AWS Lambda provides various libraries for different programming languages. These libraries are available by default and can be used directly in the Lambda execution environment.
What would we do if we wanted to use a library that is not supported in Lambda functions? To create an AWS Lambda function with external libraries using the AWS Command Line Interface (CLI), we will have to upload a
Follow the steps given below to create a deployment package supported by the Lambda function:
Suppose that you want to use the numpy
library in a Lambda function, which is not supported by default. Create a file named lambda_function.py
in the dir
directory. You can use custom names for the file and directory.
/dir
directory with lambda_function.py
in it.import jsonimport numpy as npdef lambda_handler(event, context):# TODO implement# This function serves as the entry point for the Lambda function.# It receives two parameters: 'event' represents the input data,# and 'context' provides runtime information.# Placeholder comment indicating that the function implementation is incomplete# and needs to be filled in.# Return a successful response with an HTTP status code of 200 and a response body# containing the JSON representation of the string 'Numpy is here'return {'statusCode': 200,'body': json.dumps('Numpy is here')}
Install numpy
in the dir
directory. Here, the --target
specified directory becomes the target location for installing the package:
pip install --target ./dir numpy
Move into the dir
directory that includes the Lambda function code and the external numpy
library and create a .zip
archive at the root. The -r
flag tells zip
to include all files and subdirectories within the current working directory when creating the archive.
cd dirzip -r ../deployment_package.zip .
For the creation of a Lambda function, we need an AWS Identity and Access Management (IAM) role, which allows the Lambda function to operate. An IAM role is a feature that gives selective permissions and access to several resources through the policies attached to it. AWS services can assume these roles to temporarily gain the permissions defined in the role policy. The AWS services that can assume the role are defined by the trust policy attached to it. Follow the steps given below to create a Lambda function.
Create a role for the Lambda function. Here, --role-name
defines the name of the role, and it should be a unique name—we cannot create two roles with a single name. --assume-role-policy-document
is the trust policy. The trust policy given below will only allow AWS Lambda service to assume this role.
Copy the ARN of the role from the output of the command below and save it someplace safe.
aws iam create-role \--role-name lambda-role \--assume-role-policy-document '{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Principal": {"Service": "lambda.amazonaws.com"},"Action": "sts:AssumeRole"}]}'
To provide permissions for the Lambda function to operate, use an AWSLambdaBasicExecutionRole
predefined policy. Use the --role-name
flag to specify the role to which you are attaching the policy and the --policy-arn
flag to specify the policy you are attaching to the role.
aws iam attach-role-policy \--role-name lambda-role \--policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
To create the lambda function with the code added to the deployment package, use the create-function
command. The --function-name
flag is used to define the name (unique) of the Lambda function. We can specify the language supported by the Lambda function with the --runtime
flag. The --handler
flag acts as a roadmap for the Lambda service, directing it to the exact function within the code that should be invoked to process incoming events. The --zip-file
flag is used to specify the location of the deployment package that has to be uploaded in the Lambda function. At last, the role
flag is used to specify the role that will be attached to the Lambda function.
Replace the <role-arn>
with the ARN of the role we copied previously.
cd ..aws lambda create-function \--function-name MyLambda \--runtime python3.8 \--handler lambda_function.lambda_handler \--zip-file fileb://deployment_package.zip \--role <role-arn>
Check the status of the Lambda function. If the state is “Active,” move on to the next command. Otherwise, wait for some time and check the status again.
aws lambda get-function \--function-name MyLambda
You can test it by invoking the function with the aws lambda invoke
command and writing the payload to the file using the --payload
flag. We can see the contents of the file with the cat
command.
aws lambda invoke --function-name MyLambda --payload '{}' output.txtcat output.txt
Run the commands given above using this widget. Enter your AWS access_key_id
and secret_access_key
in the widget below before running any commands. If you don’t have these keys, follow the steps in the AWS documentation to generate the keys.
Note:
The IAM user whose credentials are being used must have the permissions to perform all the required actions.
If you get stuck in the terminal, press “q.”
import json import numpy as np def lambda_handler(event, context): # TODO implement return { 'statusCode': 200, 'body': json.dumps('Numpy is here') }