...
AWS Lambda is a serverless compute service that runs your code in response to events and automatically manages the underlying compute resources for you.
You can use AWS Lambda to extend other AWS services with custom logic, or create your own back-end services that operate at AWS scale, performance, and security.
AWS Lambda can automatically run code in response to multiple events, such as:
- HTTP requests via Amazon API Gateway
...
- Modifications to objects in Amazon S3 buckets
...
- Table updates in Amazon DynamoDB
...
- State transitions in AWS Step Functions
...
Lambda runs your code on high-availability compute infrastructure and performs all the administration of the compute resources, including server :
- Server and operating system maintenance
...
- Capacity provisioning and automatic scaling
...
- Code and security patch deployment
...
- Code monitoring and logging.
All you need to do is supply the code.
...
Software Requirements for Universal Template and Universal Task
Requires Python 3.7.0 or higher. Tested with the Universal Agent bundled Python distribution.
...
Network and Connectivity Requirements
Extension's Univesal Universal Agent host should be able to reach AWS Lambda REST endpoints.
...
This Universal Task requires the Resolvable Credentials feature, check that the Resolvable Credentials Permitted system property has been set to true. For more information about Resolvable Credentials click here.
Download the provided ZIP file.
In the Universal Controller UI, select Administration >Configuration > Universal Templates to display the current list of Universal Templates.
Click Import Template.
Select the template ZIP file and Import.
...
Field | Input type | Default value | Type | Description |
---|---|---|---|---|
Action | Required | Trigger Lambda function | Choice | The action performed upon the task execution. Available action:
|
AWS Region | Required | - | Text | Region for the Amazon Web Service. Find more information about the AWS Service endpoints and quotas here. |
AWS Credentials | Required | - | Credentials | The AWS account credentials. They are comprised of:
|
Role Based Access | Optional | False | Boolean | Special type of authorization is provided by Role Assumption where the client sends his own credentials and the role he wants to assume from another user. If allowed, the client receives temporary credentials with limited time access to some resources. |
Role ARN | Optional | - | Text | Role Arn: Amazon Role, which is applied for the connection. Role ARN format: Required when Role Based Access="True". |
Function Name | Required | - | Text | The name Name of the Lambda function i.e my-function (name-only) or my-function:v1 (with alias) that will be triggered. |
Invocation Type | Required | Request Response | Choice | Type of execution for the function being triggered. Available choices are:
|
Payload Source | Optional | None | Choice | Source of payload to be sent.
|
Payload Script | Optional | - | Script Field | Script field where the payload can be entered. The scripts must evaluate to a proper JSON format. Required when Payload Source = "Script". |
Client Context Source | Optional | None | Choice | Client context that's provided to Lambda function by the client application.
|
Client Context Script | Optional | - | Script | Script passing parameters using the ClientContext object. The scripts must evaluate to a proper JSON format. Required when Client Context Source= "Script". |
Use Proxy | Optional | False | Boolean | Flag to indicate whether Proxy shall be used in the communication with AWS. |
Proxy Type | Optional | HTTP | Choice | Type of proxy connection to be used. Available options are:
Visible only when Use Proxy = "True". |
Proxy | Optional | - | Text | Comma separated list of Proxy servers. Valid formats: Required when Use Proxy is checked. |
Proxy CA Bundle File | Optional | - | Text | The path to a custom certificate bundle to use when establishing SSL/TLS connections with proxy. Used when Proxy Type is configured for "HTTPS" or "HTTPS With Credentials". |
Proxy Credentials | Optional | - | Credentials | `Credentials Credentials to be used for the proxy communication.They are comprised of:
Required when "Proxy Type" is configured for "HTTPS" or "HTTPS With Credentials". |
Qualifier | Optional | - | Text | Version or alias to invoke a published version of the function. Example for version 1 Qualifier = "1". If empty, default value is the latest version. |
Extension
...
Cancellation
When using a 7.0 or newer later template, we must ensure that the “Always Cancel On Force Finish” is checked. This is to minimize leaving “orphan” processes on the OS without the option for the agent to see they are running.
...
Triggering a Lambda function Sychronously with Log Type equals "Tail".
Syncronously is set by Invocation Type equals "Request_Response".
...
Triggering Lambda function Asychronously, with Role Based Access enabled and "HTTPS Proxy connection".
Further input includes Payload Source and Client Context Source from JSON "script".
Also, Qualifier is set to "3", meaning the 3rd version of the Lambda function will be triggered.
Asyncronously is set by Invocation Type equals "Event". "Proxy" needs to be on the correct format and "Proxy CA Bundle File" on correct format and path.
...
Triggering a Lambda function Sychronously with "HTTPS with Credentials Proxy" connection.
Note that the Log Type is set to "None" and Qualifier is blank, meaning that the latest version of the Lambda function will be called.
...
The exit codes for AWS Lambda Extension are described belowin the following table.
Exit Code | Status Classification Code | Status Classification Description | Status Description |
---|---|---|---|
0 | SUCCESS | Successful Execution | SUCCESS: Successful Task execution |
1 | FAIL | Failed Execution | FAIL: < Error Description > |
2 | AUTHENTICATION_ERROR | Bad credentials | AUTHENTICATION_ERROR: Account cannot be authenticated. |
3 | AUTHORIZATION_ERROR | Insufficient Permissions | AUTHORIZATION_ERROR: Account is not authorized to perform the requested action. |
10 | CONNECTION_ERROR | Bad connection data or connection timed out | CONNECTION_ERROR: < Error Description > |
11 | CONNECTION_ERROR | Extension specific connection error | CONNECTION_ERROR: ProxyConnectionError: Failed to connect to proxy URL <url> |
20 | DATA_VALIDATION_ERROR | Input fields validation error | DATA_VALIDATION_ERROR: Some of the input fields cannot be validated. See STDOUT for more details. |
Extension Output
The Extension Output for AWS Lambda Universal Task successful execution is described below.
...
Name | Location | Description |
---|---|---|
Universal Templates | https://docs.stonebranch.com/confluence/display/U70U71x/Universal+Templates | User documentation for creating Universal Templates in the Universal Controller user interface. |
Universal Tasks | https://docs.stonebranch.com/confluence/display/UC70UC71x/Universal+Tasks | User documentation for creating Universal Tasks in the Universal Controller user interface. |
AWS Lambda | https://docs.aws.amazon.com/lambda/?id=docs_gateway | Documentation for AWS Lambda |
IAM RBAC authorization model | https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_attribute-based-access-control.html#introduction_attribute-based-access-control_compare-rbac | User Documentation for Comparing ABAC to the traditional RBAC model |
...