Is there a way (using either the AWS CLI or some API) to programmatically remove a layer from an AWS lambda function?
That is, I know I can add or update a layer version by running something like the following
aws lambda update-function-configuration --function-name my-function-name --layer arn:aws:lambda:us-west-2:000000000:layer:layer-name:7
However, this only allows me to add or update the function's configuration. I'd like to programmatically remove the arn:aws:lambda:us-west-2:000000000:layer:layer-name:7 layer from the AWS function named my-function-name
The values passed to --layers (note: not --layer, which appears to be an alias to the actual option) option replaces your entire layers configuration. This means that, by passing an empty --layers
$ aws lambda update-function-configuration --function-name my-function-name --layers
you can remove your entire layers configuration.
Related
I am trying to add a trigger rule to a lambda version using cli:
I try the following command:
aws events put-targets --rule rule-name --targets "Id"="1","Arn"="arn..."
This commands run successfully and I can see my lambda function in Event Bridge console under targets. But when I go to lambda function and to the version I don't see any trigger event being added.
I am not sure if this an error/bug or expected behavior. Is there a way to add a trigger event to a published version of lambda function such that it shows in trigger console (essentially to show that trigger event is added successfully) using aws cli.
Use CDK. It will work
Create a lambda function and a rule using cdk. Then you can add that rule to lambda.
This works with CDK. But it doesn't work with CLI as you said. The trigger doesn't get added in lambda.
Sample code:
Note: This is not the complete CDK code. This is just the part for creating lambda,rule and adding it to lambda. This example is in Python
fn = lambda_.Function(self, "Name",
runtime=lambda_.Runtime.PYTHON_3_7,
handler="index.lambda_handler",
role=custom_role,
code=lambda_.Code.from_asset(
os.path.join(
up_dir(__file__, 2),
"resources/lambda/pathtoyourcode",
)
),
)
# Run Every Minute
run_every_minute = _events.Rule(
self,
"runEveryMinute",
schedule=_events.Schedule.rate(core.Duration.minutes(1))
)
# Add Lambda to CW Event Rule
run_every_minute.add_target(_targets.LambdaFunction(fn))
Via awscli > $ aws s3api put-bucket-notification-configuration
CONSOLE
I have had the same problem, it's a little bit frustating but, i've found other way and maybe a more logical way. Triggers in Lambda Console only support a few message notification services. And seems to be mostly for test purposes. Although, there's a way to invoke your lambda function from an event in S3.
To configure S3 to send some event file at some lambda function from some event occurs on your bucket, just go to your bucket through this path in S3 Console:
BucketName > Properties > EventNotifications !
AWSCLI
there you can configure your event source, even awscli support it vi 's3api' service command:
#$ aws s3api put-bucket-notification # Deprecated
#$ aws s3api put-bucket-notification-configuration
the last one support the following destination from S3:
Lambda functions
SNS Topic
SQS Queue
Ref using S3 Triggers with Lambda https://docs.aws.amazon.com/lambda/latest/dg/with-s3-tutorial.html#with-s3-tutorial-configure-event-source
It seems like this is not possible at the moment. I have checked the aws-sdk and there is a createEventSourceMapping method but that one only allows for DynamoDB, Kinesis, etc.
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Lambda.html#createEventSourceMapping-property
I have manually tested an AWS Lambda using the "Test" button available in the AWS Lambda functional panel.
This lambda function does not require any input data/event infromation.
It works great...
My problem:
I am trying to call this function with another AWS Lambda through the use of destination, and it's simply not working.
How can I check if destination is firing ?
I have it set up for asynchronous, invoke on success.
Lambda(success) -> call perfect(Lambda 2)
For the asynchronous destination to work, you need two things:
Execution role for the first function allowing it to invoke destination function.
First function must be invoked asynchronously. For this you need to specify invocation-type as Event.
For example, to call it from the command line:
aws lambda invoke --function-name name_of_first_function \
--invocation-type Event \
--payload '{"message": "Hi"}' /dev/stdout
In the AWS Lambda management console you can have test events associated with a function.
Is it possible to configure the test events when deploying the Lambda function using the AWS CDK such that the test events are ready to use when someone later views the function in the management console?
That is not possible at the moment as CloudFormation itself does not support this (see this answer). You can, as mentioned in the linked post, use a CloudFormation CustomResource to prepare the invocation.
Another option is to create a output that prepares a cli command with payload. So that you can just copy past the generated call aws lambda invoke --function-name {PopulateFromCDK} --payload '{"key": "value"}'
I am working with a serverless project and I have only the access to aws cli, so I want to get the trigger information of a function such as event and since I am using a sns topic to trigger the function, I want to get the topic infomation and arn, I tried diffrent options, such as,
list-event-source-mapping - which returns a empty array
get-function: which doesn't hold that value
Do I have means to get the trigger information of a function with aws cli?
In this case, I believe the only way to get that information would be from the get-policy API call as that will contain the resource based policy(AKA trigger) which allows the other service to invoke the Lambda.
The get-event-source-mappings API returns the stream based event sources in the region such as:
Kinesis
Dynamo
SQS
So for example, if I have a lambda function which is configured to be invoked from SNS then the policy returned would be similar to:
aws lambda get-policy --function-name arn:aws:lambda:us-east-1:111122223333:function:YOUR_LAMBDA_NAME_HERE --query Policy --output text | jq '.Statement[0].Condition.ArnLike["AWS:SourceArn"]'
OUTPUT:
"arn:aws:sns:REGION:111122223333:TOPIC_NAME"
Though that assumes that the policy in the Lambda function only has that one statement but if you know the specific statement id then you should be able to select it in jq using a filter
You defined your Lambda function as a stage variable; you must
manually give permissions to all the functions you will use. You can
do this by running the below AWS CLI command for each function,
replacing the stage variable in the function-name parameter with the
necessary function name.
aws lambda add-permission --function-name arn:aws:lambda:eu-west-1:12345:function:test${stageVariables.functionAlias} --source-arn arn:aws:execute-api:eu-west-1:12345:dsad667asd/*/GET/test/test --principal apigateway.amazonaws.com --statement-id d5a14508-22bb-4413-87c9-d9715e36435d --action lambda:InvokeFunction
Getting this message and suggestion to run this command , unfortunately it does not work here throwing
zsh: bad substitution
with or without zsh, what I am looking is a way to do this manualy (using aws interface)
thanks!
Did you leave the "${stageVariables.functionAlias}" in your command? The --function-name parameter of this command needs to a valid fully-qualified or partial lambda function ARN following the pattern of:
(arn:aws:lambda:[region]:[account-id]:function:)[function-name](:[function-alias])
Where region, account-id, function-name and function-alias are substituted as appropriate.
If your function is in the same account and region as the user issuing the command, and you simply want to refer to the $LATEST function version, specifying just the function name would be perfectly valid and save a few keystrokes:
aws lambda add-permission --function-name test --source-arn arn:aws:execute-api:eu-west-1:12345:dsad667asd/*/GET/test/test --principal apigateway.amazonaws.com --statement-id d5a14508-22bb-4413-87c9-d9715e36435d --action lambda:InvokeFunction
See this document on usage of the aws lambda add-permission CLI command: http://docs.aws.amazon.com/cli/latest/reference/lambda/add-permission.html
You need to replace ${stageVariables.functionAlias} to your own lambda function name from the command.
Also, make sure AWS environment variables setup correct in your bash.
It works for me.
What I did to figure this out, is I created the versions I needed, created aliases to each version. In my case I had Production pointing to Version 1, and Development pointing to $LATEST.
On the AWS CLI I changed the ${stageVariables.functionAlias} to the name of the alias, and performed that command for each alias.
I also referenced Using API Gateway Stage Variables. You can also look at the logs in CloudWatch for your endpoint and see which version/alias was called.
Hope this helps.
When a new function or new function alias is created, a permission must be added to enable the access to the API gateway. The way I do this is during the integration request, I enter the lambda function stage variable like:
${stageVariables.myFunctionName}
I run the command (shown by the console) on the CLI and replace the above variable with this format:
myFunctionName:myAliasName
Notice that if an alias was created, add the alias name after the function name separated by a single ":" colon
Note: You can get the function and alias name from the Lammda>functions > Qualifiers options.
I hope this helps.
As of September 2022, I just followed the steps from this post and I can access the env variables through event.stageVariables in the lambda function. No need for any aws-cli manual configuration