Creating a AWSLambda triggered by a push on CodeCommit
Introduction
This tutorial explains how to create such a simple “infrastructure” that it could serve as a fun hello world for someone entering the DevOps world. However, as of 13/02/2024, it takes days of Google searching and hours of chatting with the new artificial intelligences that will conquer the world to accomplish this simple stack.
In this article, we will only delve into creating the stack. To install SAM locally, refer to this article
Table of contents
∘ Global Template Setup
∘ Creating AWS Event Watcher
∘ Creating AWS Lambda Function
∘ Configuring Lambda Invocation Permission
∘ Creating Event Role
∘ Complete Template
Global Template Setup
The global setup of the template.yaml file should be as follows:
# template.yaml
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: ''
Globals:
Function:
Timeout: 300
MemorySize: 128
Resources:
<List of Resources (Event, Lambda, Rule, etc.)>
Creating AWS Event Watcher
The first step is to create the event that will trigger our function. This process requires configuring parameters such as the repository and event details:
MyEventRule: # Event name
Type: AWS::Events::Rule
Properties:
EventPattern:
source:
- aws.codecommit # Event source type
detail-type:
- 'CodeCommit Repository State Change' # Event detail type, don't change it
resources: # You can define multiple resources
- <code_commit_repo_arn> # Code commit repository Arn
detail:
event:
- referenceCreated
- referenceUpdated
referenceType:
- branch # reference type can be multiple types (tag, commit etc.)
referenceName:
- master # branch name
Targets:
- Id: MyFunctionTrigger
Arn: !GetAtt MyFunction.Arn # Lambda function arn
RoleArn: !GetAtt MyEventRole.Arn # Event role arn
Creating AWS Lambda Function
The second step is to create the function itself. This process involves configuring basic parameters such as runtime and policies, along with other parameters to add the event as a trigger for the function:
MyFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: src/ # Directory for app.py
Handler: app.lambda_handler # Change if your main is another function instead lambda_handler
Runtime: python3.11 # Python runtime
Architectures:
- x86_64
Policies: # Add policies for your lambda, so you can access AWS services
- AmazonS3ReadOnlyAccess
Events:
MyEventRule: # Add event we just created
Type: EventBridgeRule
Properties:
Pattern:
source:
- !GetAtt MyEventRule.Arn # EventRule Arn
Configuring Lambda Invocation Permission
The next two steps are to configure permissions to invoke the lambda. First, create an AWS::Lambda::Permission:
MyFunctionPermission:
Type: AWS::Lambda::Permission
Properties:
FunctionName:
!Ref MyFunction
Action: "lambda:InvokeFunction" # Allowing to invoke lambda function
Principal: "events.amazonaws.com"
SourceArn: !GetAtt MyEventRule.Arn # Configure source arn that can invoke function
Creating Event Role
The last step is to configure the event within which we define the event policies to trigger the lambda by creating an AWS::IAM::Role:
MyEventRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
-
Effect: Allow
Principal:
Service:
- events.amazonaws.com
Action: sts:AssumeRole
Path: /
Policies:
-
PolicyName: lambda-invoke
PolicyDocument:
Version: 2012-10-17
Statement:
-
Effect: Allow
Action: lambda:InvokeFunction
Resource: !GetAtt MyFunction.Arn
Complete Template
For convenience, here’s a copy of the complete template to facilitate the copy-paste process:
# Complete template.yaml
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: ''
Globals:
Function:
Timeout: 300
MemorySize: 128
Resources:
MyEventRule: # Event name
Type: AWS::Events::Rule
Properties:
EventPattern:
source:
- aws.codecommit # Event source type
detail-type:
- 'CodeCommit Repository State Change' # Event description
resources: # You can define multiple resources
- <code_commit_repo_arn> # Code commit repository Arn
detail:
event:
- referenceCreated
- referenceUpdated
referenceType:
- branch # reference type can be multiple types (tag, commit etc.)
referenceName:
- master # branch name
Targets:
- Id: MyFunctionTrigger
Arn: !GetAtt MyFunction.Arn # Lambda function arn
RoleArn: !GetAtt MyEventRole.Arn # Event role arn
MyFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: src/ # Directory for app.py
Handler: app.lambda_handler # Change if your main is another function instead lambda_handler
Runtime: python3.11 # Python runtime
Architectures:
- x86_64
Policies: # Add policies for your lambda, so you can access AWS services
- AmazonS3ReadOnlyAccess
Events:
MyEventRule: # Add event we just created
Type: EventBridgeRule
Properties:
Pattern:
source:
- !GetAtt MyEventRule.Arn # EventRule Arn
MyFunctionPermission:
Type: AWS::Lambda::Permission
Properties:
FunctionName:
!Ref MyFunction
Action: "lambda:InvokeFunction" # Allowing to invoke lambda function
Principal: "events.amazonaws.com"
SourceArn: !GetAtt MyEventRule.Arn # Configure source arn that can invoke function
MyEventRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
-
Effect: Allow
Principal:
Service:
- events.amazonaws.com
Action: sts:AssumeRole
Path: /
Policies:
-
PolicyName: lambda-invoke
PolicyDocument:
Version: 2012-10-17
Statement:
-
Effect: Allow
Action: lambda:InvokeFunction
Resource: !GetAtt MyFunction.Arn
By following the steps outlined in this tutorial, you can automate tasks and streamline your development process with ease. Embrace the power of AWS Lambda and CodeCommit integration to unlock new efficiencies in your projects.
Thank you for reading, and happy coding!