AWS Lambda Tutorial
AWS Lambda Useful resources
Selected Reading
- AWS Lambda - Additional Example
- Monitoring and TroubleShooting using Cloudwatch
- AWS Lambda@Edge with CloudFront
- Lambda Function with Custom User Applications
- Lambda Function with Amazon Kinesis
- Lambda Function with CloudTrail
- Lambda Function with Amazon SNS
- Lambda Function with Scheduled Events
- Lambda Function with Amazon DynamoDB
- Lambda Function with Amazon S3
- Working with Amazon API Gateway
- Deleting Lambda Function
- AWS Executing & Invoking Lambda Function
- Creating & Deploying using Serverless Framework
- Creating & Deploying using AWS CLI
- Creating & Deploying using AWS Console
- Configuring Lambda Function
- Function in C#
- Function in Go
- Function in Python
- Function in Java
- Function in NODEJS
- Building the Lambda function
- AWS Lambda - Introduction
- AWS Lambda - Environment Setup
- AWS Lambda - Overview
- AWS Lambda - Home
AWS Lambda Useful resources
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
Lambda Function with CloudTrail
Using Lambda Function with CloudTrail
AWS CloudTrail is a service available with Amazon, which helps to logs all the activities done inside AWS console. It logs all the API calls and stores the history, which can be used later for debugging purpose. Note that we cannot trigger Lambda from CloudTrail. Instead, CloudTrail stores all the history in the form of logs in S3 bucket and we can trigger AWS Lambda from S3. Once any logs are to be processed, AWS Lambda will get triggered whenever any logs are added to S3 bucket.
Requisites
Before you start to work with AWS CloudTrail, S3 and AWS Lambda, you need to perform the following −
Create S3 bucket to store CloudTrail logs
Create SNS service
Create a trail in CloudTrail and assign the S3 bucket and SNS service
Create IAM role with permission.
Create aws lambda function
AWS Lambda configuration
Example
Let s consider an example which shows the working of AWS CloudTrail, S3 and AWS Lambda. Here, we will create a bucket in S3 which will store all the logs for any interaction done in AWS console. Let us create SNS topic and pubpsh it. For this action, the logs will be entered as a file in S3. AWS lambda will get triggered which will send mail using Amazon SES service.
The block diagram for explaining this process is as shown below −
Create S3 Bucket to Store CloudTrail logs
Go to AWS console and cpck S3 service. Cpck Create bucket and enter the name of the bucket you want to store cloudtrail logs as shown −
Observe that here we have created a S3 bucket cloudtraillogsaws for storing the logs.
Create SNS Service
Go to AWS console and cpck Simple notification Service. Select topics from left side and cpck Create new topic button.
We have created topic called displaytrail to pubpsh a topic. Its details will get stored in S3bucket that is created above.
Create a Trail in Cloudtrail and Assign the S3 bucket and SNS service
Go to AWS console and cpck CloudTrail service from Management tools as shown −
Cpck Trails from the left side as shown below −
Cpck Create Trail button. Enter the Trail name, Apply trail to all regions and choose Yes. Then So the logs will be appped for all the region.
For Read/Write events, choose All. Add the S3 bucket and SNS topic details as shown below. You can create a new one here or add an existing one.
Note that there are options available to encrypt log files, enable log file vapdation, send sns notification for every log file depvery etc. I have used the default values here. You can allow file encryption and it will ask for encryption key. Cpck on Create Trail button once the details are added.
Create IAM Role with Permission
Go to AWS console and select IAM. Create a role with permission for S3, Lambda, CloudTrail and SES for sending email. The role created is as shown below −
Create AWS Lambda Function
Go to AWS service and cpck Lambda service. Add the function name, select runtime as nodejs, and select the role created for the lambda function. Following is the lambda function created.
AWS Lambda Configuration
Next, we need to add S3 as the trigger for AWS lambda created.
Add the S3 bucket details to add the trigger and add the following AWS Lambda code −
const aws = require("aws-sdk");
const sns = new aws.SNS({
region: us-east-1
});
var ses = new aws.SES({
region: us-east-1
});
exports.handler = function(event, context, callback) {
console.log("AWS lambda and SNS trigger ");
console.log(event);
const s3message = "Bucket Name:"+event.Records[0].s3.bucket.name+"
Log details:"+event.Records[0].s3.object.key;
console.log(s3message);
var eParams = {
Destination: {
ToAddresses: ["xxxxxxxxx12@gmail.com"]
},
Message: {
Body: {
Text: {
Data:s3message
}
},
Subject: {
Data: "cloudtrail logs"
}
},
Source: "coxxxxxx@gmail.com"
};
var email = ses.sendEmail(eParams, function(err, data) {
if (err) console.log(err);
else {
console.log("===EMAIL SENT===");
console.log("EMAIL CODE END");
console.log( EMAIL: , email);
context.succeed(event);
callback(null, "email is send");
}
});
};
Note that we are taking the S3 bucket and log details from the event and sending mail using SES service as shown above.
Whenever any activity takes place in AWS console, the logs will be sent to S3 bucket and at the same time, AWS lambda will get triggered and the mail will be send to the email id mentioned in the code.
Note that you can process the logs as per your needs in AWS Lambda.
Advertisements