I'm using CDK to instantiate a Queue and a Lambda Function.
Lambda function requires QueueURL in order to push messages into it.
QueueURL is not fixed, it changes when the stack is re-created.
I have two options:
Pass QueueURL as an env variable to Lambda in CDK.
Create a cfnOutput with QueueURL and read it from the Lambda.
If I use option 2, Lambda will have to make an API call every time it runs to get the URL.
Are these the only options?
What is the recommended approach for this?
Thanks!
Option 1 is recommended. If the value changes for any reason, the lambda will also be updated accordingly automatically. It also ensures that the lambda will be created after the queue, as it creates an implicit dependency.
Don't forget to grant your lambda access to the queue with myQueue.grantSendMessages(myLambda);
Related
I have an AWS lambda written in Go which is invoked using:
aws lambda invoke …
I am setting session (sts) tags before invoking the lambda. Is there a way from within the lambda to get the session of the caller and read the tags which were set?
I was learning terraform and was asked to provision it for CI/CD pipeline at gitlab.
My doubt is that ,
Let's say a lambda function is already running/live.
How can I provision it using terraform ?
Should I use data block to consume the running aws lambda?
Or this isn't how it works ! I am not sure how can we do this.
I searched the docs which isn't supporting this use case.
So with the Lambda function that is already running, basically here you have two use cases:
whether you want to add further changes/updates to that Lambda later on using Terraform. In this case, you need to import it to your terraform code, and all the changes you add to that Lambda can be deployed via your CI/CD pipeline, e.g.:
terraform import aws_lambda_function.my_lambda existing_lambda_function_name
Note: Please note that the my_lambda function is your terraform block of code that is defining the exact Lambda that is already running, this is to match the existing resource with your code Terraform, to then be added to the state. I hope that it is clear
or you simply just need some outputs of that Lambda to be used as inputs to other services, here you can simply just keep the Lambda up and running and use Terraform data source, e.g.:
data "aws_lambda_function" "existing_lambda" {
function_name = var.function_name
}
And somewhere else in your code you can use it as follows:
function_name = data.aws_lambda_function.existing_lambda
I hope this was helpful
I'm using the serverless framework and use serverless.yml to generate EventBridge events and rules that trigger my lambda functions.
One of these rules will be a scheduled event that I need to disable in my lambda code under certain conditions. To do this I'll need the Rule name. I'd like to capture the generated rule name and pass that into my lambda as an environment variable. This is only known at runtime.
How can I do this?
Thank you
I am trying to invoke a step function from a lambda which is inside a VPC.
I get exception that HTTP request timed out.
Is it possible to access step function from a lambda in a vpc?
Thanks,
If your lambda function is running inside a VPC, you need to add a VPC endpoint for step functions.
In the VPC console : Endpoints : Create Endpoint, the service name for step functions is com.amazonaws.us-east-1.states (the region name may vary).
Took me a while to find this in the documentation.
It is possible but depends on how you are trying to access step functions. If you are using the AWS SDK then it should take care of any http security issues, otherwise if you are executing raw HTTP commands you will need to mess around with AWS headers.
The other thing you will need to look at is the role that lambda is executing. Without seeing how you have things configure I can only suggest to you things I encountered; you may need to adjust your policies so the role can have the action: sts:AssumeRole, another possibility is adding the action: iam:PassRole to the same execution role.
The easiest solution is to grant your execution role administrator privileges, test it out then work backwards to lock down your role access. Remember to treat your lambda function like another API user account and set privileges appropriately.
Is it possible to see where a lambda is called from? Like an API Gateway or another lambda? Something like an event list.
When Lambda is called, you will require to pass identification from where it is being called (API or another Lambda) and then log it as source of lambda execution using:
LambdaLogger.Log(string message)
All logs you will be able to see in AWS » Couldwatch » Logs
You can log it in your lambda, using the context object.
More info in the aws documentation