AWS Serverless: Difference between revisions
Jump to navigation
Jump to search
| Line 108: | Line 108: | ||
"Role": { | "Role": { | ||
"Ref": "cowsayIamRole" | "Ref": "cowsayIamRole" | ||
} | |||
} | |||
} | |||
</syntaxhighlight> | |||
==Grant Access on the Bucket== | |||
We need to allow lambda function access to the bucket. We do this with a the bucket | |||
<syntaxhighlight lang="json" highlight="7-17"> | |||
{ | |||
"Resources": { | |||
"cowsayBucketPolicy": { | |||
"Type": "AWS::S3::BucketPolicy", | |||
"Properties": { | |||
"Bucket": "cowsaybucket", | |||
"PolicyDocument": { | |||
"Statement": [ | |||
{ | |||
"Effect": "Allow", | |||
"Principal": { | |||
"Service": "serverlessrepo.amazonaws.com" | |||
}, | |||
"Action": "s3:GetObject", | |||
"Resource": "arn:aws:s3:::cowsaybucket/*", | |||
"Condition": { | |||
"StringEquals": { | |||
"aws:SourceArn": { | |||
"Fn::GetAtt": [ | |||
"cowsayLambda", | |||
"Arn" | |||
] | |||
} | |||
} | |||
} | |||
} | |||
] | |||
} | |||
} | |||
} | } | ||
} | } | ||
} | } | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Revision as of 00:18, 19 February 2022
Introduction
This is an example of how to set up a serverless framework function within AWS
Setup
Within AWS there are example templates for each piece of the infrastructure. For this we need to create a
- S3 Bucket to hold the code
- IAM::Role to describe the permissions
- Lambda The function to run
Templates
Here are the templates I used. I have highlighted where they differ from the provided examples
S3 Bucket
Example can be found here
{
"Resources": {
"cowsayBucket": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketName": "cowsayBucket"
}
}
}
}
IAM::Role
Example can be found here
{
"Resources": {
"cowsayIamRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Path": "/",
"Policies": [
{
"PolicyName": "root",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:*"
],
"Resource": "arn:aws:logs:*:*:*"
}
]
}
}
]
}
}
}
}
Lambda Function
Example can be found here
"AMIIDLookup": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Handler": "index.handler",
"Role": {
"Fn::GetAtt": [
"LambdaExecutionRole",
"Arn"
]
},
"Code": {
"S3Bucket": "lambda-functions",
"S3Key": "amilookup.zip"
},
"Runtime": "nodejs12.x",
"Timeout": 25,
"TracingConfig": {
"Mode": "Active"
}
}
}
Adding the Role to the Lambda
Now we have the base templates we need to add properties to allow them to interact
{
"Resources": {
"cowsayBucket": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketName": "cowsayBucket"
}
},
"Role": {
"Ref": "cowsayIamRole"
}
}
}
Grant Access on the Bucket
We need to allow lambda function access to the bucket. We do this with a the bucket
{
"Resources": {
"cowsayBucketPolicy": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": "cowsaybucket",
"PolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "serverlessrepo.amazonaws.com"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::cowsaybucket/*",
"Condition": {
"StringEquals": {
"aws:SourceArn": {
"Fn::GetAtt": [
"cowsayLambda",
"Arn"
]
}
}
}
}
]
}
}
}
}
}