/lambda-aurora-example

AWS Lambda function interacting with AWS RDS Aurora cluster in VPC

Primary LanguagePython

AWS Lambda function example

This repo contains example of AWS lambda function interacting with AWS RDS Aurora cluster in VPC. To create AWS resources used Terrafom.

TL;DR

1. Inspect 'params' file
2. Set environment variables with AWS credentials
   2.1. export AWS_ACCESS_KEY_ID="YOUAWSACCESSKEY"
   2.2. export AWS_SECRET_ACCESS_KEY="YoUseCretAcCessKeyHeRe"
3. Run 'manage' script to check what AWS resources should be created
   3.1. ./manage plan
4. Run 'manage' script to deploy resources over AWS
   4.1. ./manage deploy
5. Test Lambda function 'lambda-demo' in AWS colnsole
6. Run 'manage' script to destroy resources
   6.1. ./manage destroy

AWS resources

There is manage Bash script used to create/destroy all necessary demo resources over AWS:

  • AWS VPC in specified region (configurable in params file)
    • Two Subnets in VPC
    • Internet gateway for subnets
    • Route table with linked subnets pointed to Internet gateway as default route
    • Security group with ingress access only within VPC
  • AWS RDS Aurora cluster
    • DB subnet group in VPC
    • Two RDS Aurora instances (db.t2.medium) joined in cluster
  • AWS Lambda function lambda-demo
    • IAM role for Lambda function
    • IAM Role Policy for Lambda fucntion (used to allow Lambda have access to resources in VPC)

Run manage script without agruments to see usage info:

 $ ./manage

Usage: manage <command>

Commands:

    plan        check what should be deployed
    deploy      create AWS resources or deploy changes
    destroy     destroy AWS resources totally (be carefull, no roll back)

Lambda function source

Lambda-demo is simple Python application that do:

  • connect to Aurora RDS cluster
  • drop table Emploee3 if it exists
  • create table Emploee3
  • insert 3 rows in table (names Joe,Bob,Mary)

Source code placed in lambda directory (Python lib pymysql used)

For connecting to Aurora RDS cluster rds_config.py file used. It created dinamically when manage script finished. This file contains credentials and endpoint for Aurora cluster created in AWS.

Important note

Aurora RDS resides in VPC. Lambda must have ability to run fucntions (create temporary instances) in VPC too. It managed by configuring corresponding IAM Policy for lambda. Terrafrom code creates and destroys all necessary resources automatically. You could inspect IAM polices in lambda.tf file.

Testing Lambda function

You could test Lambda in AWS console:

Choose Lambda in console, select lambda-demo function and press 'Test function' in 'Actions' menu

pic1

Input blank test event and press 'Save and test' button

pic2

Inspect results and logs (in CloudWatch logs)

pic3

Destroy demo resources

Do not forget destroy all demo resources by ./manage destroy