1

How to Pass Variables in Lambda function Using CloudFormation

Did not find the way to pass variables which we access later by os.environ['key']

---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'objects from Prod bucket to Dev data bucket '
Parameters:
  CustomerName:
    Description: Customer Name
    Type: String
    Default: incoming
  ProjectName:
    Description: Project Name
    Type: String
    Default: TEST
  ENV:
    Description: Environment (dev, prd)
    Type: String
    Default: dev
  srcBucket:
    Description: Source Bucket that receives data from outside
    Default: source1
    Type: String
  dstBucket:
    Description: Destination Bucket that will receive 
    Type: String
    Default: destination1
Resources:
  LambdaRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - lambda.amazonaws.com
            - s3.amazonaws.com
          Action:
          - sts:AssumeRole
      Path:
        Fn::Sub: "/${ProjectName}/"
      Policies:
      - PolicyName:
          Fn::Sub: "${AWS::StackName}"
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
          - Sid: AllowLogging
            Effect: Allow
            Action:
            - logs:CreateLogGroup
            - logs:CreateLogStream
            - logs:PutLogEvents
            Resource: "*"
          - Sid: SrcBucketPrivs
            Action:
            - s3:GetObject
            - s3:List*
            Resource:
            - Fn::Sub: arn:aws:s3:::${srcBucket}/*
            - Fn::Sub: arn:aws:s3:::${srcBucket}
            Effect: Allow
          - Sid: DstBucketPrivs
            Action:
            - s3:PutObject
            - s3:List*
            Resource:
            - Fn::Sub: arn:aws:s3:::${dstBucket}/*
            - Fn::Sub: arn:aws:s3:::${dstBucket}
            Effect: Allow
  LambdaFunction:
    Type: AWS::Lambda::Function
    DependsOn: LambdaRole
    Properties:
      Code:
        ZipFile: |
           from __future__ import print_function
           import os
           import json
           import boto3
           import time
           import string
           import urllib
           print('Loading function')
           s3 = boto3.client('s3')
           def handler(event, context):
              source_bucket = event['Records'][0]['s3']['bucket']['name']
              key = event['Records'][0]['s3']['object']['key']


              target_bucket     =  Ref: dstBucket
              copy_source = {'Bucket':source_bucket, 'Key':key}

              try:
                s3.copy_object(Bucket=target_bucket, Key=key, CopySource=copy_source)

              except Exception as e:
                print(e)
                print('Error getting object {} from bucket {}. Make sure they exist '
                   'and your bucket is in the same region as this '
                   'function.'.format(key, source_bucket))
                raise e

      Description: Copies objects from srcBucket to dstBucket based on S3 Event Trigger
      FunctionName:
        Fn::Sub: "${AWS::StackName}"
      Handler: index.handler
      MemorySize: 128
      Role:
        Fn::GetAtt:
        - LambdaRole
        - Arn
      Runtime: python3.6
      Timeout: 60
  LambdaInvokePermission:
    Type: AWS::Lambda::Permission
    DependsOn: LambdaFunction
    Properties:
      FunctionName:
        Fn::GetAtt:
        - LambdaFunction
        - Arn
      Action: lambda:InvokeFunction
      Principal: s3.amazonaws.com
      SourceAccount:
        Ref: AWS::AccountId
      SourceArn:
        Fn::Sub: arn:aws:s3:::${srcBucket}

How to Pass Variables in Lambda function Using CloudFormation

Did not find the way to pass variables which we access later by os.environ['key']

Know to add in console but want to pass from cloud formation script

Improve this question
1

1 Answer 1

Reset to default
1

The lambda section of your template should look like this:

MySnsTopic:
  Type: 'AWS::SNS::Topic'
  Properties:
    DisplayName: MySnsTopic
    TopicName: MySnsTopic    
LambdaFunction:
  Type: AWS::Lambda::Function
  DependsOn: LambdaRole
  Properties:
    Code:
      ZipFile: |
        from __future__ import print_function
        import os
        import json
        import boto3
        import time
        import string
        import urllib
        print('Loading function')
        s3 = boto3.client('s3')
        sns = boto3.client('sns')
        def handler(event, context):
          source_bucket = event['Records'][0]['s3']['bucket']['name']
          key = event['Records'][0]['s3']['object']['key']

          target_bucket     =  Ref: dstBucket
          copy_source = {'Bucket':source_bucket, 'Key':key}

          try:
            s3.copy_object(Bucket=target_bucket, Key=key, CopySource=copy_source)

          response = sns.publish(
            TopicArn=os.environ['NotificationTopicARN'],    
            Message='Andrew is at the bowlo.  Brought to you by http://IsAndrewAtTheBowlo.com'
          )    

          except Exception as e:
            print(e)
            print('Error getting object {} from bucket {}. Make sure they exist '
               'and your bucket is in the same region as this '
               'function.'.format(key, source_bucket))
            raise e

Description: Copies objects from srcBucket to dstBucket based on S3 Event Trigger
FunctionName:
  Fn::Sub: "${AWS::StackName}"
Handler: index.handler
Environment:
  Variables:
    NotificationTopicARN: !Ref MySnsTopic
MemorySize: 128
Role:
  Fn::GetAtt:
  - LambdaRole
  - Arn
Runtime: python3.6
Timeout: 60

and you'll need to add a policy like this

    - PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Action:
              - 'SNS:Publish'
            Effect: Allow
            Resource:
              - !Ref MySnsTopic
      PolicyName: lambdaSNS
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.