AWS Serverless: Difference between revisions
Jump to navigation
Jump to search
| Line 11: | Line 11: | ||
Here are the templates I used. I have highlighted where they differ from the provided examples | Here are the templates I used. I have highlighted where they differ from the provided examples | ||
==S3 Bucket== | ==S3 Bucket== | ||
Example can be found [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html here] | Example can be found [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html here]<br> | ||
This needs to be in its own stack and create '''prior''' to the other resources. | |||
<syntaxhighlight lang="json" highlight="3,6"> | <syntaxhighlight lang="json" highlight="3,6"> | ||
{ | { | ||
Revision as of 02:34, 19 February 2022
Introduction
This is an example of how to set up a serverless framework function within AWS
Setup
Within AWS there are example templates for each piece of the infrastructure. For this we need to create a
- S3 Bucket to hold the code
- IAM::Role to describe the permissions
- Lambda The function to run
- Bucket Policy This grants access from the bucket to the lambda function
Templates
Here are the templates I used. I have highlighted where they differ from the provided examples
S3 Bucket
Example can be found here
This needs to be in its own stack and create prior to the other resources.
{
"Resources": {
"cowsayBucket": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketName": "cowsayBucket"
}
}
}
}
IAM::Role
Example can be found here
{
"Resources": {
"cowsayIamRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Path": "/",
"Policies": [
{
"PolicyName": "root",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:*"
],
"Resource": "arn:aws:logs:*:*:*"
}
]
}
}
]
}
}
}
}
Lambda Function
Example can be found here
{
"Resources": {
"cowsayLambda": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
"S3Bucket": "cowsaybucket",
"S3Key": "cowsay.zip"
},
"Handler": "index.handler",
"Runtime": "nodejs14.x",
"Role": {
"Fn::GetAtt": [
"cowsayIamRole",
"Arn"
]
}
}
}
}
}
Adding the Role to the Lambda
Now we have the base templates we need to add properties to allow them to interact
{
"Resources": {
"cowsayBucket": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketName": "cowsayBucket"
}
},
"Role": {
"Ref": "cowsayIamRole"
}
}
}
Bucket Policy
We need to allow lambda function access to the bucket. We do this with a the bucket
{
"Resources": {
"cowsayBucketPolicy": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": "cowsaybucket",
"PolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "serverlessrepo.amazonaws.com"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::cowsaybucket/*",
"Condition": {
"StringEquals": {
"aws:SourceArn": {
"Fn::GetAtt": [
"cowsayLambda",
"Arn"
]
}
}
}
}
]
}
}
}
}
}