Reputation: 454
how to launch lambda functions from AWS SAM and assign custom AWS IAM role to lambda
Right now in our CloudFormation templates we are creating few lambda functions, which then used multiple Cloudformation templates to do the automation task in order to have single click deployment of our product stack. Below is the sample CF template for CF lambda resources.
HelmLambda:
DependsOn: [ LambdaSGCleanup ]
Type: AWS::Lambda::Function
Properties:
Handler: lambda_function.lambda_handler
MemorySize: 512
Role: !Ref EKSProvisionRoleArn
Runtime: python3.7
Timeout: 900
Layers: [!Ref KubectlLayer, !Ref HelmLayer, !Ref CrhelperLayer]
Code:
S3Bucket: !Ref 'BucketName'
S3Key: !Sub '${KeyPrefix}functions/packages/Helm/lambda.zip'
HelmLayer:
Type: AWS::Lambda::LayerVersion
Properties:
Content:
S3Bucket: !Ref 'BucketName'
S3Key: !Sub '${KeyPrefix}functions/packages/helmLayer/lambda.zip'
In above lambda function we have two dependencies. One is IAM role and Layer ARN. IAM role and Layer ARN this create on run time.
Now we want to put our product on AWS-Marketplace and we came to know that creating lambda function as above is not supported by AWS-Marketplace guidelines.
We are thinking of converting our lambda functions to AWS SAM. but we are not able to figure out how to use IAM role and Layer Arn which are created at run time during the CF stack deployment with AWS SAM and create lambda functions.
Any help or guidance on this will be highly appreciated.
Upvotes: 0
Views: 1614
Answers (3)
Reputation: 9605
So if you want to reference the role and layer created by SAM as per the documentation you need to define them in the template, below is a working template :
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
sam-with-layers
Sample SAM Template for sam-with-layers
Resources:
LambdaRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub ${AWS::StackName}-lambda-role
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action: 'sts:AssumeRole'
Principal:
Service: lambda.amazonaws.com
Policies:
- PolicyName: WriteCloudWatchLogs
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
Resource: 'arn:aws:logs:*:*:*'
HelloWorldFunction:
Type: AWS::Serverless::Functionn
Properties:
CodeUri: hello_world/
Handler: app.lambda_handler
Runtime: python3.8
Role: !GetAtt LambdaRole.Arn
Layers:
- !Ref MyLambdaLayer
MyLambdaLayer:
Type: AWS::Serverless::LayerVersion
Properties:
LayerName: MyLambdaLayer
ContentUri: lambda-layer/
CompatibleRuntimes:
- python3.8
RetentionPolicy: Retain
and below is my dir structure:
.
├── README.md
├── hello_world
│ ├── app.py
│ └── requirements.txt
├── lambda-layer
│ └── python
│ └── lib
│ └── python3.8
│ └── site-packages
│ └── hello.py
├── samconfig.toml
└── template.yaml
Upvotes: 3
Reputation: 454
below is the sample snippet which we are using in order to make AWS LAMBDA functions which are created through AWS SAM templates to use custom IAM role which get created at the time of CF stack deployment.
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
sam-with-layers
Sample SAM Template for sam-with-layers
Parameters:
EKSProvisionRoleArn:
Type: String
Resources:
HelmLambda:
Type: AWS::Serverless::Function
Properties:
CodeUri: 's3://BUCKET/functions/packages/Helm/lambda.zip'
Handler: lambda_function.lambda_handler
Runtime: python3.7
MemorySize: 512
Timeout: 900
Role: !Ref EKSProvisionRoleArn
Layers:
- !Ref HelmLambdaLayer
- !Ref KubectlLambdaLayer
- !Ref CrHelperLambdaLayer
HelmLambdaLayer:
Type: AWS::Serverless::LayerVersion
Properties:
LayerName: HelmLambdaLayer
ContentUri: 's3://BUCKET/functions/packages/helmLayer/lambda.zip'
CompatibleRuntimes:
- python3.7
- python3.6
RetentionPolicy: Retain
KubectlLambdaLayer:
Type: AWS::Serverless::LayerVersion
Properties:
LayerName: KubectlLambdaLayer
ContentUri: 's3://BUCKET/functions/packages/kubectlLayer/lambda.zip'
CompatibleRuntimes:
- python3.7
- python3.6
RetentionPolicy: Retain
CrHelperLambdaLayer:
Type: AWS::Serverless::LayerVersion
Properties:
LayerName: CrHelperLambdaLayer
ContentUri: 's3://BUCKET/functions/packages/crhelperLayer/lambda.zip'
CompatibleRuntimes:
- python3.7
- python3.6
RetentionPolicy: Retain
Outputs:
HelmLambdaArn:
Description: Helm Lambda Function ARN
Value: !GetAtt HelmLambda.Arn
below is snippet which we are using in CF templates to call above AWS SAM template to deploy lambda functions:
HelmLambda:
Type: AWS::Serverless::Application
Properties:
Location:
ApplicationId: 'ARN_TO_SAM'
SemanticVersion: 0.0.5
Parameters:
EKSProvisionRoleArn: !Ref EKSProvisionRoleArn
Upvotes: 0
Reputation: 6998
So if you look at the documentation, you can see that you just use Role and Layer as properties. There isn't much of a refactoring to do for you.
Upvotes: 0
Related Questions
- Referencing an AWS Lambda's role inside a SAM Template (CF Stack) YAML
- Giving a Lambda a role in AWS SAM
- Multiple Lambda functions from the sam.yml file
- Using existing IAM role when creating AWS Lambda Function
- How custom role(of Lambda) works with EC2 role policy?
- How to trigger lambda on SAM application deploy
- Policy to allow lambda:InvokeFunction to an IAM Assumed Role
- Running an AWS Lambda function Under Different IAM Roles
- The proper AWS managed policy to attach an IAM Role to execute Lambda Functions
- How to specify lambda function and IAM role name in cloudformation template