search

awsm-org / awsm

AWSM: Amazon Web Services Modules – Re-usable, standardized and optimized Lambda functions ready for deployment and easy installation into serverless projects
170 stars 12 forks source link

Define standards for non-Amazon API Gateway modules #11

Open binoculars opened 8 years ago

binoculars commented 8 years ago

Some Lambda functions are useful while only being triggered from S3 events, DynamoDB streams, SNS, etc. Having tooling around these would be extremely valuable.

Since there are (Edit: no limited) CloudFormation options for hooking up events to Lambda functions, we'll have to build that in.

austencollins commented 8 years ago

:+1: We'll tackle this after Re:invent. They will be announcing some Lambda versioning updates that we want to support that might also not be supported by CF.

dekz commented 8 years ago

This seems to have been added recently: AWS::Lambda::EventSourceMapping

Though it only supports Kinesis and DynamoDB :-1:

binoculars commented 8 years ago

@dekz Thanks for sharing that! Hopefully soon on S3 and SNS. Kind of odd since S3 Events were the initial use case for Lambda.

dekz commented 8 years ago

I think we're going to have to continue to fake it till they make it.

"lambda": {
    "enVars": [],
    "package": {},
    "excludePatterns": {},
    "cloudFormation": {
        "Description": "",
        "MemorySize": 1024,
        "Runtime": "nodejs",
        "Timeout": 6
    }
},
"apiGateway": {
     "cloudFormation": {}
+},
+"eventSource": [
+  "apiGateway1": {
+   "type": "apiGateway",
+    "properties": {}
+   // Must use cli
+  },
+  "kinesisAbcd": {
+   "type": "kinesis",
+    "properties": {
+      "arn": "abcd:dev:stage:123"
+    }
+    // Can use AWS::Lambda::EventSourceMapping
+  },
+]
+}

Right now each lambda has a shared role, do we need to think about fine grain control on IAM roles for each lambda? So Lambda1 has restricted access to Kinesis, Lambda2 can read.

binoculars commented 8 years ago

@dekz I would think we'd want to support both shared roles and 1:1 roles.

binoculars commented 8 years ago

It appears that the Event Source can now be configured from the S3 side with Amazon Simple Storage Service NotificationConfiguration LambdaConfigurations. Likewise, in SNS, the Amazon SNS Subscription Property Type takes

{
   "Endpoint" : "arn:aws:lambda:region:account-id:function:function-name",
   "Protocol" : "lambda"
}

Still need to come up with a canonical way to specify it in AWS Modules.