Aws Execute Lambda Functions on S3 Event Triggers

Amazon's S3 service for file storage is its ability to interface directly with the Lambda service.AWS Lambda, it’s essentially code execution in the cloud. There are no servers to manage nor even a terminal window! Lambda is a window that gives you the ability to run code without concerning yourself with anything else.

One of the coolest features of Lambda though is its ability to natively integrate with other AWS services. In Lambda, your code is broken down into functions. Each function contains not only the code to execute but also what action will trigger that code as well as other execution options

Lambda allows you to define various triggers which can be hundreds of different events provided by dozens of different event sources. These events can then be subscribed to act as a trigger to kick off one or more Lambda functions. In our case, we’re going to use the S3 event provider. One of the most common event providers to act as Lambda triggers is the S3 service. Events are being fired all of the time in S3 from new files that are uploaded to buckets, files being moved around, deleted, etc. All of this activity fires events of various types in real-time in S3.

Setting up the Lambda S3 Role

Lambda needs to have permission to access your S3 bucket upon getting executed. Besides, it is optional to CloudWatch if you intend to log Lambda activity. Before starting to build your Lambda function, you need to create an IAM role that Lambda will use to work with S3 and to write logs to CloudWatch. When you set up this role, you must adhere to appropriate S3 and CloudWatch policies. We have shown an example below. As you can see, the policy grants the role of access to my CloudWatch logs and gives full authority to S3.

"Version": "2012-10-17",

"Statement": [

{

"Effect": "Allow",

"Action": [

"logs:*"

],

"Resource": "arn:aws:logs:*:*:*"

},

{

"Effect": "Allow",

"Action": [

"s3:GetObject",

"s3:PutObject"

],

"Resource": "arn:aws:s3:::*"

}

],

"Statement": [

{

"Effect": "Allow",

"Action": "s3:*",

"Resource": "*"

}

]

}

Creating the Lambda Function – Adding Code

Once you have the role set up, you’ll then need to create the function. To do that, you’ll browse to Lambda and click Create Function

Creating the Lambda Function – Adding the Trigger

Once I have the code you’ll be using inside of the function, I’ll then create the S3 trigger by selecting it on the left-hand side. Since I want to trigger off of new uploads, I’ll create this event to trigger off of the PUT event.

I can optionally choose a prefix or suffix if I decide to narrow down the filter criteria

The Lambda function we created here consists of a role with appropriate rights to both the S3 service and CloudWatch. It also has the code to execute and finally the event trigger. Once you combine all these objects, you have an immense potential to perform even the most complicated of automation tasks in AWS