GUIでぽちぽちやるのはナンセンスだと上司に言われたのでLambda関数作成をコード化してみました(´┐`)ォェー
◆やること
CloudShellからCLIでLambda関数を作成(+ IAM Role,Policy)
◆構成
◆実践!
1.ポリシー作成
# aws iam create-policy --policy-name MyFunction-policy --policy-document \ '{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "logs:CreateLogGroup", "Resource": "arn:aws:logs:ap-northeast-1:xxxxxxxxxxx:*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ "arn:aws:logs:ap-northeast-1:xxxxxxxxxxx:log-group:/aws/lambda/MyFunction:*" ] } ] }'
output: { "Policy": { "PolicyName": "MyFunction-policy", "PolicyId": "ANPA3QANHVTEE67KDQWUZ", "Arn": "arn:aws:iam::xxxxxxxxxxx:policy/MyFunction-policy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2023-05-04T06:18:14+00:00", "UpdateDate": "2023-05-04T06:18:14+00:00" } }
2.ロール作成
# aws iam create-role --role-name MyFunction-Role --assume-role-policy-document \ '{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }'
output: { "Role": { "Path": "/", "RoleName": "MyFunction-Role", "RoleId": "AROA3QANHVTEK3ZXNHXSV", "Arn": "arn:aws:iam::xxxxxxxxxxx:role/MyFunction-Role", "CreateDate": "2023-05-04T06:48:43+00:00", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } } }
3.ロールにポリシーをアタッチ
# aws iam attach-role-policy --role-name MyFunction-Role \ --policy-arn arn:aws:iam::xxxxxxxxxxx:policy/MyFunction-policy
4.Pythonコード作成
# vi test1.py import json def lambda_handler(event, context): # TODO implement return { 'statusCode': 200, 'body': json.dumps('Hello from Lambda!') } # zip test1.zip test1.py # ls ※test1.zipが作成されていること
5.Lambda関数作成
# aws lambda create-function --function-name MyFunction \ --zip-file fileb://test1.zip --handler test1.lambda_handler --runtime python3.10 \ --role arn:aws:iam::xxxxxxxxxx:role/MyFunction-Role
output: { "FunctionName": "MyFunction", "FunctionArn": "arn:aws:lambda:ap-northeast-1:xxxxxxxxxx:function:MyFunction", "Runtime": "python3.10", "Role": "arn:aws:iam::xxxxxxxxxx:role/MyFunction-Role", "Handler": "test.lambda_handler", "CodeSize": 262, "Description": "", "Timeout": 3, "MemorySize": 128, "LastModified": "2023-05-04T06aaws lambda delete-function \ --function-name ${LAMBDA_FUNC_NAME}:50:24.364+0000", "CodeSha256": "B4mMJ3hN8aanPe+HVyWwsom83XOaulceRCFECe/0JRI=", "Version": "$LATEST", "TracingConfig": { "Mode": "PassThrough" }, "RevisionId": "13198a02-4295-4092-a1c8-7f9fdc44039d", "State": "Pending", "StateReason": "The function is being created.", "StateReasonCode": "Creating", "PackageType": "Zip", "Architectures": [ "x86_64" ], "EphemeralStorage": { "Size": 512 }, "SnapStart": { "ApplyOn": "None", "OptimizationStatus": "Off" }, "RuntimeVersionConfig": { "RuntimeVersionArn": "arn:aws:lambda:ap-northeast-1::runtime:7764dc7f3ff1fc45718f596be4cd03d7bca223f0586f3bfa5fe6584d6af81cd8" } }
★備考
ハンドラーの指定は、[ファイル名※拡張子なし].[関数名]の模様
※下記のように階層が変わってもハンドラーの指定方法は変わらない。
◆後処理
# aws lambda delete-function --function-name MyFunction
※正常に削除された場合、outputはなし。
◆感想
ハンドラーの指定方法が少し癖がありましたがなんとかできた!
コードをZip化するのが面倒なのでこれもCLI化できないかな。