Skip to content

Instantly share code, notes, and snippets.

@sangam14
Created September 26, 2024 07:34
Show Gist options
  • Save sangam14/fe8f5095269cd4203dfaab7d27e172b0 to your computer and use it in GitHub Desktop.
Save sangam14/fe8f5095269cd4203dfaab7d27e172b0 to your computer and use it in GitHub Desktop.
AWS Lambda with Terraform (In-Depth)
# AWS Lambda with Terraform (In-Depth)
## Overview
- Automate deployment and management of AWS Lambda functions
- Terraform allows declarative infrastructure management
## Terraform Components
### AWS Provider
- Configure the AWS provider to connect to the AWS account
- Example:
```terraform
provider "aws" {
region = "us-west-2"
}
```
### AWS Lambda Function
- Define the Lambda function resource with various configurations
- Example:
```terraform
resource "aws_lambda_function" "example" {
function_name = "my_lambda"
runtime = "python3.8"
handler = "lambda_function.lambda_handler"
role = aws_iam_role.lambda_role.arn
filename = "lambda_function.zip"
memory_size = 128
timeout = 10
environment {
variables = {
"ENV_VAR_1" = "value1"
}
}
}
```
### Lambda Function Configuration
- **Key Attributes**
- `function_name`: Name of the Lambda function
- `runtime`: Supported runtimes (Python, Node.js, Go, Java, etc.)
- `handler`: Entry point of the function (e.g., `index.handler`)
- `memory_size`: Memory allocation (128 MB to 10 GB)
- `timeout`: Maximum execution time (1 to 900 seconds)
- `environment`: Environment variables for the function
- `role`: IAM role to allow function execution
### Deployment Package
- **Package Code**
- Use `filename` to specify the deployment package (ZIP file)
- Example:
```terraform
filename = "lambda_function.zip"
```
- **Source Code from S3**
- Deploy code from an S3 bucket instead of local files
- Example:
```terraform
s3_bucket = "lambda-deployment-bucket"
s3_key = "lambda_function.zip"
```
### Lambda Layers
- Use Lambda Layers to share dependencies across functions
- Example:
```terraform
resource "aws_lambda_layer_version" "example" {
layer_name = "my_layer"
filename = "layer.zip"
compatible_runtimes = ["python3.8"]
}
```
- **Attach Layers to Lambda Function**
- Example:
```terraform
resource "aws_lambda_function" "example" {
function_name = "my_lambda"
layers = [aws_lambda_layer_version.example.arn]
}
```
### IAM Role for Lambda
- **IAM Role Setup**
- Define IAM role for Lambda execution
- Example:
```terraform
resource "aws_iam_role" "lambda_role" {
name = "lambda_execution_role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
```
### IAM Policy for Lambda
- **Basic Execution Role Policy**
- Attach policies for basic Lambda execution (CloudWatch logs, etc.)
- Example:
```terraform
resource "aws_iam_policy_attachment" "lambda_policy_attachment" {
name = "lambda_policy_attachment"
roles = [aws_iam_role.lambda_role.name]
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}
```
### VPC Configuration
- Deploy Lambda inside a VPC for network isolation
- Example:
```terraform
resource "aws_lambda_function" "example" {
function_name = "my_vpc_lambda"
vpc_config {
subnet_ids = ["subnet-12345", "subnet-67890"]
security_group_ids = ["sg-123456"]
}
}
```
### Event Source Mapping
- Trigger Lambda functions from AWS services like S3, SNS, SQS, or DynamoDB Streams
#### S3 Event Source
- Trigger Lambda on S3 object creation
- Example:
```terraform
resource "aws_s3_bucket_notification" "example" {
bucket = aws_s3_bucket.example.bucket
lambda_function {
lambda_function_arn = aws_lambda_function.example.arn
events = ["s3:ObjectCreated:*"]
}
}
```
#### API Gateway Integration
- Trigger Lambda via an API Gateway request
- Example:
```terraform
resource "aws_api_gateway_rest_api" "example" {
name = "example_api"
}
resource "aws_lambda_permission" "api_gateway_invoke" {
statement_id = "AllowExecutionFromApiGateway"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.example.function_name
principal = "apigateway.amazonaws.com"
source_arn = "${aws_api_gateway_rest_api.example.execution_arn}/*/*"
}
```
#### CloudWatch Event Trigger
- Schedule Lambda function execution using CloudWatch Events
- Example:
```terraform
resource "aws_cloudwatch_event_rule" "example" {
name = "example_rule"
schedule_expression = "rate(5 minutes)"
}
resource "aws_lambda_permission" "cloudwatch_event_permission" {
statement_id = "AllowExecutionFromCloudWatch"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.example.function_name
principal = "events.amazonaws.com"
source_arn = aws_cloudwatch_event_rule.example.arn
}
```
#### DynamoDB Stream Trigger
- Trigger Lambda from changes in a DynamoDB stream
- Example:
```terraform
resource "aws_lambda_event_source_mapping" "dynamodb_trigger" {
event_source_arn = aws_dynamodb_table.example.stream_arn
function_name = aws_lambda_function.example.arn
starting_position = "LATEST"
}
```
#### SQS Event Source
- Trigger Lambda when messages are added to an SQS queue
- Example:
```terraform
resource "aws_lambda_event_source_mapping" "sqs_trigger" {
event_source_arn = aws_sqs_queue.example.arn
function_name = aws_lambda_function.example.arn
batch_size = 10
}
```
### Logging and Monitoring
- **CloudWatch Logs**
- Automatically send Lambda logs to CloudWatch
- Example:
```terraform
resource "aws_cloudwatch_log_group" "lambda_logs" {
name = "/aws/lambda/my_lambda"
retention_in_days = 14
}
```
- **CloudWatch Metrics**
- Monitor Lambda metrics (invocations, errors, duration)
- Example:
```terraform
resource "aws_cloudwatch_metric_alarm" "lambda_error_alarm" {
alarm_name = "LambdaErrorAlarm"
comparison_operator = "GreaterThanThreshold"
evaluation_periods = 1
metric_name = "Errors"
namespace = "AWS/Lambda"
period = 300
statistic = "Sum"
threshold = 1
actions_enabled = true
}
```
### Reserved Concurrency
- Reserve concurrency limits for Lambda function
- Example:
```terraform
resource "aws_lambda_function" "example" {
reserved_concurrent_executions = 5
}
```
## Terraform Workflow
- **terraform init**: Initialize Terraform for AWS provider and backend
- **terraform plan**: Preview the infrastructure changes
- **terraform apply**: Apply changes and deploy Lambda functions
- **terraform destroy**: Destroy Lambda infrastructure
## Best Practices
- Version control the deployment package (ZIP)
- Use Terraform remote state for shared environments
- Separate resource creation into modules for maintainability
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment