## AWS Lambda for S3

-----

This notebook walks you through steps to create thumbnails for each image (.jpg and .png objects) uploaded to a S3 bucket. 
You will create a Lambda function (CreateThumbnail) that Amazon S3 invokes when objects are created. 
Then, the Lambda function will read the image object from the source bucket and create a thumbnail image in target bucket. 
We call it the _sourceresized_ bucket.

**Important**
There must be two buckets one for source and target. 
If you use the same bucket as the source and the target, each thumbnail uploaded to the source bucket triggers another object-created event, which then invokes the Lambda function again, creating an unwanted recursion.

<img src="../images/s3_flow.PNG">

Taken from AWS website

Sequence of actions performed.

- A user uploads an object to the source bucket in Amazon S3 (object-created event).


- Amazon S3 detects the object-created event.


- Amazon S3 publishes the s3:ObjectCreated:* event to AWS Lambda by invoking the Lambda function and passing event data as a function parameter.


- AWS Lambda executes the Lambda function by assuming the execution role that you specified at the time you created the Lambda function.


- From the event data it receives, the Lambda function knows the source bucket name and object key name. The Lambda function reads the object and creates a thumbnail using graphics libraries, and saves it to the target bucket.

<img src="../images/module4_exercises_process_flow.PNG">

#### Set the following parameters

In [1]:
################################### SET THE FOLLOWING PARAMETERS ###################################################
#***********************************************************************************
#Set the AWS Region
region = 'us-east-1'

#Set the AWS Access ID (Given to you buy the DSA staff)
access_id = 'AKIA2M4ITY7JQWGANH3B'  

#Set the AWS Access Key (Given to you buy the DSA staff)
access_key = 'PehA8Lji/KXz7Bw+llaHd4cffXXEedXC8zbhFH+T' 

#### Set the S3 bucket names and create client objects

In [9]:
import boto3
import botocore
import os
import zipfile
import datetime
import pandas
import json
import time
import getpass
from subprocess import call

# Set the username from system
system_user_name=getpass.getuser()

# Set the source S3 bucket name
source=system_user_name+".source"

# Set the target S3 bucket name
sourceresized=system_user_name+".sourceresized"

# Set the lambda name
lambda_name=system_user_name+"_CreateThumbnail"

# ami image code
ami_image = 'ami-8c1be5f6'

s3 = boto3.resource('s3', 
                   aws_access_key_id = access_id, 
                   aws_secret_access_key = access_key)
iam = boto3.client('iam', 
                   aws_access_key_id = access_id, 
                   aws_secret_access_key = access_key)
lamb = boto3.client('lambda', region_name=region, 
                   aws_access_key_id = access_id, 
                   aws_secret_access_key = access_key)

**Important**

Both the source bucket and the Lambda function must be in the same AWS region. In addition, the code used for the Lambda function also assumes that both of the buckets are in the same region. us-east-1 is the default region in this notebook.

You should have set up the AWS CLI by now. If you still haven't configured your credentials in AWS CLI, [click here](../../module2/extra_labs/Accessing_AWS_through_CLI.ipynb#Configuring-the-AWS-CLI) for guide to do that. 

## <span style="color:darkorange"><b>Activity 1.a:</b> </span>
<span style="color:blue">Create two S3 buckets with the bucket names stored in variables <b>source</b> and <b>sourceresized</b>. </span> 

S3 Client called "s3" has been created above. 

In [3]:
# Create an S3 client
s3 = boto3.client('s3',aws_access_key_id = access_id, 
                   aws_secret_access_key = access_key)


# Call S3 to list current buckets
response = s3.list_buckets()

# Get a list of all bucket names from the response
buckets = [bucket['Name'] for bucket in response['Buckets']]

# Print out the bucket list
#print("Bucket List: %s" % buckets)

In [4]:
len(buckets)

294

In [5]:
## your answer for activity 1.a goes here

source = (system_user_name + ".source")
sourceresized = (system_user_name + ".sourceresized")

s3.create_bucket(Bucket=source)
s3.create_bucket(Bucket=sourceresized)

{'ResponseMetadata': {'RequestId': 'RF2XAW2BP1APCMSS',
  'HostId': 'DTJUy9Tsw3HDp+G/5I3JAR8TuB4o4JAg3GZrwlVxbFIzuihMBuslsN5Frp52XBHcJpSzG/XIhqg=',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'x-amz-id-2': 'DTJUy9Tsw3HDp+G/5I3JAR8TuB4o4JAg3GZrwlVxbFIzuihMBuslsN5Frp52XBHcJpSzG/XIhqg=',
   'x-amz-request-id': 'RF2XAW2BP1APCMSS',
   'date': 'Sun, 14 Nov 2021 04:06:46 GMT',
   'location': '/lcmhng.sourceresized',
   'server': 'AmazonS3',
   'content-length': '0'},
  'RetryAttempts': 0},
 'Location': '/lcmhng.sourceresized'}


## <span style="color:darkorange"><b>Activity 1.b:</b> </span>
<span style="color:blue">Upload the image "ML.jpg" in images to the source S3 bucket. Remember the bucket name is in <b>source</b> variable. </span>

In [10]:
## your answer for activity 1.b goes here

s3.Object(source, "../images/ML.jpg").put(Body=open("../images/ML.jpg", 'rb'))

{'ResponseMetadata': {'RequestId': 'PQQVPYQ8AZS70MDE',
  'HostId': '80fmgPZCLbK7FI9v0RsSae3vfGi6ZA0vT0m2fQQPotbgI0BB1g/RCqkFAfQ0rabuVOgt7HMr43U=',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'x-amz-id-2': '80fmgPZCLbK7FI9v0RsSae3vfGi6ZA0vT0m2fQQPotbgI0BB1g/RCqkFAfQ0rabuVOgt7HMr43U=',
   'x-amz-request-id': 'PQQVPYQ8AZS70MDE',
   'date': 'Sun, 14 Nov 2021 04:07:29 GMT',
   'etag': '"e137008175a328ee2e4bcede66e79a0e"',
   'server': 'AmazonS3',
   'content-length': '0'},
  'RetryAttempts': 0},
 'ETag': '"e137008175a328ee2e4bcede66e79a0e"'}

### Create a Deployment Package

Following cell has the Python functions carried out by lambda and also installs dependencies. The code uploads the resized image to a different bucket with the same image name, as shown below:

    source-bucket/image.png -> source-bucketresized/image.png

<br>
**Note**
The from __future__ statement enables you to write code that is compatible with Python 2 or 3. If you are using runtime version 3.6, it is not necessary to include it.

In [11]:
# Opening a new file with name in lambda_name(which essentially system_user_name+"_CreateThumbnail") 
# for example skaf48_CreateThumbnail in write mode.

# Writing that small piece of code into the file which is in the form of sring. This is function that executes 
# when lambda is executed
with open(lambda_name+".py", "w") as myfile:
    myfile.write('''\
from __future__ import print_function
import boto3
import os
import sys
import uuid
from Pillow import Image
import Pillow.Image
     
s3_client = boto3.client('s3')
     
def resize_image(image_path, resized_path):
    with Image.open(image_path) as image:
        image.thumbnail(tuple(x / 2 for x in image.size))
        image.save(resized_path)

def handler(event, context):
    for record in event['Records']:
        bucket = record['s3']['bucket']['name']
        key = record['s3']['object']['key'] 
        download_path = '/tmp/{}{}'.format(uuid.uuid4(), key)
        upload_path = '/tmp/resized-{}'.format(key)
        
        s3_client.download_file(bucket, key, download_path)
        resize_image(download_path, upload_path)
        s3_client.upload_file(upload_path, '{}resized'.format(bucket), key)
''')

**Add your python code to the .zip file**

In [12]:
import os
import zipfile

# Open a zip file with same name in lambda_name(which essentially system_user_name+"_CreateThumbnail") in write mode
zf = zipfile.ZipFile(lambda_name+".zip", "w")

# Write the contents of above file we created into this zip folder
zf.write(lambda_name+".py")
zf.close()

The .zip file should contain Lambda function code and also dependencies. The dependencies must be downloaded and copied into the zip file. To do that launch an EC2 instance install the necessary packages and write them to zip file.

### Launch an EC2 instance

In [14]:
# Create an EC2 client object
ec2 = boto3.client('ec2',region_name=region, 
                   aws_access_key_id = access_id, 
                   aws_secret_access_key = access_key)

# Set the Security group name
Sec_group_name= system_user_name+"module4_Sec_group_2"

## <span style="color:darkorange"><b>Activity 2:</b> </span>
<span style="color:blue">Create a security group with the name in Sec_group_name variable. Modify the inbound security rules as you need to SSH into the instance to install software packages on the instance. </span>

In [15]:
# Create the security group

## your answer for activity 2 goes here

Create_SG_response = ec2.create_security_group(
    Description='security grp for s3 Bucket M4',
    GroupName=Sec_group_name
)
Sec_group=Create_SG_response["GroupId"]


Customize the security group to allow MU's TCP traffic and SSH requests. Configure the inbound rules to allow traffic as needed. 

In [16]:
# Modify Security Configuration to allow MU's IP addresses

try:
    sec_rule="ALL TCP"
    data = ec2.authorize_security_group_ingress(
        GroupId=Sec_group,
        IpPermissions=[
            {'IpProtocol': 'tcp',
             'FromPort': 0,
             'ToPort': 65535,
             'IpRanges': [{'CidrIp': '0.0.0.0/0'}]},
        ],)
    print("Ingress "+sec_rule+" added")
except:
    print(sec_rule+" already added")
#     print(data)

try:
    sec_rule="ALL TCP"
    data = ec2.authorize_security_group_ingress(
        GroupId=Sec_group,
        IpPermissions=[
            {'IpProtocol': 'tcp',
             'FromPort': 0,
             'ToPort': 65535,
             'UserIdGroupPairs': [{ 'GroupId': Sec_group }]
#              'IpRanges': [{'CidrIp': Sec_group}]},
            }],
#         SourceSecurityGroup=Sec_group_name
    )
    print("Ingress "+sec_rule+" added")
except:
    print(sec_rule+" already added")

try:
    sec_rule="Custom ICMP Rule - IPv4"
    data = ec2.authorize_security_group_ingress(
        GroupId=Sec_group,
        IpPermissions=[
            {'IpProtocol': 'icmp',
             'FromPort': 0,
             'ToPort': -1,
             'IpRanges': [{'CidrIp': '173.31.192.195/32'}]},
        ])
    print("Ingress "+sec_rule+" added")
except:
    print(sec_rule+" already added")
#     print(data)

try:
    sec_rule="ALL UDP"
    data = ec2.authorize_security_group_ingress(
        GroupId=Sec_group,
        IpPermissions=[
            {'IpProtocol': 'udp',
             'FromPort': 0,
             'ToPort': 65535,
             'UserIdGroupPairs': [{ 'GroupId': Sec_group }]
            }],
    )
    print("Ingress "+sec_rule+" added")
except:
    print(sec_rule+" already added")
#     print(data)

    
try:
    sec_rule="ALL ICMP"
    data = ec2.authorize_security_group_ingress(
        GroupId=Sec_group,
        IpPermissions=[
            {'IpProtocol': 'icmp',
             'FromPort': -1,
             'ToPort': -1,
             'UserIdGroupPairs': [{ 'GroupId': Sec_group }]
            }],
    )
    print("Ingress "+sec_rule+" added")
except:
    print(sec_rule+" already added")

    
try:
    sec_rule="ALL ICMP"
    data = ec2.authorize_security_group_ingress(
        GroupId=Sec_group,
        IpPermissions=[
            {'IpProtocol': 'icmp',
             'FromPort': -1,
             'ToPort': -1,
             'IpRanges': [{'CidrIp': '0.0.0.0/16'}]
            }],
    )
    print("Ingress "+sec_rule+" added")
except:
    print(sec_rule+" already added")


Ingress ALL TCP added
Ingress ALL TCP added
Ingress Custom ICMP Rule - IPv4 added
Ingress ALL UDP added
Ingress ALL ICMP added
Ingress ALL ICMP added


### Create a keypair

Create a keypair for the EC2 instance. We first generate a name to create a key with that name and also store the key in a file. ec2.create_key_pair() will create a keypair. System command echo is used to write the contents of keypair generated to a file created with same name as keypair. 

You have to modify the file permissions to provide readonly access. If the file is open, system will throw an error. Do chmod(file, 0o400) 

In [17]:
import time 
import os

ec2_pem_file=time.strftime("EC2-%d%m%Y%H%M%S-"+system_user_name)
ec2_key=ec2.create_key_pair(KeyName=ec2_pem_file)

#Don't do this unless you have a good reason
#print(emr_key['KeyMaterial'])

os.system("echo \""+ec2_key['KeyMaterial']+"\" > "+ec2_pem_file+".pem")
os.chmod(ec2_pem_file+".pem",0o400)

print("KeyName         : "+ec2_key['KeyName']+"\nKey Fingerprint : "+ec2_key['KeyFingerprint'])

KeyName         : EC2-13112021220812-lcmhng
Key Fingerprint : 9c:5c:23:f3:e0:05:eb:35:0a:ff:7d:e8:07:12:36:c4:9b:dc:96:d9


## Create Instance
## <span style="color:darkorange"><b>Activity 3:</b> </span> 
<span style="color:blue">Create an EC2 instance using the security group and keypair created. </span>

In [18]:
## your answer for activity 3 goes here

instances = ec2.run_instances(
    ImageId='ami-8c1be5f6',
    MinCount=1, 
    MaxCount=1,
    KeyName=ec2_pem_file,
    TagSpecifications=[
        {
            'ResourceType': 'instance',
            'Tags': [
                        {   'Key': 'Name',
                            'Value': 's3_Exercise'
                        }
                    ]
        }
    ],
    InstanceType="t2.micro",
    SecurityGroupIds=[
        Sec_group
    ],
    
)

#### Get the instance id of newly created EC2 instance.

In [19]:
new_instance_id = instances["Instances"][0]["InstanceId"]

#### Check the status of Instance

Use the poll function to make instance is completely set up and is ready for use. 

In [20]:
def poll_until_completed(client, ins_id):
    delay = 2
    while True:
        instance = client.describe_instances(InstanceIds=[ins_id,])
        status = instance["Reservations"][0]["Instances"][0]["State"]["Name"]
#         message = cluster.get('Message', '')
        now = str(datetime.datetime.now().time())
    
        print("instance %s is %s at %s" % (ins_id, status, now))
        if status in ['running','terminated']:
            break

        # exponential backoff with jitter
        delay *= random.uniform(1.1, 2.0)
        time.sleep(delay)

#### Run the below cell for the status of instance.

In [21]:
import random
import time

poll_until_completed(ec2, new_instance_id)  # Can't use it until it's COMPLETED

instance i-0977d2d4be8dcbcc2 is pending at 22:09:02.354809
instance i-0977d2d4be8dcbcc2 is pending at 22:09:05.449120
instance i-0977d2d4be8dcbcc2 is pending at 22:09:09.085111
instance i-0977d2d4be8dcbcc2 is pending at 22:09:13.566132
instance i-0977d2d4be8dcbcc2 is pending at 22:09:19.392112
instance i-0977d2d4be8dcbcc2 is running at 22:09:28.411433


#### Using the instanceId captured above, use describe_instances() method to get instance details. Instance details has public DNS address.


In [22]:
inst_det = ec2.describe_instances(
    InstanceIds=[
        new_instance_id,
    ]
)

### Get the public DNS address of the new instance.

In [23]:
instance_pub_dns=inst_det["Reservations"][0]["Instances"][0]["PublicDnsName"]
instance_pub_dns

'ec2-54-163-221-222.compute-1.amazonaws.com'

### Create a Deployment Package

The deployment package is a .zip file containing the Lambda function code and dependencies.

- You will create a folder and put the lambda function code and dependencies in it.

## <span style="color:darkorange"><b>Activity 4:</b> </span>
<span style="color:blue">In order to create a deployment package push the lambda function code file to EC2 instance </span>


In my case the file name is "skaf48_CreateThumbnail.py". For you, it should be "your_pawprint_CreateThumbnail.py". Move the file using SCP command as shown below. 



    scp -i key.pem /path/to/lambdafile.py ec2-user@public-ip-address:~/skaf48_CreateThumbnail.py

In [20]:
## your answer for activity 4 goes here

# The following command was run in the terminal

# cd'd into exercise folder to run

# scp -i EC2-13112021220812-lcmhng.pem lcmhng_CreateThumbnail.py ec2-user@ec2-54-163-221-222.compute-1.amazonaws.com:~/lcmhng_CreateThumbnail.py


### Connect to EC2 instance via SSH.

Run below cell and copy the output. paste it in the terminal. Use the terminal to SSH into the instance and install the software packages. 

In [24]:
print("ssh -i "+os.getcwd()+"/"+ec2_pem_file+".pem ec2-user@"+instance_pub_dns)

ssh -i /dsa/home/lcmhng/jupyter/f21dsa8420_lcmhng/module4/exercises/EC2-13112021220812-lcmhng.pem ec2-user@ec2-54-163-221-222.compute-1.amazonaws.com


## <span style="color:darkorange"><b>Activity 5:</b>  </span>
<span style="color:blue">Run all the commands listed below in the same sequence as shown below in the terminal. </span>

<hr size="6" width="100%" noshade style="border-color:#FF0000" align="left">


<br>
**Install Python 3.6 and virtualenv using the following steps:**


```bash


sudo yum install -y gcc zlib zlib-devel openssl openssl-devel

wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tgz

tar -xzvf Python-3.6.1.tgz

cd Python-3.6.1 && ./configure && make

sudo make install

sudo /usr/local/bin/pip3 install virtualenv


```

<br>
**Choose the virtual environment that was installed via pip3**


```bash

/usr/local/bin/virtualenv ~/shrink_venv

source ~/shrink_venv/bin/activate

```

<br>
**Install libraries in the virtual environment **

```bash

pip install Pillow

pip install boto3

```

<br>
** Add the contents of lib and lib64 site-packages to your .zip file.**

**Note: ** that the following steps assume you used Python runtime version 3.6. If you used version 2.7 you will need to update accordingly.

<span style="color:red"><b> change the folder name below. Replace pawprint with yours. </b></span>


```bash

cd $VIRTUAL_ENV/lib/python3.6/site-packages

zip -r9 ~/pawprint_CreateThumbnail.zip *


```



<br>
** Add your python code to the .zip file**

<span style="color:red"><b> Change the file names below. Replace the word pawprint with your actual pawprint. </b></span>


```bash

cd ~

zip -g pawprint_CreateThumbnail.zip pawprint_CreateThumbnail.py

```

<br>
**Upload the zip file to S3**. Check to see if the CreateThumbnail.zip file exists by running "dir" command. <span style="color:red"><b> Run "aws configure" and set up credentials </span> so you can access AWS services through Command line. 


```bash

dir

aws configure

aws s3api create-bucket --bucket <pawprint>-bucket-module4

aws s3 cp pawprint_CreateThumbnail.zip s3://<pawprint>-bucket-module4/

```

### Create the Execution Role (IAM Role)


Create an IAM role using the following predefined role type and access permissions policy:

- AWS service role of the type AWS Lambda – This role grants AWS Lambda permissions to assume the role. Role Type, would be AWS Lambda in AWS Service Roles. This grants the AWS Lambda service permissions to assume the role.


- **`AWSLambdaExecute`** access permissions policy that you attach to the role. Attach the default Policy, AWSLambdaBasicExecuteRole.


- Enter a Role name and then choose Create role. For Role Name, use a name that is unique within your AWS account (for example, skaf48-lambda-s3-execution-role).

## <span style="color:darkorange"><b>Activity 6:</b> </span>
<span style="color:blue"> Write a function to create an AWS role for performing lambda. </span>

<span style="color:red">Hint: This should be similar to what we have done in the DynamoDB triggers lab. </span>


In [25]:
# Your answer for activity 6

# Complete the function 

def create_role(name, policies=None):
    """ Create a role with an optional inline policy """
    policydoc = {
        "Version": "2012-10-17",
        "Statement": [
            {"Effect": "Allow", "Principal": {"Service": ["lambda.amazonaws.com"]}, "Action": ["sts:AssumeRole"]},
        ]
    }
    roles = [r['RoleName'] for r in iam.list_roles()['Roles']]
    if name in roles:
        print('IAM role %s exists' % (name))
        role = iam.get_role(RoleName=name)['Role']
    else:
        print('Creating IAM role %s' % (name))
        role = iam.create_role(RoleName=name, AssumeRolePolicyDocument=json.dumps(policydoc))['Role']

    # attach managed policy
    if policies is not None:
        for p in policies:
            iam.attach_role_policy(RoleName=role['RoleName'], PolicyArn=p)
    return role

#### Call above function create_role() to create IAM role. 

In [27]:
# Call above function to create the role with predefined role type and access policy
role = create_role(system_user_name + '_lambda-s3-execution-role', 
                   policies=['arn:aws:iam::aws:policy/AWSLambdaExecute'])

Creating IAM role lcmhng_lambda-s3-execution-role


### Create the Lambda Function (Upload the Deployment Package)
## <span style="color:darkorange"><b>Activity 7:</b> </span> 
<span style="color:blue">Create a Lambda function by uploading the deployment package. Deployment package is the zip folder you created in the EC2 instance and uploaded to S3 bucket. </span>

The source of deployment package is the S3 bucket as shown below.  

    Code={'S3Bucket':bucket,  # bucket and key are the input arguments to the function. 
      'S3Key':key }


Refer the documentation of [create_function()](http://boto3.readthedocs.io/en/latest/reference/services/lambda.html#Lambda.Client.create_function) method for the syntax. 


<br>

The function should check if a lambda function with specified name already exists. If yes then it should update the code for existing lambda. Else, it should create a new lambda. 

In [32]:
# Your answer for activity 7

# Complete the function 


def create_function(name, bucket, key, lsize=512, timeout=120, update=False):
    """ Create the lambda function or update if exists"""
    print("role:",role)
    
    with open(key, 'rb') as zipfile:
        if name in [f['FunctionName'] for f in lamb.list_functions()['Functions']]:
            if update:
                print('Updating %s lambda function code' % (name))
                return lamb.update_function_code(FunctionName=name, ZipFile=zipfile.read())
            else:
                print('Lambda function %s exists' % (name))
                for f in lamb.list_functions()['Functions']:
                    if f['FunctionName'] == name:
                        lfunc = f
        else:
            print('Creating %s lambda function' % (name))
            lfunc = lamb.create_function(
                FunctionName=name,
                Runtime='python3.6',
                Role=role['Arn'],
                Handler=lambda_name+'.handler',
                Description='Example lambda function',
                Timeout=timeout,
                MemorySize=lsize,
                Publish=True,
                Code={'ZipFile': zipfile.read()},
            )
        lfunc['Role'] = role
        return lfunc

## <span style="color:darkorange"><b>Activity 8:</b> </span>
<span style="color:blue"> Call create_function() to create the lambda. </span>

The parameter update=True will ensure the existing lambda is updated with the  supplied code in the zip file. Give correct values to bucket and key variables.


In [33]:
#lfunc = create_function(lambda_name,bucket="lcmhng.source", key="lcmhng_CreateThumbnail.zip", update=True)
lfunc = create_function(lambda_name,bucket="lcmhng-bucket-module4", key="lcmhng_CreateThumbnail.zip", update=True)

role: {'Path': '/', 'RoleName': 'lcmhng_lambda-s3-execution-role', 'RoleId': 'AROA2M4ITY7JZJGG5LHBQ', 'Arn': 'arn:aws:iam::714861692883:role/lcmhng_lambda-s3-execution-role', 'CreateDate': datetime.datetime(2021, 11, 14, 4, 25, 37, tzinfo=tzutc()), 'AssumeRolePolicyDocument': {'Version': '2012-10-17', 'Statement': [{'Effect': 'Allow', 'Principal': {'Service': ['lambda.amazonaws.com']}, 'Action': ['sts:AssumeRole']}]}}
Updating lcmhng_CreateThumbnail lambda function code


### Test the Lambda Function (Invoke Manually)

Invoke the Lambda function manually using sample Amazon S3 event data and test it manually. Following is the Amazon S3 sample event data. 

<span style="color:red"><b>Note: </b> Update the JSON by providing your sourcebucket name.</span> Replace the existing bucket name and bucket ARN with correct values in below cell.

```
"bucket":{  
   "name":" *** give source bucket name here *** ", 
   "ownerIdentity":{  
      "principalId":"A3NL1KOZZKExample"
   },
   "arn":"arn:aws:s3:::< *** give the ARN of source bucket *** "  
},

```

In [48]:

input_data=b"""{  
   "Records":[  
      {  
         "eventVersion":"2.0",
         "eventSource":"aws:s3",
         "awsRegion":"us-east-1",
         "eventTime":"1970-01-01T00:00:00.000Z",
         "eventName":"ObjectCreated:Put",
         "userIdentity":{  
            "principalId":"AIDAJDPLRKLG7UEXAMPLE"
         },
         "requestParameters":{  
            "sourceIPAddress":"127.0.0.1"
         },
         "responseElements":{  
            "x-amz-request-id":"C3D13FE58DE4C810",
            "x-amz-id-2":"FMyUVURIY8/IgAtTv8xRjskZQpcIZ9KG4V5Wp6S7S/JRWeUWerMUE5JgHvANOjpD"
         },
         "s3":{  
            "s3SchemaVersion":"1.0",
            "configurationId":"testConfigRule",
            "bucket":{  
               "name":"lcmhng.source", 
               "ownerIdentity":{  
                  "principalId":"A3NL1KOZZKExample"
               },
               "arn":"arn:aws:s3:::lcmhng.source"  
            },
            "object":{  
               "key":"ML.jpg",
               "size":1024,
               "eTag":"e137008175a328ee2e4bcede66e79a0e",
               "versionId":"096fKKXTRTtl3on89fVO.nfljtsv6qko"
            }
         }
      }
   ]
}"""

#### Test the Lambda function by invoking it manually using sample S3 event data.


In [49]:
# Invoke the lambda manually

response = lamb.invoke(
    FunctionName=lambda_name,
    InvocationType='RequestResponse',
    LogType='Tail',
    Payload=input_data
)
response

{'ResponseMetadata': {'RequestId': 'f72f98be-c047-417c-ac38-e0116e1e43ba',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'date': 'Sun, 14 Nov 2021 04:42:22 GMT',
   'content-type': 'application/json',
   'content-length': '68',
   'connection': 'keep-alive',
   'x-amzn-requestid': 'f72f98be-c047-417c-ac38-e0116e1e43ba',
   'x-amz-function-error': 'Unhandled',
   'x-amzn-remapped-content-length': '0',
   'x-amz-executed-version': '$LATEST',
   'x-amz-log-result': 'U1RBUlQgUmVxdWVzdElkOiBmNzJmOThiZS1jMDQ3LTQxN2MtYWMzOC1lMDExNmUxZTQzYmEgVmVyc2lvbjogJExBVEVTVApVbmFibGUgdG8gaW1wb3J0IG1vZHVsZSAnbGNtaG5nX0NyZWF0ZVRodW1ibmFpbCc6IE5vIG1vZHVsZSBuYW1lZCAnUGlsbG93JwoKRU5EIFJlcXVlc3RJZDogZjcyZjk4YmUtYzA0Ny00MTdjLWFjMzgtZTAxMTZlMWU0M2JhClJFUE9SVCBSZXF1ZXN0SWQ6IGY3MmY5OGJlLWMwNDctNDE3Yy1hYzM4LWUwMTE2ZTFlNDNiYQlEdXJhdGlvbjogMC40OCBtcwlCaWxsZWQgRHVyYXRpb246IDEgbXMJTWVtb3J5IFNpemU6IDUxMiBNQglNYXggTWVtb3J5IFVzZWQ6IDQ5IE1CCQo=',
   'x-amzn-trace-id': 'root=1-619093ae-02a1ab4a6d150d4917c011be;sampled=0'},
  '

----

**If the above cell ran succesfully then the test is passed. You should see an image written to sourceresized folder in S3. See below for sample output**

<img src="../images/size_comparision.PNG">

### Add an Event Source (Configure Amazon S3 to Publish Events)


In this step, you add the remaining configuration so that Amazon S3 can publish object-created events to AWS Lambda and invoke the Lambda function. You do the following in this step:

- Add permissions to the Lambda function access policy to allow Amazon S3 to invoke the function.


- Add notification configuration to your source bucket. In the notification configuration, you provide the following:
    
    - Event type for which you want Amazon S3 to publish events. For this tutorial, you specify the s3:ObjectCreated:* event type so that Amazon S3 publishes events when objects are created.

    - Lambda function to invoke.

<span style="color:red"><b>Note: </b> Replace the existing bucket ARN with correct value in below cell.</span>

In [36]:
response = lamb.add_permission(
    FunctionName=lambda_name,
    StatementId=time.strftime(system_user_name+"%d%m%Y%H%M%S"), # some-unique-id 
    Action='lambda:InvokeFunction', 
    Principal='s3.amazonaws.com',
    SourceArn='arn:aws:s3:::lcmhng.source',   # ARN of the source bucket, Change the value with your pawprint
    SourceAccount='714861692883'   # bucket-owner-account-id
)

Verify the function's access policy by running the AWS CLI get-policy command.

In [37]:
response = lamb.get_policy(
    FunctionName=lambda_name
)
response

{'ResponseMetadata': {'RequestId': '0327d233-a17c-4224-895a-9210c5714a8f',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'date': 'Sun, 14 Nov 2021 04:36:45 GMT',
   'content-type': 'application/json',
   'content-length': '494',
   'connection': 'keep-alive',
   'x-amzn-requestid': '0327d233-a17c-4224-895a-9210c5714a8f'},
  'RetryAttempts': 0},
 'Policy': '{"Version":"2012-10-17","Id":"default","Statement":[{"Sid":"lcmhng13112021223644","Effect":"Allow","Principal":{"Service":"s3.amazonaws.com"},"Action":"lambda:InvokeFunction","Resource":"arn:aws:lambda:us-east-1:714861692883:function:lcmhng_CreateThumbnail","Condition":{"StringEquals":{"AWS:SourceAccount":"714861692883"},"ArnLike":{"AWS:SourceArn":"arn:aws:s3:::lcmhng.source"}}}]}',
 'RevisionId': '99080a6d-884a-4d07-bd5f-d6aa35b363d6'}

### Configure Notification on the Bucket

Add notification configuration on the source bucket to request Amazon S3 to publish object-created events to Lambda. In the configuration, you specify the following:

- Event type – Since we want to know when ever an object is cretaed in source bucket, its ObjectCreated (All) Amazon S3 event type.


- Lambda function – Your Lambda function that you want Amazon S3 to invoke.

### Get the lambda function details

In [38]:
response = lamb.get_function(
    FunctionName=lambda_name
)

### Get the lambda function ARN

In [39]:
response["Configuration"]["FunctionArn"]

'arn:aws:lambda:us-east-1:714861692883:function:lcmhng_CreateThumbnail'

## <span style="color:darkorange"><b>Activity 8:</b></span>
<span style="color:blue">Add notification configuration to the source S3 bucket.  </span>

```
        'LambdaFunctionConfigurations': [
            {
                'LambdaFunctionArn': response["Configuration"]["FunctionArn"],
                'Events': ['s3:ObjectCreated:*']
            }


```

[Refer to the documentation](http://boto3.readthedocs.io/en/latest/reference/services/s3.html#S3.Client.put_bucket_notification_configuration) for syntax. Ignore "QueueConfigurations" and "TopicConfigurations" as shown in the documentation. You only have to configure LambdaFunctionConfigurations. 

In [40]:
## Your answer fr activity 8. Complete the code.

s3_client = boto3.client('s3', 
                   aws_access_key_id = access_id, 
                   aws_secret_access_key = access_key)

response = s3_client.put_bucket_notification_configuration(
    
    Bucket='lcmhng.source',
    NotificationConfiguration={
        
        'LambdaFunctionConfigurations': [
            {
                'Id': 'string',
                'LambdaFunctionArn': response["Configuration"]["FunctionArn"],
                'Events': ['s3:ObjectCreated:*'],
                'Filter': {
                    'Key': {
                        'FilterRules': [
                            {
                                'Name': 'prefix',
                                'Value': 'string'
                            },
                        ]
                    }
                }
            },
        ]
    }
)

### Test the Setup

## <span style="color:darkorange"><b>Activity 9:</b> </span>
<span style="color:blue">Test the setup by uploading a .jpg file to source S3 bucket.  
Upload .jpg or .png objects to the source bucket. Verify that the thumbnail was created in the target bucket using the CreateThumbnail lambda function. </span>

In [41]:
## Your answer fr activity 9.
s3.Object(source, "../images/cloudwatch_logs.PNG").put(Body=open("../images/cloudwatch_logs.PNG", 'rb'))

{'ResponseMetadata': {'RequestId': '1DB8YYRCJW9T5K6S',
  'HostId': '4PmwRh0vIqCzUekPJdXsIWo8pq09UfAbLz4B5xQ88/ROKVQGlYZsilajZ5ZeGXmGwxUOJDdn084=',
  'HTTPStatusCode': 200,
  'HTTPHeaders': {'x-amz-id-2': '4PmwRh0vIqCzUekPJdXsIWo8pq09UfAbLz4B5xQ88/ROKVQGlYZsilajZ5ZeGXmGwxUOJDdn084=',
   'x-amz-request-id': '1DB8YYRCJW9T5K6S',
   'date': 'Sun, 14 Nov 2021 04:36:59 GMT',
   'etag': '"45adc3ed5b9e6ba906e61ca924d3f26a"',
   'server': 'AmazonS3',
   'content-length': '0'},
  'RetryAttempts': 0},
 'ETag': '"45adc3ed5b9e6ba906e61ca924d3f26a"'}

### Delete SSH Keypair

In [50]:
# Delete SSH Keypair

try:
    os.remove(ec2_pem_file+'.pem')
    print('Local Key Deleted')
except:
    print('Local Key Not Found')
    
response = ec2.delete_key_pair(KeyName=ec2_pem_file)
print('\nAWS Metadata: ')
print('http Status Code : '+str(response['ResponseMetadata']['HTTPStatusCode']))
print('Request ID       : '+response['ResponseMetadata']['RequestId'])
print('Retries          : '+str(response['ResponseMetadata']['RetryAttempts']))

Local Key Deleted

AWS Metadata: 
http Status Code : 200
Request ID       : df46657e-30a8-42e2-b39c-f9cbe7f50330
Retries          : 0


### Terminate the EC2 instance

In [51]:
ec2 = boto3.resource('ec2', region_name=region, 
                   aws_access_key_id = access_id, 
                   aws_secret_access_key = access_key)

ec2.instances.filter(InstanceIds=[new_instance_id,]).terminate()

[{'TerminatingInstances': [{'CurrentState': {'Code': 32,
     'Name': 'shutting-down'},
    'InstanceId': 'i-0977d2d4be8dcbcc2',
    'PreviousState': {'Code': 16, 'Name': 'running'}}],
  'ResponseMetadata': {'RequestId': '201cac4b-98c5-4c7d-8232-bdcf3414fa41',
   'HTTPStatusCode': 200,
   'HTTPHeaders': {'x-amzn-requestid': '201cac4b-98c5-4c7d-8232-bdcf3414fa41',
    'cache-control': 'no-cache, no-store',
    'strict-transport-security': 'max-age=31536000; includeSubDomains',
    'vary': 'accept-encoding',
    'content-type': 'text/xml;charset=UTF-8',
    'transfer-encoding': 'chunked',
    'date': 'Sun, 14 Nov 2021 05:26:52 GMT',
    'server': 'AmazonEC2'},
   'RetryAttempts': 0}}]

### Delete the security group

Run the polling function to make sure instance is terminated. You cant delete the security group while a running instance is using it. 

In [52]:
import random
import time

ec2 = boto3.client('ec2', region_name=region, 
                   aws_access_key_id = access_id, 
                   aws_secret_access_key = access_key)
poll_until_completed(ec2, new_instance_id)  # Can't use it until it's COMPLETED

instance i-0977d2d4be8dcbcc2 is shutting-down at 23:26:54.302576
instance i-0977d2d4be8dcbcc2 is shutting-down at 23:26:57.070797
instance i-0977d2d4be8dcbcc2 is shutting-down at 23:27:01.590766
instance i-0977d2d4be8dcbcc2 is shutting-down at 23:27:10.221759
instance i-0977d2d4be8dcbcc2 is shutting-down at 23:27:24.590902
instance i-0977d2d4be8dcbcc2 is terminated at 23:27:44.464051


In [53]:
SG_delete_response = ec2.delete_security_group(
    GroupId=Sec_group,
)


# Save your notebook!

# <span style="color:red">******************* STOP ***************</span>

## <span style="background:red">Don't delete the buckets. Leave them for evaluation. </span>




In [None]:
# executing this cell will delete the source bucket 
import boto3
source = 'pawprint.source'
s3 = boto3.resource('s3', 
                  aws_access_key_id = access_id, 
                  aws_secret_access_key = access_key)
bucket = s3.Bucket(source)

for key in bucket.objects.all():
    key.delete()
bucket.delete()

In [None]:
# executing this cell will delete the source resized bucket 
sourceresized = 'pawprint.sourceresized'
bucket = s3.Bucket(sourceresized)

for key in bucket.objects.all():
   key.delete()
bucket.delete()

In [None]:
# executing this cell will delete the pawprint-bucket-module4 bucket 
bucket-module4 = 'pawprint-bucket-module4'
bucket = s3.Bucket(bucket-module4)

for key in bucket.objects.all():
   key.delete()
bucket.delete()