依赖:本文需要了解AWS 架构设计基础知识

AWS Lambda

AWS Lambda 是一项无服务器计算服务,可运行代码来响应事件并为您自动管理底层计算资源。这些事件可能包括状态更改或更新,例如用户将商品放入电子商务网站的购物车中。您可以使用 AWS Lambda 通过自定义逻辑来扩展其他 AWS 服务,或创建您自己的按 AWS 规模、性能和安全性运行的后端服务。AWS Lambda 可以自动运行代码来响应多个事件,例如,通过 Amazon API Gateway 发送的 HTTP 请求、Amazon Simple Storage Service (Amazon S3) 存储桶中的对象修改、Amazon DynamoDB 中的表更新以及 AWS Step Functions 中的状态转换。

创建IAM角色

附件托管策略

AWSLambdaVPCAccessExecutionRole
AWSLambdaRole
CloudWatchAgentServerPolicy
SecretsManagerReadWrite
AmazonS3FullAccess
AmazonSNSFullAccess

信任关系

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "lambda.amazonaws.com",
                    "secretsmanager.amazonaws.com"
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

创建Lambda触发器

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Parameters:
    Environment:
        Type: String
        Default: DEV
    EnvironmentName:
        Type: String
        Default: d
    CustomerName:
        Description: The name of the customer
        Type: String
        Default: [your-compony-name]
    ProjectName:
        Description: The name of the project
        Type: String
        Default: [your-project-name]
    #Secret infomations
    SecretManagerARN:
        Type: String
        Default: [your-secretmanager-arn]
    S3BktName:
        Type: String
        Default: [your-s3-name]
    BaseLayerS3FileName:
        Type: String
        Default: [your-lambda-base-layer-named-in-s3]
    LambdaSubnetIds:
        Description: The subnet ids of the lambda service
        Type: List<AWS::EC2::Subnet::Id>
        Default: xxxxxxx,xxxxxxx
    LambdaSecurityGroups:
        Description: security groups for lambda
        Type: List<AWS::EC2::SecurityGroup::Id>
        Default: xxxxxxxxx
Globals:
    Function:
        Timeout: 3
        Runtime: nodejs14.x
Resources:
    LambdaFunction:
        Type: AWS::Serverless::Function
        Properties:
            FunctionName: !Sub ${CustomerName}-${ProjectName}-job-xxx-${EnvironmentName}-lambda
            InlineCode: |
                exports.handler = function(event, context) {
                    console.log('Empty lambda need to be replaced!');
                };
            Handler: index.handler
            Layers:
                - Ref: ServerlessBaseLayer
            Role: !Sub 'arn:aws-cn:iam::${AWS::AccountId}:role/${CustomerName}-${ProjectName}-lambda-vpc-role-${EnvironmentName}-iamr'
            Timeout: 900
            VpcConfig: 
                SecurityGroupIds: !Ref LambdaSecurityGroups
                SubnetIds: !Ref LambdaSubnetIds
            Environment:
                Variables:
                    LOG_LEVEL: DEBUG
            Tags:
                ApplName: Your-APP-NAME
        Metadata:
            SamResourceId: LambdaFunction
    ScheduledRule:
        Type: AWS::Events::Rule
        Properties:
            Name: !Sub ${CustomerName}-${ProjectName}-job-xxx-${EnvironmentName}-event
            # Run at 16:10 pm (UTC) every day
            ScheduleExpression: cron(10 16 * * ? *)
            State: 'ENABLED'
            Targets:
                - Arn:
                      Fn::GetAtt:
                          - LambdaFunction
                          - Arn
                  Id: 'LambdaFunctionV1'
    PermissionForEventsToInvokeLambda:
        Type: AWS::Lambda::Permission
        Properties:
            FunctionName: !Ref LambdaFunction
            Action: 'lambda:InvokeFunction'
            Principal: 'events.amazonaws.com'
            SourceArn:
                Fn::GetAtt:
                    - ScheduledRule
                    - Arn
    #All resource base on layers
    ServerlessBaseLayer:
        Type: AWS::Serverless::LayerVersion
        Properties:
            LayerName: !Sub ${CustomerName}-${ProjectName}-job-layerbase-${EnvironmentName}-lambda
            ContentUri:
                Bucket: !Ref S3BktName
                Key: !Ref BaseLayerS3FileName
            CompatibleRuntimes:
                - nodejs14.x
            LicenseInfo: MIT
            RetentionPolicy: Retain
        Metadata:
            SamResourceId: ServerlessBaseLayer
# aws
Logo
亚马逊云科技Build On社区

亚马逊云科技开发者 Build On 是由亚马逊团队策划、开发者社区联合打造的动手实操系列活动。

更多推荐

在亚马逊云科技上部署无服务器 Apache DolphinScheduler 任务调度系统

点击上方【凌云驭势 重塑未来】一起共赴年度科技盛宴!背景介绍在数仓 ETL、离线及实时计算的场景下,数据任务的依赖调度关系越来越复杂。在 Amazon 平台上提供了托管的 Apache Airflow (MWAA) 与 Step function、Glue Workflow 等具有一定调度编排任务的工具,但在可视化一体管理操作上的支持都有一定的限制缺失。Apache DolphinSchedule

avatar 亚马逊云科技Build On社区
cover

基于 Serverless 构建零售创新应用

avatar 亚马逊云科技Build On社区
cover

揭秘小团队快速创建大平台背后的黑科技

avatar 亚马逊云科技Build On社区