Skip to content

Latest commit

 

History

History
83 lines (55 loc) · 5.42 KB

README.md

File metadata and controls

83 lines (55 loc) · 5.42 KB

Beginning AWS Lambda

What is this?

This repository is an exercise of improving my understanding of how AWS Lambda works and how it integrates with other AWS services.

What does it do?

When deployed to AWS and invoked, it publishes a cheatsheet of values returned by Ref and Fn::GetAtt (!GetAtt) intrinsic functions for various CloudFormation resources and their properties. Source of this information is the AWS CloudFormation User Guide repository itself.

How does it do that?

  1. The main branch of aforementioned user guide repo is fetched as a zip archive and uploaded to a S3 bucket.
  2. Documentation files of CloudFormation resources are extracted to an EFS folder, from the archive in S3.
  3. The Return Values section of the resource files are copied to separate files in EFS and indexed in DynamoDB.
  4. The Cheatsheet is generated by concatenating the individual Return Values section files in alphabetical order using the index from DynamoDB.

Note: The source files of the user guide and the final cheatsheet are all in Markdown format.

What is NOT considered? Answer: Security & Testing

The focus area of this repository is how AWS Lambda works and integrates with other AWS services — not Security and Testing.

Nothing about this repo or the app is sensitive. So while the app works, this is in no way a model of how to build secure applications — not remotely.

While some of the resources (e.g., VPC subnet and end points) are private, the permissions around them are still more permissive than a typical enterprise application should have.

Besides secutiry, testing isn't a focus area of this repo/app either. The JavaScript (Node.js) code itself is borrowed from the source repo aws-cloudformation-attributes and modified lightly to work with Lambda.

How does it actually work?

Following are the main CloudFormation resources of this Rube Goldberg application:

  • Lambda function getAwsDocsRepo
  • S3 bucket
  • Lambda function unzipRepoArchive
  • EFS
  • SNS (invocation destination)
  • Lambda function createAttributeFiles
  • DynamoDB table cfnAttributeFilesIndex
  • SQS (invocation destination)
  • Lambda function generateCheatSheet
  • S3 static site

The Lambda functions are the main actors. Each one performs one of the sequence of steps noted in "How does it do that" section, using the other AWS services listed above.

There are a few other resources in this app too, like -

  • Lambda layer hosting the Node.js AWS SDK
  • EFS Access Point
  • EFS Mount Target
  • Private subnet (associated with EFS Mount Target) in a custom VPC
  • VPC End Points for S3 and SQS

Note: While Lambda function containers come with AWS SDK installed, that SDK isn't always up-to-date. So AWS recommends users bundle the latest version with their code. Hence the use of layer.

All these resources are grouped into following CloudFormation stacks:

  1. lib-aws-sdk: Node.js AWS SDK layer
  2. lambda-efs-vpc: EFS, VPC and related resources
  3. beginning-lambda: Lambda functions, S3 buckets, SNS topic, SQS

Note: The beginning-lambda stack depends on the other two stacks, so it should be deployed last.

Why?

While this repo started as a way to understand Lambda better, it quickly turned into an exercise of learning CloudFormation better, mostly because I prefer doing something in an automated/scripted manner to doing something using UIs. While AWS documentation is good, creating a resource with CloudFormation often needed looking up attributes of other resources. I couldn't find a one-stop reference to Return Values of various CloudFormation resources. So I set out to create one, straight from source. The result of that work is the repo linked at this document's end. Porting that simple repo to work with AWS Lambda offered a way to understand Lambda better. I went all-in and made it as complex as possible using as many other AWS services as possible.

Notes

Resources & References