{"id":22180751,"url":"https://github.com/jftuga/aws_cloudformation_lambda_invoke_by_sns","last_synced_at":"2025-03-24T19:15:39.687Z","repository":{"id":117698744,"uuid":"445398241","full_name":"jftuga/aws_cloudformation_lambda_invoke_by_sns","owner":"jftuga","description":"Use AWS CloudFormation to create a Lambda function that can be invoked via SNS message","archived":false,"fork":false,"pushed_at":"2022-01-07T17:34:31.000Z","size":5945,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-29T23:29:59.817Z","etag":null,"topics":["aws-cloudformation","aws-lambda","aws-sns","python3"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jftuga.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-01-07T04:33:49.000Z","updated_at":"2022-01-07T17:34:34.000Z","dependencies_parsed_at":null,"dependency_job_id":"8fafae7e-1fa3-4dd8-badb-fd7b91a0432c","html_url":"https://github.com/jftuga/aws_cloudformation_lambda_invoke_by_sns","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jftuga%2Faws_cloudformation_lambda_invoke_by_sns","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jftuga%2Faws_cloudformation_lambda_invoke_by_sns/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jftuga%2Faws_cloudformation_lambda_invoke_by_sns/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jftuga%2Faws_cloudformation_lambda_invoke_by_sns/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jftuga","download_url":"https://codeload.github.com/jftuga/aws_cloudformation_lambda_invoke_by_sns/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245334899,"owners_count":20598386,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-cloudformation","aws-lambda","aws-sns","python3"],"created_at":"2024-12-02T09:19:32.735Z","updated_at":"2025-03-24T19:15:39.666Z","avatar_url":"https://github.com/jftuga.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AWS Cloudformation Lambda invoke by SNS\n\nUse AWS CloudFormation to create a Lambda function that can be invoked via SNS message\n\n## Synopsis\n\nUsing `Python 3.9` and `AWS CloudFormation`, create a stack which includes:\n\n* Lambda function that uses:\n* * * Environment variables\n* * * Tags\n* VPC Connectivity from an preexisting VPC *(via a Python script)*\n* * Using the default EC2 Security Group\n* * Subnets located within the default VPC\n* An external `Lambda Layer` hosted on S3\n* IAM Policies and Roles to accommodate the Lambda function\n* A SNS Topic that is allowed to invoke the Lambda function\n* * A SNS Subscription that ties together the SNS Topic and the Lambda function\n\n## Configuration\n\n* Configure the variables in the [config.py](config.py) script, such as `region`, `stack_name`, `aws_profile`, `lambda_folder`, `lambda_code`, etc.\n* * Running [lambda-deployment.py](lambda-deployment.py) will substitute the `__SUBNETS__` and `__SECGROUP__` macros in [parameters-template.json](parameters-template.json) with the default EC2 subnet and security group to create `parameters.json`.  This newly created file will be used by the `aws cloudformation create-stack` command as the `--parameters` option.\n* Edit the `__LAYERBUCKET__` place holder in [parameters-template.json](parameters-template.json). This will be the S3 bucket location of your `lambda layer`.\n\n## VPC Connectivity\n\nIn order to use a preexisting VPC, [vpc_info.py](vpc_info.py) is used to determine the default security groups and subnets.  The `AWS region` is configured in [config.py](config.py).\n\n## Execution\n\n[lambda-deployment.py](lambda-deployment.py) is the main entry point and allows you to create, destroy, and validate a stack. \n\nIt can also upload zipped versions of the lambda function and lambda layer to S3.\n\n```\nusage: lambda-deployment.py [-h] {c,d,v,u}\n\nExecute stack ops, lambda upload\n\npositional arguments:\n  {c,d,v,u}   [c]reate the stack; \n              [d]estroy the stack;\n              [v]alidate stack files;\n              [u]pload lambda zip file to S3 bucket\n```\n\n## Operation\n\n**Upload Lambda Layer**\n\nThis repo uses a lambda layer which includes the [Paramiko SSH library](https://www.paramiko.org/). \n\nHere are instructions on [creating aws lambda layers for Python and third party libraries](README_LAMBDA_LAYER.md).\n\nYou will need to first upload the lambda function located in the [lambda_function](lambda_function/) folder using the command below.\nIt will first create a `zip` file that is then uploaded to S3.\n\n```shell\n# upload lambda zip file to S3\npython lambda-deployment.py u\n```\n\n**Validation**\n\nThese third-party programs are used to verify your files before attempting to create a stack.\nThey must be preinstalled, but can be disabled by modifying the `validate()` function in [lambda-deployment.py](lambda-deployment.py).\n* [jsonlint](https://github.com/gosidekick/jsonlint)\n* [yamllint](https://github.com/adrienverge/yamllint)\n* [cfn-lint](https://github.com/aws-cloudformation/cfn-lint)\n* `aws cloudformation validate-template` is also used\n\n```shell\n# validate the policy.yml and parameters-template.json files\npython lambda-deployment.py v\n```\n\n**Create Stack**\n\nThis command will generate a `parameters.json` file from [parameters-template.json](parameters-template.json) to use during stack creation. \nIt will also use [policy.yml](policy.yml). This can take several minutes to complete.\n\n```shell\n# run: aws cloudformation create-stack\npython lambda-deployment.py c\n```\n\n**Destroy Stack**\n\nThis command will destroy the stack once you are finished with your project. This can take several minutes to complete.\n\n```\n# run: aws cloudformation delete-stack\npython lambda-deployment.py d\n```\n\nYou can periodically repeat this command to see when the stack has been completely deleted:\n\n```shell\nSTACKNAME=\"LambdaInvokedBySNS\"\nREGION=\"us-west-2\"\naws cloudformation describe-stack-events --region $REGION --stack-name $STACKNAME | \\\njq '.StackEvents | .[] | select(.ResourceStatus|test(\"DELETE_IN_PROGRESS\")) | [.LogicalResourceId,.ResourceStatus]'\n```\n\n## Checking the lambda function creation status\n\nYou can run this command while the stack is being created. It will either return `Pending` or `Active`.\nThis is usually the most time consuming task during stack creation.\nYou can periodically repeat this command to see when the function becomes `Active`:\n\n```shell\nFUNCNAME=\"lambda_function\"\nREGION=\"us-west-2\"\naws lambda get-function-configuration --region $REGION --function-name $FUNCNAME | jq -r \".State\"\n```\n\n## Testing\n\n[sns_publish](https://github.com/jftuga/sns_publish) can be used to send a message to the SNS topic.\nThe topic ARN is included in the Cloudformation `Outputs`.\n\nExample:\n```shell\nsns_publish.exe -s MySubject -m MyMessage -t arn:aws:sns:us-west-2:123456789012:SNSLambdaInvokedBySNS\n```\n\n## Future Work\n\n* Possibly add CloudFormation `conditions` for a few of the created resources\n* * For example, conditionally create and use `Lambda Layers`\n* git pre-commit hooks\n* Create a customized `EC2 Security Group` resource instead of relying on the default security group\n* Further lock down resources\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjftuga%2Faws_cloudformation_lambda_invoke_by_sns","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjftuga%2Faws_cloudformation_lambda_invoke_by_sns","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjftuga%2Faws_cloudformation_lambda_invoke_by_sns/lists"}