This tutorial will walk you through how to use the “Invoking a Lambda Function” feature.
We will assume you have:
We are going to perform the following steps to “Invoking a Lambda Function”:
During this process you will check your progress by verifying what the framework is doing at each step.
Here are the steps you need to follow to “Invoking a Lambda Function”
This guide assumes that a role exists within the spoke account that can be assumed by the Service Catalog Tools account. The name of this role would need to be the same across all spoke accounts, and the role would need permissions appropriate for your lambda function(s) to be able to complete its tasks. For the purpose of this example, a CloudFormation template has been provided that you can use to create the role in the spoke account that will allow our sample lambda function to run successfully.
We will need to create the AWS Lambda function that will be executed by the framework. This function will exist in the account where you have installed the Service Catalog Tools. When you want to perform an action in a spoke account you should read the account_id and region properties from the event object. If you want to use parameters they are available using the parameters attribute in the event object.
You should save the following into a file named create-iam-group-lambda.yaml
You should then use AWS CloudFormation to create a stack named create-iam-group-lambda using the template you just created
Now we are ready to add a lambda invocation to the manifest file.
Navigate to the ServiceCatalogPuppet CodeCommit repository
Click the ServiceCatalogPuppet repository
Click the link to the manifest.yaml file, and then click the Edit button
Add the following snippet to the end of the main input field:
Now that we have updated the manifest file we are ready to commit our changes.
Using a good / unique commit message will help you understand what is going on later.
Once you have made your changes the ServiceCatalogPuppet Pipeline should have run or if you were quick may still be running. If it has not yet started feel free to the hit the Release change button.
Once it has completed it should show the Source and Deploy stages in green to indicate they have completed successfully:
Once you have verified the pipeline has run you can go to IAM Groups Console in the spoke account to view the IAM Group created by the lambda invoke labeled sc-tools-invoke-lambda-test-group.
You have now successfully invoked a lambda function!