This article will walk through the steps of setting up an AWS Lambda function. We will use Terraform to create the lambda function and associated IAM policies.
Like many cloud providers, to successfully invoke a server-less function in the cloud, the user must have the appropriate roles and policies. In AWS, for a user to invoke a server-less (Lambda), the user must have the following:
- Ability to assume STS role for Lambda - this is needed for the user to be able to interact with AWS Lambda.
- Policies to “allow” the Lambda function to be invoked.
- Policies to “allow” Cloudwatch logging.
Below is an example of the Terraform script for a similar setup:
To enable Cloudwatch logging, add the following statement to the “aws_iam_policy_document . role_policy_doc”.
AWS IAM Policy Simulator lets you validate the policies and roles for your Lambda function. The image below shows how to test permissions that are enabled for a particular Lambda function resource.
When creating a Lambda function, the role is specified. This is the user role that runs the function when the function is invoked. The “handler” specifies the entry point to the Lambda function and uses the format of file.function. In this example, this Lambda function will use a file names exports and call a function named handler.
const https = require('https');