DEV Community

Cover image for πŸ“œ AWS 148: Serverless IaC - Deploying Python Lambda Functions via CloudFormation
Hritik Raj
Hritik Raj

Posted on

πŸ“œ AWS 148: Serverless IaC - Deploying Python Lambda Functions via CloudFormation

#aws #lambda #cloudformation #100daysofcloud

πŸ—οΈ Automated Serverless: Building the nautilus-lambda-app Stack

Hey Cloud Architects πŸ‘‹

AWS CloudFormation

Welcome to Day 48 of the #100DaysOfCloud Challenge!
Today, we are moving beyond manual console clicks and embracing Infrastructure as Code (IaC) to deploy serverless logic. The Nautilus DevOps team is standardizing their function deployments, and we are creating a CloudFormation template to provision a Python-based Lambda function and its security role in one go.

This task is part of my hands-on practice on the KodeKloud Engineer platform, ensuring perfect configuration for automated environments.

🎯 Objective

  • Author a CloudFormation template (nautilus-lambda.yml) for a serverless application.
  • Provision an IAM Execution Role named lambda_execution_role with trust relationships for Lambda.
  • Create a Lambda function named nautilus-lambda using the Python runtime.
  • Implement inline code that returns a 200 OK status and the message "Welcome to KKE AWS Labs!".
  • Deploy the stack named nautilus-lambda-app and verify success via the AWS Console.

πŸ’‘ Why Inline Code in CloudFormation?

For simple functions, CloudFormation allows you to embed your Python code directly in the YAML file using the ZipFile property. This is highly efficient for utility scripts or simple APIs because you don't need to manage separate .zip files in S3 buckets for the initial deployment.

πŸ”Ή Key Concepts

  • Execution Role: The identity the Lambda function "assumes" to run. It must have a trust policy allowing lambda.amazonaws.com to use it.
  • Inline Handler: In Python, the default handler is usually index.lambda_handler.
  • Stack Management: Using a stack allows you to update or delete the function and its role as a single unit.

πŸ› οΈ Step-by-Step: IaC Workflow

πŸ”Ή Phase A: Authoring the nautilus-lambda.yml Template

The template must define the IAM role first so the Lambda function can reference it immediately.

  • File Path: /root/nautilus-lambda.yml
  • Configuration: Use Type: AWS::IAM::Role for the execution role and Type: AWS::Lambda::Function for the compute resource.
  • Logic: The ZipFile property under Code should contain the lambda_handler function returning the specific "Welcome to KKE AWS Labs!" string.

πŸ”Ή Phase B: Deploying the Stack via Console

With the YAML file ready, we use the AWS Management Console to create the resources.

  • Upload: Upload the nautilus-lambda.yml file in the CloudFormation dashboard.
  • Stack Name: Set it to nautilus-lambda-app.
  • Capabilities: You must check the box "I acknowledge that AWS CloudFormation might create IAM resources" before clicking Create.

πŸ”Ή Phase C: Verification of Resources

Once the status is CREATE_COMPLETE, we verify the components.

  • Lambda Inspection: Navigate to the Lambda console and ensure nautilus-lambda is present and using the Python runtime.
  • Execution: Run a test event to confirm the output.

πŸ”Ή Phase D: Confirming Output

The final test is ensuring the logic matches the requirement perfectly.

  • Status: 200
  • Body: "Welcome to KKE AWS Labs!"

βœ… Verify Success

  • Stack Identity: The stack nautilus-lambda-app shows CREATE_COMPLETE.
  • Code Integrity: The function code exactly matches the requirement message.
  • Security: The function is correctly linked to the lambda_execution_role.

πŸ“ Key Takeaways

  • πŸš€ CAPABILITY_IAM: When your template creates roles, AWS requires explicit permission to do so don't miss that checkbox in the console!
  • πŸ›‘οΈ Inline Limitations: ZipFile is limited to 4096 characters. For larger applications, you should upload your code to S3 first.
  • πŸ“¦ Handler Mapping: index.lambda_handler tells AWS to look for a function called lambda_handler inside a virtual file named index.py.

🚫 Common Mistakes

  • YAML Indentation: A single misplaced space in the ZipFile block will cause the Python code to fail with a SyntaxError.
  • Trust Policy Missing: If the IAM role doesn't have a Trust Relationship with lambda.amazonaws.com, the function will not launch.
  • Case Sensitivity: Ensure the stack name and function name exactly match the requirements, as AWS is case-sensitive.

🌟 Final Thoughts

Building serverless apps through CloudFormation is the bridge between development and production. It ensures your infrastructure is as professional as your code. You've now successfully automated the deployment of a secure, functional AWS Lambda environment!

🌟 Practice Like a Pro

Want to master Infrastructure as Code? Sharpen your skills here:
πŸ‘‰ KodeKloud Engineer - Practice Labs

πŸ”— Let’s Connect

Top comments (0)