This is a utility designed to deploy a bash script to AWS lambda
It was inspired by the project https://github.com/gkrizek/bash-lambda-layer
Of course the tool was built in bash (though it would have been cleaner in python)
- lambda_bash.sh - this is the deployment tool that deploys, runs, updates, describes and destroys your lambda. See usage below.
- ex_script.sh - this is an example bash script to deploy as a lambda. The main things to remember are
- code must run in a function called handler, event data is passed as a json string to $1
- if you want to return data to the caller, send it to stderr (stdout is logged in cloudwatch logs)
- you must
set -eto ensure that the script aborts on error (the way real programming languages work)
- assume_role_policy.json - this is the template for the IAM role that is created for the lambda. Should not need editing
- s3_event.json - this is the event configuration used if you specify -b (s3 bucket event). The LambdaFunctionArn parameter will be updated with the real lambda ARN on deployment
- s3_event_filter_example.json - an example version of the s3_event.json file that filters on things like prefix and suffix, incase you only want to trigger your lambda for objects in certain directory, or with a certain suffix.
$ ./lambda_bash.sh -h
Usage: ./lambda_bash.sh -o [deploy|run|tail|update|describe|destroy] -s script_name.sh [-r aws_region] [-p aws_policy] [-e event_arn] [-b bucket] [-h]
-o operation. generally "deploy" first, then "run" or "tail", then "update", then "destroy"
-s script. This is the bash script that you want to turn into a lambda
-r aws region. (optional) if region is not provided will check AWS_DEFAULT_REGION env variable
-p aws managed policy to attach to execution role. (optional) if not provided, default is AdministratorAccess
-e event arn to trigger the lambda (Kinesis, DynamoDB Streams, SQS). (optional) default is None
-b bucket name to trigger the lambda. (optional) default is None. Details of trigger defined in s3_event.json
Notes: the bash script must contain a function called "handler"
parameters policy (-p) event (-e) & bucket (-b) are only used on deploy operations (not on update)- bash
- awscli 1.16+
- jq 1.5+
- an AWS account with API credentials
- Set up the enviornment
export AWS_PROFILE=myawsprofile
export AWS_DEFAULT_REGION=us-east-1- Create a simple s3 bucket that we can use as the trigger
aws s3 mb s3://css-my-bucket- Deploy the example script (ex_script.sh) that will respond to s3 events in our bucket
./lambda_bash.sh -o deploy -s ex_script.sh -b css-my-bucketcreating role ex_script_lambdarole
attaching IAM policy arn:aws:iam::aws:policy/AdministratorAccess to role ex_script_lambdarole
sleeping 20 seconds to allow role to attach
deploying function ex_script
updating s3 event config s3_event.json with FunctionArn: arn:aws:lambda:us-east-1:150337127586:function:ex_script
adding permission for s3 to invoke function ex_script
attaching bucket-notification to bucket css-my-bucket for lambda ex_script with config s3_event.json
- Invoke the script manually
./lambda_bash.sh -o run -s ex_script.shinvoking lambda ex_script
---------START RESPONSE------------
START RequestId: 35f0319c-fdbd-11e8-bc93-cf3ea1e65766 Version: $LATEST
EVENT DATA: {}
list of s3 buckets
2018-12-12 03:19:07 css-my-bucket
listing s3 bucket null that triggered this lambda with null
An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied
END RequestId: 35f0319c-fdbd-11e8-bc93-cf3ea1e65766
REPORT RequestId: 35f0319c-fdbd-11e8-bc93-cf3ea1e65766 Init Duration: 274.37 ms Duration: 3342.23 ms Billed Duration: 3700 ms Memory Size: 1024 MB Max Memory Used: 86 MB
---------END RESPONSE------------
- Update the script to do whatever you want, then update the lambda code
vi ex_script.sh
./lambda_bash.sh -o update -s ex_script.shUpdating function ex_script code
- Tail the cloudwatch logs for the lambda in one shell and trigger the lambda in another
./lambda_bash.sh -o tail -s ex_script.shThen from another shell, copy a file to s3 to trigger the lambda
aws s3 cp README.md s3://css-my-bucketNow look at the logs from the tail session.
- Undeploy the lambda
./lambda_bash.sh -o destroy -s ex_script.shdeleting lambda ex_script
detaching POLICY_ARN arn:aws:iam::aws:policy/AdministratorAccess from Role ex_script_lambdarole
deleting ROLE: ex_script_lambdarole