AWS Serverless

From bibbleWiki
Revision as of 02:25, 19 February 2022 by Iwiseman (talk | contribs) (IAM::Role)
Jump to navigation Jump to search

Introduction

This is an example of how to set up a serverless framework function within AWS

Setup

Within AWS there are example templates for each piece of the infrastructure. For this we need to create a

  • S3 Bucket to hold the code
  • IAM::Role to describe the permissions
  • Lambda The function to run
  • Bucket Policy This grants access from the bucket to the lambda function

Templates

Here are the templates I used. I have highlighted where they differ from the provided examples

S3 Bucket

Example can be found here 

{
    "Resources": {
        "cowsayBucket": {
            "Type": "AWS::S3::Bucket",
            "Properties": {
                "BucketName": "cowsayBucket"
            }
        }
    }
}

IAM::Role

Example can be found here 

{
Resources:
  cowsayIamRole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - lambda.amazonaws.com
            Action:
              - 'sts:AssumeRole'
      Path: /
      Policies:
        - PolicyName: root
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - 'logs:*'
                Resource: 'arn:aws:logs:*:*:*'

}

Lambda Function

Example can be found here 

"AMIIDLookup": {
    "Type": "AWS::Lambda::Function",
    "Properties": {
        "Handler": "index.handler",
        "Role": {
            "Fn::GetAtt": [
                "LambdaExecutionRole",
                "Arn"
            ]
        },
        "Code": {
            "S3Bucket": "lambda-functions",
            "S3Key": "amilookup.zip"
        },
        "Runtime": "nodejs12.x",
        "Timeout": 25,
        "TracingConfig": {
            "Mode": "Active"
        }
    }
}

Adding the Role to the Lambda

Now we have the base templates we need to add properties to allow them to interact 

{
    "Resources": {
        "cowsayBucket": {
            "Type": "AWS::S3::Bucket",
            "Properties": {
                "BucketName": "cowsayBucket"
            }
        },
        "Role": {
            "Ref": "cowsayIamRole"
        }
    }
}

Bucket Policy

We need to allow lambda function access to the bucket. We do this with a the bucket 

{
    "Resources": {
        "cowsayBucketPolicy": {
            "Type": "AWS::S3::BucketPolicy",
            "Properties": {
                "Bucket": "cowsaybucket",
                "PolicyDocument": {
                    "Statement": [
                        {
                            "Effect": "Allow",
                            "Principal": {
                                "Service": "serverlessrepo.amazonaws.com"
                            },
                            "Action": "s3:GetObject",
                            "Resource": "arn:aws:s3:::cowsaybucket/*",
                            "Condition": {
                                "StringEquals": {
                                    "aws:SourceArn": {
                                        "Fn::GetAtt": [
                                            "cowsayLambda",
                                            "Arn"
                                        ]
                                    }
                                }
                            }
                        }
                    ]
                }
            }
        }
    }
}
Retrieved from "https://www.bibble.co.nz/mediawiki/index.php?title=AWS_Serverless&oldid=6186"