:

    aws sns create-topic --name LambdaTopic --region us-east-1

    Copy the ARN returned in the output and paste it into a text file, as we'll need it a few times throughout the lab.

  2. Subscribe an endpoint to the topic, replacing <TOPIC_ARN> with the ARN included in the output of the previous command and <EMAIL_ADDRESS> with your email address:

    aws sns subscribe --protocol "email" --topic-arn <TOPIC_ARN> --notification-endpoint <EMAIL_ADDRESS> --region us-east-1
  3. Confirm the subscription by clicking on the link in the email you receive after executing the previous command.

Modify Lambda Function with SNS Topic ARN and Zip it into Lambda Deployment Package

  1. Open the Lambda function file:

    vim lambda_function.py
  2. Un-comment the following lines (by deleting the #) to enable sending notifications:

    • client
    • response
    • TopicArn
    • Message
    • Subject
  3. In the TopicArn line, replace <SNS-TOPIC-ARN> with your topic ARN.

  4. Save and exit the file.

  5. Zip the file:

    zip lambda_function.zip lambda_function.py

Create Lambda Function

  1. Create a Lambda function, replacing <ROLE_ARN> with yours:

    aws lambda create-function --memory-size 128 --function-name my-lambda --runtime python3.7 --handler lambda_function.lambda_handler --zip-file fileb://lambda_function.zip --role <ROLE_ARN>
  2. Copy the function ARN returned in the output, as we'll need it in a minute.

Add Lambda Permission for S3 Service to Invoke Function

  1. Add Lambda permission, replacing <ARN_S3_BUCKET> with the ARN of the S3 bucket provided on the lab page:

    aws lambda add-permission --action lambda:InvokeFunction --principal s3.amazonaws.com --statement-id LabS3Trigger --function-name my-lambda --source-arn <ARN_S3_BUCKET>

Enable and Add Notification Configuration to S3 Bucket

  1. Open the bucket-trigger-notification.json file:

    vim bucket-trigger-notification.json
  2. In the LambdaFunctionArn line, enter the Lambda function ARN you copied a few minutes ago.

  3. Save and exit the file.

  4. Enable the notification configuration on the S3 website bucket, replacing S3_BUCKET_NAME with the bucket name provided on the lab page:

    aws s3api put-bucket-notification-configuration --bucket <S3_BUCKET_NAME> --notification-configuration file://bucket-trigger-notification.json

Verify Configuration by Uploading a File to Provided S3 Bucket

  1. Upload a file to the bucket, replacing S3_BUCKET_NAME with the bucket name provided on the lab page:

    aws s3 cp lambda_policy.json s3://<S3_BUCKET_NAME>
  2. Once it's successfully uploaded, check your email. If everything was set up properly and you subscribed to the SNS topic via email, you should receive a notification email with details of the file uploaded to the S3 bucket.

Conclusion

Congratulations on successfully completing this hands-on lab!