...
AWS Lambda is a serverless compute service that runs your code in response to events and automatically manages the underlying compute resources for you. You can use AWS Lambda to extend other AWS services with custom logic, or create your own back-end services that operate at AWS scale, performance, and security.
AWS Lambda can automatically run code in response to multiple events, such as:
- HTTP requests via Amazon API Gateway
- Modifications to objects in Amazon S3 buckets
- Table updates in Amazon DynamoDB
- State transitions in AWS Step Functions
Lambda runs your code on high-availability compute infrastructure and performs all the administration of the compute resources, including:
- Server and operating system maintenance
- Capacity provisioning and automatic scaling
- Code and security patch deployment
- Code monitoring and logging.
All you need to do is supply the code.
This Universal Extension provides the capability to execute a AWS Lambda function and return the result of that execution.
Version Information
| Template Name | Extension Name | Extension Version |
|---|---|---|
| AWS Lambda | ue-aws-lambda | 1.1.0 |
Refer to Changelog for version history information.
Software Requirements
This integration requires a Universal Agent and a Python runtime to execute the Universal Task.
Software Requirements for Universal Template and Universal Task
Requires Python 3.7.0 or higher. Tested with the Universal Agent bundled Python distribution.
...
Extension's Universal Agent host should be able to reach AWS Lambda REST endpoints.
Key Features
This Universal Extension provides the following key features:
...
To use the Universal Template, you first must perform the following steps:.
This Universal Task requires the Resolvable Credentials feature. Check that the Resolvable Credentials Permitted system property has been set to true.
Download the provided ZIP file.
In the Universal Controller UI, select Administration >Configuration > Universal Templates to display the current list of Universal Templates.
Click Import Template.
Select the template ZIP file and Import.
...
To import the Universal Template into your Controller, follow the instructions here.
When the files have been imported successfully, refresh the Universal Templates list; the Universal Template will appear on the list
...
.
Configure Universal Task
For the new Universal Task type AWS Lambda, create a new task, and enter the task-specific details that were created in the Universal Template.
...
| Field | Input type | Default value | Type | Description |
|---|---|---|---|---|
| Action | Required | Trigger Lambda function | Choice | The action performed upon the task execution. Available action:
|
AWS Region RequiredOptional since version 1.1.0 | Optional | - | Text | Region for the Amazon Web Service. Find more information about the AWS Service endpoints and quotas here. When AWS CredentialsRequiredRegion is not populated as part of the task definition, during task execution the integration will look for credentials on the task execution environment. Refer to configuration options for more information. |
AWS Credentials Optional since version 1.1.0 | Optional | - | Credentials | The AWS account credentials. They are comprised of:
Credentials definition should be as follows.
When AWS Credentials are not populated as part of the task definition, during task execution the integration will look for AWS Credentials on the task execution environment. Refer to configuration options for more information. |
| Role Based Access | Optional | False | Boolean | Special type of authorization is provided by Role Assumption where the client sends his own credentials and the role he wants to assume from another user. If allowed, the client receives temporary credentials with limited time access to some resources. |
| Role ARN | Optional | - | Text | Role Arn: Amazon Role, which is applied for the connection. Role ARN format: Required when Role Based Access="True". |
| Function Name | Required | - | Text | Name of the Lambda function i.e my, which will be triggered. For example, my-function (name-only) or my-function:v1 (with alias) that will be triggered. |
| Invocation Type | Required | Request Response | Choice | Type of execution for the function being triggered. Available choices are:
|
| Payload Source | Optional | None | Choice | Source of payload to be sent.
|
| Payload Script | Optional | - | Script Field | Script field where the payload can be entered. The scripts must evaluate to a proper JSON format. Required when Payload Source = "Script". |
| Client Context Source | Optional | None | Choice | Client context that's provided to Lambda function by the client application.
|
| Client Context Script | Optional | - | Script | Script passing parameters using the ClientContext object. The scripts must evaluate to a proper JSON format. Required when Client Context Source= "Script". |
| Use Proxy | Optional | False | Boolean | Flag to indicate whether Proxy shall be used in the communication with AWS. |
| Proxy Type | Optional | HTTP | Choice | Type of proxy connection to be used. Available options are :the following.
Visible only when Use Proxy = "True". |
| Proxy | Optional | - | Text | Comma separated list of Proxy servers. Valid formats:Â Valid formats are the following. Required when Use Proxy is checked. |
| Proxy CA Bundle File | Optional | - | Text | The path to a custom certificate bundle to use when establishing SSL/TLS connections with proxy. Used when Proxy Type is configured for "HTTPS" or "HTTPS With Credentials". |
| Proxy Credentials | Optional | - | Credentials | Credentials to be used for the proxy communication.They are comprised of: The credential definition should be as follows.
Required when "Proxy Type" is configured for "HTTPS" or "HTTPS With Credentials". |
| Qualifier | Optional | - | Text | Version or alias to invoke a published version of the function. Example for version 1 Qualifier = "1". If empty, default value is the latest version. |
Extension Cancellation
...
. |
...
...
Task Examples
Trigger Lambda Synchronously with Log
Triggering a Lambda function Sychronously Synchronously with Log Type equals "Tail".
Syncronously Synchronicity is set by Invocation Type equals "Request_Response".
Trigger Lambda Asynchronously with Role Based Access and HTTPS Proxy
Triggering Lambda function Asychronously, Asynchronously with:
- Role Based Access
...
- HTTPS Proxy connection
...
...
- Payload Source
...
- Client Context Source
...
Also, Qualifier is set to "3", meaning the 3rd version of the Lambda function will be triggered.
Asyncronously is set by Invocation Type equals "Event". "Proxy" needs to be on the correct format and "Proxy CA Bundle File" on correct format and path.
Trigger Lambda Synchronously with HTTPS with Credentials Proxy
Triggering a Lambda function Sychronously Synchronously with "HTTPS with Credentials" Proxy " connection.
Note that the Log Type is set to "None" and Qualifier is blank, meaning that the latest version of the Lambda function will be called.
Trigger Lambda Synchronously with Log
Triggering a Lambda function Synchronously with "Region" provided as environment variables and without AWS Credentials. Please refer to AWS Credentials input field for more information.
Task Output
Exit Codes
The exit codes for AWS Lambda Extension are described in the following table.
| Exit Code | Status Classification Code | Status Classification Description | Status Description |
|---|---|---|---|
| 0 | SUCCESS | Successful Execution | SUCCESS: Successful Task execution |
| 1 | FAIL | Failed Execution | FAIL: < Error Description > |
| 2 | AUTHENTICATION_ERROR | Bad credentials | AUTHENTICATION_ERROR: Account cannot be authenticated. |
| 3 | AUTHORIZATION_ERROR | Insufficient Permissions | AUTHORIZATION_ERROR: Account is not authorized to perform the requested action. |
| 10 | CONNECTION_ERROR | Bad connection data or connection timed out | CONNECTION_ERROR: < Error Description > |
| 11 | CONNECTION_ERROR | Extension specific connection error | CONNECTION_ERROR: ProxyConnectionError: Failed to connect to proxy URL <url> |
| 20 | DATA_VALIDATION_ERROR | Input fields validation error | DATA_VALIDATION_ERROR: Some of the input fields cannot be validated. See STDOUT for more details. |
Extension Output
In the context of a workflow, subsequent tasks can rely on the information provided by this integration as Extension Output.
Attribute changed is populated as follows.
- true in case the job is triggered successfully
- false otherwise
result section includes the following attributes.
| Attribute | Type | Description |
|---|---|---|
| status_code | integer | The HTTP status code is in the 200 range for a successful request. For the RequestResponse invocation type, this status code is 200. For the Event invocation type, this status code is 202. For the DryRun invocation type, the status code is 204. |
| log_result | string | The last 4 KB of the execution log, which is base64 encoded. |
| payload | string | The response from the function, or an error object. |
| executed_version | string | The version of the function that executed. When you invoke a function with an alias, this indicates which version the alias resolved to. |
| function_error | string | If present, indicates that an error occurred during function execution. Details about the error are included in the response payload. |
An example of the Extension Output for AWS Lambda Universal Task successful execution is described a successful triggering job is presented below.
{
"exit_code": 0,
"status_description": "SUCCESS: AWS Lambda function invoked successfully",
"changed": true,
"invocation": {
"extension": "ue-aws-lambda",
"version": "1....
1.0",
"fields": {
"action": "Trigger Lambda Function",
"credentials_user": "test-user",
"credentials_password": "****",
"region": "us-east-1",
"role_based_access": false,
"role_arn": null,
"function_name": "test-function",
"invocation_type": "RequestResponse",
"payload_source": null,
"payload_script": null,
"client_context_source": null,
"client_context_script": null,
"log_type": null,
"qualifier": null,
"use_proxy": false,
"proxy_type": null,
"proxy": null,
"proxy_credentials_user": null,
"proxy_credentials_password": null,
"proxy_ca_bundle_file": null
}
},
"result": {
"status_code": 200,
"log_result": "Multiline Log text",
"payload": "{\"statusCode\": 999, \"body\": {\"message\": \"Hello World\"}}",
"executed_version": "$LATEST",
"function_error": null,
}
}
}
Task Status
The task instance with Status equals to "Success" and Exit Code equals "0".
STDOUT and STDERR
STDOUT and STDERR provide additional information to User. The populated content can be changed in future versions of this extension without notice. Backward compatibility is not guaranteed.
Document References
This document references the following documents:.
| NameDocument Link | Location | Description |
|---|---|---|
| https://docs.stonebranch.com/confluence/display/UC72x/Universal + Templates | User documentation for creating, working with and understanding Universal Templates in the Universal Controller user interfaceand Integrations. | |
| Universal Tasks | https://docs.stonebranch.com/confluence/display/UC72x/Universal+Tasks | User documentation for creating Universal Tasks in the Universal Controller user interface. |
| AWS Lambdahttps://docs.aws.amazon.com/lambda/?id=docs_gateway | Documentation for AWS Lambda. | |
| IAM RBAC authorization model | https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_attribute-based-access-control.html#introduction_attribute-based-access-control_compare-rbac | User Documentation for Comparing ABAC to the traditional RBAC model.User Documentation for Comparing ABAC to the traditional RBAC model. |
Changelog
ue-aws-lambda-1.1.0 (2022-06-30)
Enhancements
Added: Provide the capability to rely on AWS credentials set-up on the environment where the extension is running and therefore it is not mandatory to be passed on the task definition as input fields. The same applies to AWS Region. (#29115)
ue-aws-lambda-1.0.1 (2022-03-14)
Fixes
FixedChange of template SysId. (#27744)