Can we invoke an AWS Lambda function from EC2 instances?
I have tried AWS Lambda invoking another Lambda, but not sure if we do can invoke from EC2 instance.
Yes.
You can invoke the Lambda from EC2 instance just like from any other machine.
Just use the boto3 call invoke() or use the cli to invoke it
Related
I am new in aws I want to restrict my aws lambda function to not get access by any other resource it can only invoke by a specified lambda function.
I have not setup an API gateway for this lambda function it's just a simple lambda function that I want to invoke from another lambda function but also want to restrict to not getting invoked by other resources or another lambda function so I want to specify another lambda function which will invoke this lambda function so only specified lambda function can invoke
You can modify/delete resource-based policies for Lambda - AWS Lambda.
Normally, these policies define which IAM users, IAM roles and AWS services can invoke the function. You should edit the policies attached to this particular Lambda function to only permit access via your desired 'calling' Lambda function. This will probably involve referencing the IAM Role that is used by the 'calling' Lambda function.
You could even add a Deny policy to prohibit access via any other IAM Role or service.
In the AWS Lambda management console you can have test events associated with a function.
Is it possible to configure the test events when deploying the Lambda function using the AWS CDK such that the test events are ready to use when someone later views the function in the management console?
That is not possible at the moment as CloudFormation itself does not support this (see this answer). You can, as mentioned in the linked post, use a CloudFormation CustomResource to prepare the invocation.
Another option is to create a output that prepares a cli command with payload. So that you can just copy past the generated call aws lambda invoke --function-name {PopulateFromCDK} --payload '{"key": "value"}'
I want to have a cloud formation template to list all lambda functions for a particular region. I don't need to write a lambda code using list-function and call it inside my CFT.
I tried incorporating CLI command inside CFT but it didn't work
There is no way to directly add a aws cli command in a cloudformation template. Either you will have to create a EC2 instance and then run the CLI command in the user data or create a lambda backed custom resource to do it.
Both will complicate the simple CLI command.
aws lambda list-functions --region eu-west-1
CFN is just an orchestration tool. It cannot compute on itself.
Instead we can use a simple lambda python script and invoke the same in the CFT
import boto3
#Create an lambda client
client = boto3.client(
"lambda"
)
response = client.list_functions(
MasterRegion='string',
FunctionVersion='ALL',
Marker='string',
MaxItems=123
)
print(response)
I am new to AWS SSM, my requirement is I have a Lambda function created for which I have to invoke this lambda using an SSM Document is it achievable? If so how please explain.
Thanks in Advance
You cannot directly invoke Lambda from SSM. However, you can configure the SSM to write logs to AWS Cloudwatch. From Cloudwatch it is possible to invoke a Lambda function in response to logs.
The aws SAM local documentation states that SAM Local will invoke functions with my locally configured IAM credentials.
I want to test a cloudformation template that consists of a Lambda function and a role attached to this function that grants access to delete the content of ONE SPECIFIC s3 bucket. The bucket name is both a template parameter, and an argument to the lambda function. (Not sure it matters, but I don't use the serverless transformations in the CFN template.)
I avoid testing this function with my admin profile, since a typo in the bucket name will delete all contents of the wrong bucket.
What is the suggested workflow to test such a function?
What I'm currently doing:
Create a temporary IAM user/group
attach the policy to be tested to this group
export the access environment variables before calling sam local invoke
Is there a quicker way to do this?
Invoke Lambda with DryRun
Invoke the function with Dryrun to request AWS Lambda to not execute the function but do some verification, such as if the caller is authorized to invoke the function and if the inputs are valid.
aws lambda invoke --function-name <name> --invocation-type DryRun
Creating ChangeSets for Cloudformation: Change Sets = Dry Run Mode
Create a changeset with "create-change-set" and review the changes in the Console UI or CLI and then apply the changes using execute changes using the CLI or UI.
Create Changeset:
aws cloudformation create-change-set --stack-name example --template-body file://templates/instance_and_route53.yml --parameters file://parameters/instance_and_route53.json --change-set-name changeset-1
Execute Changeset
aws cloudformation execute-change-set --stack-name example --change-set-name changeset-1