This article is the continuation of my previous one on how to create and manipulate DynamoDB table with different methods using Python scripts and boto3.
In this article, I am going to show how using a simple Lambda function with an IAM role would trigger an action on the items in the DynamoDB table.
AWS Lambda is a server less, event-driven compute service that lets you run code for virtually any type of application or back-end service without provisioning or managing servers. You can trigger Lambda from over 200 AWS services and only pay for what you use.
An IAM role is an AWS Identity. Every IAM role has its own permission policy that defines what that role can do and what it cannot do. It is like an IAM user without a password or an access key and a secret key. When you assume a role, it provides you with temporary security credentials for your role session. You use roles to allow the service to access resources in other services on your behalf. A role that a service assumes to perform actions on your behalf is called a service role. When a role serves a specialized purpose for a service, it is categorized as a service role for Lambda instances (for example), or a service-linked role.
Configuring the Role with proper policies/permissions is the key issue here just so that it can access proper AWS resources for sending out the message
Objectives:
- Create DynamoDB table with the script - 1_create_table.py
- Add 4 items to the table with 3_add_items.py script
- Create an IAM role and attach AWS Managed DynamoDBFullAccess and AWSLambdaBasicExecutionRole policies
- Create a Lambda function to query an item and delete the same item from DynamoDB table all at the same time - 12_lambda_query_delete.py
- Validate the above action from the AWS Management Console
- Cleanup
- What we have done so far
Pre-requisites:
- Access to Amazon Management Console with an AWS IAM user Account (not root account).
- AWS Command Line Interface (AWS CLI) - It enables you to interact with AWS services using commands in your command-line shell.
- Cloud9 IDE - It comes with Python and boto3 installed.
Resources Used:
I have used extensively the boto3 documentation for this session
Boto3 documentation — Boto3 Docs 1.24.56 documentation
Let's get started!
Link to the code for this article in my GitHub Repository
Please visit my GitHub Repository for DynamoDB articles on various topics being updated on constant basis.
Steps for implementation to this project:
Create DynamoDB table with the script -
Open Cloud9 terminal
Copy the corresponding python code of 1_create_table.py from my github directory, and save the file in Cloud9 folder
github.com/awsmine/boto3_python_projects/Dynamodb_boto3_lambda/1_create_table.py
Change permissions to make it executable
chmod 744 1_create_table.py
Excecute it
./1_create_table.py
Add 4 items to the table with this script -
Copy the corresponding python code of 3_add_items.py from my github directory, and save the file in Cloud9 folder
github.com/awsmine/boto3_python_projects/Dynamodb_boto3_lambda/3_add_items.py
Change permissions to make it executable
chmod 744 3_add_items.py
Excecute it
./3_add_items.py
Table - movies with 4 items
Create an IAM role and attach AWS Managed AmazonDynamoDBFullAccess and AWSLambdaBasicExecutionRole policies
In order to access DynamoDB table, we need to create an IAM role with neccessary permissions
On the AWS Management Console
IAM Dashboard
Under Access management
Click Roles
Click Create role
Under Use case
Choose Lambda
Click Next
Click next again
For Role details
Role name - R-Lambda
Click Create role 2x
Under Roles
Select the role you just created - R-Lambda
For adding Permissions
For Permissions policies
Click drop-down Add permissions
Select Attach policies
Under Other permissions policies
Search for AWS Managed AmazonDynamoDBFullAccess
Click the check box
Attach policies
Under Other permissions policies
Search for AWS Managed AWSLambdaBasicExecutionRole
Click the check box
Attach policies
Create a Lambda function to query an item and delete the same item from DynamoDB table all at the same time -
On the AWS Management Console
Lambda Dashboard
Create function
For Basic information
Function name - F-AccessDynamoDB
Runtime
Choose Python3.9
Drop down Change default execution role
For Execution role
Use an existing role
Select the role you just created - R-Lambda
Create Function
F-AccessDynamoDB
Drop down Function overview
Code
Code source
Delete the basic code which was created at the time of Lambda
function
Copy the corresponding python code from my github directory
github.com/awsmine/boto3_python_projects/Dynamodb_boto3_lambda/12_lambda_query_delete.py
Click Deploy
Click Test
Configure test event
Check Create new event
Event name - MyEvent
Event sharing settings
Check Private
Delete everything from Event JSON except {}
Save
Validate the above action from AWS Management Console
AWS Management Console
Cleanup:
Copy the corresponding python code of 11_delete_table.py from my github directory, and save the file in Cloud9 folder
github.com/awsmine/boto3_python_projects/Dynamodb_boto3_lambda/11_delete_table.py
Change permissions to make it executable
chmod 744 11_delete_table.py
Excecute it
./11_delete_table.py
What we have done so far:
Demonstrated how a simple Lambda function with an IAM role, would trigger an action on the items in the DynamoDB table.
Top comments (0)