Use slackbot to send SQS message which trigger lambda function for executing SQL command on database
This post focuses on creating SQS queue and lambda function (not how to create a slackbot)
1. Create SQS queue using CDK (Cloud Development Toolkit)
Source: https://github.com/vumdao/create-db-user/tree/master/sqs_stack
βββ sqs_stack
βββ app.py
βββ cdk.json
βββ README.md
βββ requirements.txt
βββ setup.py
βββ source.bat
βββ sqs_stack
βββ __init__.py
βββ sqs_stack_stack.py
Notes:
- SQS name: create-db-account
- SQS Default visibility timeout must be equal or higher than the timeout of the lambda function which is subscribed to
- Deploy SQS
cdk deploy
2. Create Lambda function which is triggered by the SQS queue using AWS Chalice
Source: https://github.com/vumdao/create-db-user/tree/master/lambda
βββ lambda
β βββ app.py
β βββ policy
β βββ region.env
β βββ requirements.txt
The lambda function receive SQS message to execute SQL of creating new user on RDS
chalice new-project create-db-user
Set VPC for Lambda Function same with RDS, AWS Chalice bases on current region and the subnet ID to detect VPC, security is a must for using subnet-ID
"subnet_ids": [
"subnet-0f6ea4292ab9a63db",
"subnet-00d29b42b2e17b5b5"
],
"security_group_ids": ["sg-00668399e4bdd462e"]
Disable mange IAM role from AWS Chalice to control the policy of the role
"manage_iam_role": false,
"iam_role_arn": "arn:aws:iam::111111111111:role/create-db-user-dev",
Policy
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:*:logs:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"sqs:ReceiveMessage",
"sqs:DeleteMessage",
"sqs:GetQueueAttributes"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeNetworkInterfaces",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeInstances",
"ec2:AttachNetworkInterface"
],
"Resource": "*"
}
]
}
Lambda does not resolve hostname directly so RDS hostname is resolved by using socket function
host=socket.gethostbyname(DB_HOST)
Deploy the lambda
chalice deploy
Test
Notes:
- Lambda function will delete SQS message if there's no issue.
- The SQS message will leave there until it's Default visibility timeout so should handle any exception to delete the message
Top comments (1)
cool, thanks for sharing.