When you start building a cloud-based back-end system for your application, you can manually build it using the graphical user interface (GUI) or command-line interface (CLI) provided by the cloud provider to provision cloud resources. Though, this manual approach is prone to human error and cannot be performed in a repeatable, reliable, or consistent manner due to the need for manual intervention. A popular solution is using an open-source software development framework like AWS CDK.
This comes with AWS Lamda which allows you to simply focus on your code while it manages and maintains your server resources. You can design your code into AWS CDK Lambda functions that process the events that you pass into the function. You can invoke your AWS CDK Lambda function via the Lambda API, or configure an AWS service or resource to run your function.
In this article, you will learn how to effectively create and deploy your AWS CDK Lambda function in 4 easy steps.
Table of Contents
What is AWS CDK?
Image Source
The Amazon Web Services Cloud Development Kit (AWS CDK) is an open-source software development framework that allows you to easily define the cloud infrastructure needed for your application. You can do this using popular programming languages such as JavaScript, TypeScript, Python, Java & .NET. AWS CDK provides reusable cloud components called constructs that incorporate AWS best practices in your infrastructure definition. After you have modeled your application, you simply deploy it using AWS CloudFormation.
What are AWS Lambda Functions?
Image Source
AWS Lambda is a powerful compute service that allows you to run your code for virtually any type of application or backend service without worrying about configuring or managing servers. You can simply organize your application code in AWS CDK Lambda functions. To create or invoke your AWS CDK Lambda functions, you can use the AWS Lambda API or console. After creating your AWS CDK Lambda function, you can set multiple function capabilities and options such as permissions, environment variables, tags, and layers.
Hevo Data, a Fully-managed Data Pipeline platform, can help you automate, simplify & enrich your data replication process in a few clicks. With Hevo’s wide variety of connectors and blazing-fast Data Pipelines, you can extract & load data from 100+ Data Sources (including 40+ free data sources) like Amazon S3 and AWS Elasticsearch straight into your Data Warehouse or any Databases.
To further streamline and prepare your data for analysis, you can process and enrich raw granular data using Hevo’s robust & built-in Transformation Layer without writing a single line of code!
Get Started with Hevo for Free
Hevo is the fastest, easiest, and most reliable data replication platform that will save your engineering bandwidth and time multifold. Try our 14-day full access free trial today to experience an entirely automated hassle-free Data Replication!
Understanding the Salient Aspects of AWS Lambda Construct Library
The AWS construct library contains modules for each AWS service with constructs that provide an API that encapsulates the details of AWS usage. The AWS Construct Library reduces the complexity and connection logic required when integrating various AWS services to achieve your goals on AWS. You can check out the following aspects of the AWS Lambda construct library:
Docker Images
You specify the Lambda function’s handlers within docker images. The docker image can be an image from ECR or a local asset that the CDK will package and load into ECR.
- To understand this, observe the DockerImageFunction construct that uses a local folder with a Dockerfile as the asset that will be used as the AWS CDK Lambda function handler.
new lambda.DockerImageFunction(this, 'AssetFunction', {
code: lambda.DockerImageCode.fromImageAsset(path.join(__dirname, 'docker-handler')),
});
- Apart from the local asset, you can follow the example given below to specify an image that already exists in ECR as the AWS CDK Lambda Function handler.
import * as ecr from '@aws-cdk/aws-ecr';
const repo = new ecr.Repository(this, 'Repository');
new lambda.DockerImageFunction(this, 'ECRFunction', {
code: lambda.DockerImageCode.fromEcr(repo),
});
It is important to note that these docker image resources allow overriding the image’s CMD, ENTRYPOINT, and WORKDIR configurations and choosing a specific tag or digest.
Handler Code
You can deploy your code using lambda.Code class. This class has the following methods for different types of runtime code:
- lambda.Code.fromBucket(bucket, key[, objectVersion]): Denotes the S3 object that has the archive of your runtime code.
- lambda.Code.fromInline(code): You can use this to inline the handle code as a string.
- lambda.Code.fromAsset(path): This allows you to mention a directory or a .zip file in your local filesystem which will be zipped and uploaded to S3 before deployment.
- lambda.Code.fromDockerBuild(path, options): You can also use the result of a Docker build as code. Generally, the code is present at /asset in the image and will be zipped and uploaded to S3 as an asset.
For instance, you can go through the following python AWS CDK Lambda function example that deploys the code from the local directory new-aws-lambda-handler to it. Note that during synthesis, the CDK expects to find a directory on disk at the asset directory specified.
new lambda.Function(this, 'NewLambda', {
code: lambda.Code.fromAsset(path.join(__dirname, 'new-aws-lambda-handler')),
handler: 'index.main',
runtime: lambda.Runtime.PYTHON_3_6,
});
Function Timeout
With a default timeout of 3 seconds, AWS CDK Lambda functions allow you to increase it up to 15 minutes. You can reference this property elsewhere in your stack, for example, to create a CloudWatch alarm to report when your function timed out:
import * as cdk from '@aws-cdk/core';
import * as cloudwatch from '@aws-cdk/aws-cloudwatch';
const fn = new lambda.Function(this, 'NewFunction', {
runtime: lambda.Runtime.NODEJS_16_X,
handler: 'index.handler',
code: lambda.Code.fromAsset(path.join(__dirname, 'new-aws-lambda-handler')),
timeout: cdk.Duration.minutes(5),
});
if (fn.timeout) {
new cloudwatch.Alarm(this, `NewAlarm`, {
metric: fn.metricDuration().with({
statistic: 'Maximum',
}),
evaluationPeriods: 1,
datapointsToAlarm: 1,
threshold: fn.timeout.toMilliseconds(),
treatMissingData: cloudwatch.TreatMissingData.IGNORE,
alarmName: 'New Timeout',
});
}
Execution Role
AWS CDK Lambda functions assume an IAM(Identity and Access Management) role during runtime. By Default, AWS CDK Lambda functions will assume an autogenerated Role if you have not assigned it. Moreover, the autogenerated Role is automatically given permissions to run the Lambda function. You can use the following commands to reference the autogenerated Role:
const fn = new lambda.Function(this, 'NewFunction', {
runtime: lambda.Runtime.NODEJS_16_X,
handler: 'index.handler',
code: lambda.Code.fromAsset(path.join(__dirname, 'new-aws-lambda-handler')),
});
const role = fn.role; // the Role
For better control, you can also provide your own IAM role, though permission will not automatically be granted to run the AWS CDK Lambda function. You can provide a role and grant it appropriate permissions by following the example given below:
const myRole = new iam.Role(this, 'My Role', {
assumedBy: new iam.ServicePrincipal('sns.amazonaws.com'),
});
const fn = new lambda.Function(this, 'NewFunction', {
runtime: lambda.Runtime.NODEJS_16_X,
handler: 'index.handler',
code: lambda.Code.fromAsset(path.join(__dirname, 'new-aws-lambda-handler')),
role: myRole, // user-provided role
});
myRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaBasicExecutionRole"));
myRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaVPCAccessExecutionRole")); // only required if your function lives in a VPC
Resource-based Policies
AWS Lambda supports resource-based policies to control access to AWS CDK Lambda functions and tiers on a per-resource basis. Moreover, it gives AWS services and other AWS accounts the right to change and call functions. You can also limit AWS service permissions by specifying a source account or ARN(Amazon Resource Name).
declare const fn: lambda.Function;
const principal = new iam.ServicePrincipal('my-service');
fn.grantInvoke(principal);
// Equivalent to:
fn.addPermission('my-service Invocation', {
principal: principal,
});
Architecture
You will observe that by default AWS CDK Lambda functions run on compute systems that have the 64-bit x86 architecture. They also run on the ARM architecture, which can reduce costs for some workloads. Depending on your requirement, you can configure an AWS CDK Lambda function can be configured to be run on one of these platforms:
new lambda.Function(this, 'NewFunction', {
runtime: lambda.Runtime.NODEJS_16_X,
handler: 'index.handler',
code: lambda.Code.fromAsset(path.join(__dirname, 'new-aws-lambda-handler')),
architecture: lambda.Architecture.ARM_64,
});
Providing a high-quality ETL solution can be a difficult task if you have a large volume of data. Hevo’s Automated, No-Code Platform empowers you with everything you need to have for a smooth data replication experience.
Check out what makes Hevo amazing:
- Fully Managed: Hevo requires no management and maintenance as it is a fully automated platform.
- Data Transformation: Hevo provides a simple interface to perfect, modify, and enrich the data you want to transfer.
- Faster Insight Generation: Hevo offers near real-time data replication so you have access to real-time insight generation and faster decision making.
- Schema Management: Hevo can automatically detect the schema of the incoming data and map it to the destination schema.
- Scalable Infrastructure: Hevo has in-built integrations for 100+ Data Sources (with 40+ free sources) that can help you scale your data infrastructure as required.
- Live Support: Hevo team is available round the clock to extend exceptional support to its customers through chat, email, and support calls.
Sign up here for a 14-Day Free Trial!
Steps to create a Lambda Function in AWS CDK
To create and deploy an AWS CDK Lambda function. You can follow the easy steps given below:
Step 1: Instantiate Function Class
To create the AWS CDK Lambda Function, you have first instantiate the Function class.
import * as iam from 'aws-cdk-lib/aws-iam';
import * as lambda from 'aws-cdk-lib/aws-lambda';
import * as cdk from 'aws-cdk-lib';
import * as path from 'path';
export class CdkStarterStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
super(scope, id, props);
// lambda function definition
const lambdaFunction = new lambda.Function(this, 'lambda-function', {
runtime: lambda.Runtime.NODEJS_14_X,
memorySize: 1024,
timeout: cdk.Duration.seconds(5),
handler: 'index.main',
code: lambda.Code.fromAsset(path.join(__dirname, '/../src/new-lambda')),
environment: {
REGION: cdk.Stack.of(this).region,
AVAILABILITY_ZONES: JSON.stringify(
cdk.Stack.of(this).availabilityZones,
),
},
});
}
}
The above function configuration required the following properties:
- runtime: Represents the programming language and version used for the AWS CDK Lambda function.
- memorySize: 128 MB being the default value, this represents the amount of memory you want to allocate to the function.
- timeout: The time your function has to run before it is terminated.
- handler: This denotes the file storing the lambda function named index.js and the handler function that is named main.
- code: The source code of the lambda function.
- environment: A complete map of your environment variables.
Step 2: Add the code for the Lambda Function
After instantiating the function class, now you can add the code for the AWS CDK Lambda function at src/new-lambda/index.js:
async function main(event) {
console.log('region 👉', process.env.REGION);
console.log('availability zones 👉', process.env.AVAILABILITY_ZONES);
return {
body: JSON.stringify({message: 'SUCCESS 🎉'}),
statusCode: 200,
};
}
module.exports = {main};
Step 3: Adding IAM Permissions for Lambda Function
As discussed in the above section, IAM roles are automatically assigned for your AWS CDK Lambda functions. You can also view the already added CloudWatch logging permissions for your autogenerated role:
Image Source
You can simply add permissions to an AWS CDK Lambda function by attaching policies to the auto-generated role of the function. For instance, you can add a permission to list all of the S3 buckets in the account:
import * as iam from 'aws-cdk-lib/aws-iam';
import * as lambda from 'aws-cdk-lib/aws-lambda';
import * as cdk from 'aws-cdk-lib';
import * as path from 'path';
export class CdkStarterStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
super(scope, id, props);
// ... rest
// 👇 create a policy statement
const listBucketsPolicy = new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
actions: ['s3:ListAllMyBuckets'],
resources: ['arn:aws:s3:::*'],
});
// 👇 attach the policy to the function's role
lambdaFunction.role?.attachInlinePolicy(
new iam.Policy(this, 'list-buckets', {
statements: [listBucketsPolicy],
}),
);
}
}
Here, you have created a policy statement that allows the s3:ListAllMyBuckets action on all s3 resources and then successfully attached the policy to the role of the AWS CDK Lambda function.
Step 4: Deploy the Function
Finally, you can deploy the AWS CDK Lambda function using the following command:
npx aws-cdk deploy
To check if the desired permissions are added, you can navigate to the IAM management console and verify the role of the AWS CDK Lambda function. You will find that 2 permission policies are attached now, including the one that grants the s3:ListAllMyBuckets action.
Image Source
Conclusion
In this article, you have learned how to effectively create and deploy an AWS CDK Lambda function. AWS Lambda allows you to simply run your code as it manages the compute fleet that offers a balance of memory, CPU, network, and other resources for executing your code. It takes care of the operational and administrative activities on your behalf, including managing capacity, monitoring, and logging your AWS CDK Lambda functions. Using the AWS Lambda API or console, you can easily create, configure the additional properties and deploy them using programming languages such as JavaScript, TypeScript, Python, Java & .NET.
As you collect and manage your data in RabbitMQ and across several applications and databases in your business, it is important to consolidate it for a complete performance analysis of your business. However, it is a time-consuming and resource-intensive task to monitor the Data Connectors continuously. To achieve this efficiently, you need to assign a portion of your engineering bandwidth to Integrate data from all sources, Clean & Transform it, and finally, Load it to a Cloud Data Warehouse, BI Tool, or a destination of your choice for further Business Analytics. All of these challenges can be comfortably solved by a Cloud-based ETL tool such as Hevo Data.
Visit our Website to Explore Hevo
Hevo Data, a No-code Data Pipeline can transfer data in Real-Time from a vast sea of 100+ sources like Amazon S3 to a Data Warehouse such as Amazon Redshift, BI Tool, or a Destination of your choice. It is a reliable, completely automated, and secure service that doesn’t require you to write any code!
If you are using AWS products such as Amazon S3 & Amazon Redshift and searching for a no-fuss alternative to Manual Data Integration, then Hevo can effortlessly automate this for you. Hevo, with its strong integration with 100+ sources and BI tools(Including 40+ Free Sources), allows you to not only export & load data but also transform & enrich your data & make it analysis-ready in a jiffy.
Want to take Hevo for a ride? Sign Up for a 14-day free trial and simplify your Data Integration process. Do check out the pricing details to understand which plan fulfills all your business needs.
Share your experience of creating and deploying AWS CDK Lambda functions! Let us know in the comments section below!