BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Lambda functions are sweeping the cloud as developers discover that serverless environments are easier to manage. And AWS Lambda is becoming a valuable tool for developers working with other Amazon cloud services. But setting up an AWS Lambda function isn't always easy.
AWS Lambda enables developers to create certain capabilities, such as adding security functions. For example, a developer may want to ensure that an Amazon Simple Storage Service (S3) bucket remains read-only. With Lambda, he could create a simple function that sends a text message any time a change is made to that bucket. In this tip, we'll walk you through the process of creating and enabling an AWS Lambda function.
Although developers can create Lambda functions programmatically and from the command-line interface, the easiest way is through the AWS Management Console. To start, select Lambda and then choose "Create Lambda Function." Next, select one of 29 existing blueprints -- pre-created templates for a wide range of possible Lambda functions. It could also be considered a "Lambda Wizard," with templates available to interact with S3, Amazon DynamoDB, Amazon Simple Notification Service, Amazon Kinesis and Amazon CloudWatch, as well as several third-party tools.
To create the text message function, select "S3-Object-Get" and you'll see a screen that asks you to fill in parameters to respond to S3 events. Specify which S3 bucket and which events to monitor (Figure 1).
Next, select a programming language for the AWS Lambda function. With Node.js or Python, developers can immediately edit the function in the wizard, which creates skeleton code that's already filled in (Figure 2).
If you select Java, you must write the code outside the console and supply a .jar or .zip file. Because you supply a jar file, you can write in any Java virtual machine language -- not just Java. This opens the door for lambdas in Scala, JRuby, Groovy and Clojure.Below is the entire list of Python and Node.js codes. Figures 3 and 4 show Python and Node.js codes, respectively. In Node.js, you create a lambda_handler(); in Python, you create an exports.handler(). In Java, you create a class with the signature:
public String myHandler(int myCount, Context context)
In each case, the result is an event and a context. The event describes the action that triggered the AWS Lambda function, while the context is essentially the environment. Developers can also perform activities such as retrieving the S3 bucket from the event and then logging information to the console via the context. To complete the invocation of the Lambda function, return from the function -- in Java and Python -- or call Context.complete in Node.js.
Initiating the code
At this point, the code wouldn't do anything but get triggered and write some log messages. There are a few more steps to take before doing something useful in Lambda.
One of the most important steps -- because it's also one of the most difficult to debug -- is setting up the proper Identity and Access Management (IAM) role for your function. The wizard displays a pop-up list as well as a suggestion for which role to create. In this case, it suggests the "S3 execution role." This will give the AWS Lambda function permission to make S3 calls. If you get the role wrong, the appropriate event may invoke the function, but it will result in a permission failure (Figure 5).
Editor's Note: I've seen the Lambda console fail to create a new function if you forget to fill in all the fields. So check all fields before continuing.
You can now create the function -- either enabled or disabled. It's recommended that the function begin as disabled and then test it in the console before running it live. Remember: Once the Lambda function is live, it will run -- and incur execution costs -- in response to its set of triggering events. With untested code, it's possible to generate execution storms. The console provides a sample test event template to help test the code. To modify this template, specify your particular S3 bucket and then send it (Figure 6).
Testing results are displayed in the console in a few ways:
- The console shows any log messages written.
- The console shows a set of metrics about the invocations, such as elapsed time, which translates into billable milliseconds (Figure 7).
- The console shows graphs of invocations and lets you see the detailed CloudWatch logs (Figure 8).
Once you've tested the AWS Lambda function, enable it and verify that it works. To do so, go to the S3 console page and upload a file to your specified bucket. You should see the invocation count increase and a new CloudWatch log will be created.
AWS Lambda may change the face of cloud computing
Developers are grateful for AWS Lambda
DynamoDB streams and Lambda work harmoniously