The latest articles on Forem by Donovan HOANG (@dhoang1905). https://forem.com/dhoang1905 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1216611%2Ff131dad6-1cb7-4543-8f07-8e5ed496bf45.jpg https://forem.com/dhoang1905 en Donovan HOANG Mon, 23 Dec 2024 14:30:00 +0000 https://forem.com/dhoang1905/sns-vs-sqs-vs-eventbridge-choosing-the-right-aws-messaging-service-k6j https://forem.com/dhoang1905/sns-vs-sqs-vs-eventbridge-choosing-the-right-aws-messaging-service-k6j <h3> TL; DR. </h3> <p>Messaging and events management in AWS allow for building scalable and decoupled applications. AWS offers three key messaging services:</p> <ol> <li> <strong>Amazon SNS</strong>: Best for real-time notifications and broadcasting messages to multiple subscribers with high throughput.</li> <li> <strong>Amazon SQS</strong>: Ideal for decoupling components and enabling reliable message queuing for asynchronous processing.</li> <li> <strong>Amazon EventBridge</strong>: Perfect for creating complex event-driven architectures by connecting events from multiple sources, including SaaS applications.</li> </ol> <p>Choosing the right service depends on your specific application needs—whether for notifications, queuing, or event orchestration.</p> <p>The usage of messaging and events management allows our application to decouple and scale in a very efficient way. Messaging solutions play a major role in enabling these capabilities by providing communication between different components of an infrastructure. AWS offers several powerful messaging services, each designed to address specific needs and use cases: Amazon Simple Notification Service (SNS), Amazon Simple Queue Service (SQS), and Amazon EventBridge.</p> <p>To take full benefits of the messages-based services of AWS, you need to choose the one that fits the best your context. Whether you need real-time notifications, reliable message queuing, or complex event-driven workflows, understanding the features and use cases of these services is essential.</p> <p>This article aims to help you leverage AWS messaging services to build efficient applications in the cloud. We will explore all the features and typical use cases to compare the pros and cons of each service.</p> <h3> Understanding the AWS Messaging Services </h3> <ul> <li><p><strong>Amazon Simple Notification Service (SNS)</strong>: SNS is a fully managed publish/subscribe (pub/sub) messaging service that simplifies the decoupling and scaling of microservices, distributed systems, and serverless applications. It supports high-throughput message broadcasting to multiple subscribers via diverse delivery mechanisms, including HTTP/HTTPS endpoints, email, SMS, and AWS Lambda. SNS also offers seamless integration with other AWS services, enabling efficient notification and alerting workflows.</p></li> <li><p><strong>Amazon Simple Queue Service (SQS)</strong>: SQS is a fully managed message queuing service designed to decouple application components, enhancing reliability and scalability. It supports two queue types: standard queues, which ensure at-least-once delivery and allow best-effort message ordering, and FIFO queues, which guarantee exactly-once processing and strict message order. SQS facilitates durable message retention, configurable visibility timeouts, and batch processing capabilities, making it ideal for asynchronous task handling. SQS also supports <strong>Dead-Letter Queues (DLQ)</strong>, which allow for handling messages that can’t be processed successfully, enhancing fault tolerance in production systems.</p></li> <li><p><strong>Amazon EventBridge</strong>: EventBridge is a serverless event bus service tailored for event-driven architectures. It enables seamless connection and routing of events from AWS services, custom applications, and third-party SaaS providers to designated targets. EventBridge features advanced filtering, transformation options, and a schema registry to simplify event discovery and management. Its built-in scalability and support for complex workflows make it an excellent choice for modern, event-driven applications.</p></li> </ul> <h3> Key Features </h3> <h4> Amazon SNS </h4> <ul> <li> <strong>Publish/Subscribe Model</strong>: SNS uses a pub/sub messaging model to send messages to multiple subscribers.</li> <li> <strong>Message Delivery</strong>: Delivery mechanisms include HTTP/HTTPS, email, SMS, and Lambda functions.</li> <li> <strong>Fan-out Architecture</strong>: Enables the ability to fan out messages to multiple endpoints simultaneously.</li> </ul> <h4> Amazon SQS </h4> <ul> <li> <strong>Queue-Based Messaging</strong>: SQS uses a queue-based system to store messages until they are processed.</li> <li> <strong>Types of Queues</strong>: Includes standard queues (at-least-once delivery, best-effort ordering) and FIFO queues (exactly-once processing, ordered delivery).</li> <li> <strong>Message Retention and Visibility Timeout</strong>: Concepts include the message retention period and visibility timeout.</li> <li> <strong>Dead-Letter Queues</strong>: Allows for handling messages that cannot be processed successfully, enhancing reliability in production environments.</li> </ul> <h4> Amazon EventBridge </h4> <ul> <li> <strong>Event Bus Model</strong>: EventBridge uses an event bus to route events from different sources to target AWS services.</li> <li> <strong>Schema Registry and discovery</strong>: Features a schema registry that allows you to discover, create, and manage event schemas.</li> <li> <strong>Integrated SaaS Applications</strong>: Supports integration of events from SaaS applications directly into EventBridge.</li> </ul> <h3> Use Cases </h3> <h4> Amazon SNS </h4> <ul> <li> <strong>Real-Time Notifications</strong>: Examples include sending real-time notifications to users via SMS, email, or mobile push notifications.</li> <li> <strong>Fan-Out</strong>: Scenarios where the same message needs to be sent to multiple endpoints, such as updating multiple microservices.</li> </ul> <h4> Amazon SQS </h4> <ul> <li> <strong>Decoupling Microservices</strong>: Examples include decoupling application components to improve fault tolerance and scalability.</li> <li> <strong>Batch Processing</strong>: Scenarios such as processing orders or logs where messages need to be processed in batches.</li> </ul> <h4> Amazon EventBridge </h4> <ul> <li> <strong>Event-Driven Architectures</strong>: Examples include building event-driven applications that react to changes in data or state.</li> <li> <strong>SaaS Integration</strong>: Scenarios involving integrating and routing events from third-party SaaS applications to AWS services.</li> </ul> <h3> Integration Examples </h3> <ul> <li> <strong>E-commerce Application</strong>: Use SQS to queue orders for asynchronous processing, ensuring scalability and fault tolerance, while SNS can be used to send shipping notifications to customers via email or SMS.</li> <li> <strong>Fan-Out Pattern</strong>: A common pattern is to use an SNS topic to fan out messages to multiple SQS queues. This allows parallel processing of the same event by different consumers, enabling flexible and scalable system architectures.</li> </ul> <h3> Cost Considerations </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th><strong>Service</strong></th> <th><strong>Pricing Model</strong></th> </tr> </thead> <tbody> <tr> <td><strong>Amazon SNS</strong></td> <td>Charged based on the number of published messages and the <a href="https://aws.amazon.com/sns/pricing/" rel="noopener noreferrer">protocol</a> used for delivery (e.g., HTTP/S, SMS, email).</td> </tr> <tr> <td><strong>Amazon SQS</strong></td> <td>Charged based on the number of requests and message size. Standard queue: $0.40 per 1 million requests; FIFO queue: $0.50 per 1 million requests. Additional charges apply for long polling.</td> </tr> <tr> <td><strong>Amazon EventBridge</strong></td> <td>Charged based on the number of events published and the number of rules applied. $1.00 per 1 million events published. Other features incur <a href="https://aws.amazon.com/eventbridge/pricing/" rel="noopener noreferrer">other charges</a>.</td> </tr> </tbody> </table></div> <p>Understanding these cost models allows for better optimization of AWS expenses by aligning the service choice with architectural needs and budget constraints.</p> <p>Understanding these cost models can help optimize overall AWS costs by selecting the right service and architecture for your needs.</p> <h3> Comparison </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>Amazon SNS</th> <th>Amazon SQS</th> <th>Amazon EventBridge</th> </tr> </thead> <tbody> <tr> <td><strong>Delivery Model</strong></td> <td>Pub/Sub</td> <td>Queue-based</td> <td>Event bus</td> </tr> <tr> <td><strong>Use Case</strong></td> <td>Real-time notifications, fan-out</td> <td>Decoupling systems, batching</td> <td>Event-driven architectures</td> </tr> <tr> <td><strong>Scalability</strong></td> <td>High throughput</td> <td>High throughput</td> <td>High scalability</td> </tr> <tr> <td><strong>Message Ordering</strong></td> <td>Not guaranteed</td> <td>FIFO queues provide ordering</td> <td>Not guaranteed</td> </tr> <tr> <td><strong>Integration</strong></td> <td>Multi-protocol endpoints</td> <td>Queue-based processing</td> <td>SaaS and AWS service integration</td> </tr> <tr> <td><strong>Complexity Handling</strong></td> <td>Low</td> <td>Medium</td> <td>High</td> </tr> </tbody> </table></div> <h3> Decision help </h3> <ul> <li> <strong>When to Use SNS</strong>: Best for scenarios requiring real-time notifications and message broadcasting to multiple endpoints.</li> <li> <strong>When to Use SQS</strong>: Ideal for decoupling components, ensuring reliable message processing, and handling message queues in fault-tolerant systems.</li> <li> <strong>When to Use EventBridge</strong>: Optimal for building event-driven architectures that integrate multiple event sources, including SaaS applications, and require complex workflows.</li> </ul> <p>Thanks for reading! Hope this helped you to understand how to take advantage of AWS messaging services.</p> aws eventdriven Donovan HOANG Sun, 22 Dec 2024 21:21:32 +0000 https://forem.com/dhoang1905/introducing-fck-nat-cost-optimized-alternative-to-aws-nat-gateways-24a https://forem.com/dhoang1905/introducing-fck-nat-cost-optimized-alternative-to-aws-nat-gateways-24a <h2> TL;DR; </h2> <p>fck-nat is an open-source, cost-effective alternative to AWS Managed NAT Gateway. It dramatically reduces costs, eliminates data transfer charges, and supports high-bandwidth traffic. Built on Amazon Linux 2023, fck-nat offers features like high availability, custom monitoring with CloudWatch, and flexible deployment options using Terraform, CDK, or CloudFormation. Ideal for cost-sensitive setups and development environments, fck-nat has some limitations in production.</p> <p><strong>Managing Network Address Translation (NAT)</strong> in AWS can be expensive and tricky, but that's where <strong>fck-nat</strong> comes in. It's a simple, affordable, and customizable alternative to AWS Managed NAT Gateway that saves you money while keeping things running smoothly.</p> <h2> What is fck-nat? </h2> <p><strong>fck-nat</strong> is an <strong>open-source project</strong> providing a modern, <strong>cost-effective alternative</strong> to AWS Managed NAT Gateway. Built on <strong>Amazon Linux 2023</strong> and available as a <strong>pre-configured Amazon Machine Image (AMI)</strong>, fck-nat supports high-bandwidth traffic at significantly lower costs than AWS's proprietary solutions. It also offers flexibility in deployment, including support for <strong>high-availability (HA)</strong> configurations, static IPs, and custom monitoring with CloudWatch.</p> <div class="ltag-github-readme-tag"> <div class="readme-overview"> <h2> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fassets.dev.to%2Fassets%2Fgithub-logo-5a155e1f9a670af7944dd5e12375bc76ed542ea80224905ecaf878b9157cdefc.svg" alt="GitHub logo"> <a href="https://github.com/AndrewGuenther" rel="noopener noreferrer"> AndrewGuenther </a> / <a href="https://github.com/AndrewGuenther/fck-nat" rel="noopener noreferrer"> fck-nat </a> </h2> <h3> Feasible cost konfigurable NAT: An AWS NAT Instance AMI </h3> </div> <div class="ltag-github-body"> <div id="readme" class="md"> <div class="markdown-heading"> <h1 class="heading-element">fck-nat</h1> </div> <p>Welcome to fck-nat. The (f)easible (c)ost (k)onfigurable NAT!</p> <ul> <li>Overpaying for AWS Managed NAT Gateways? fck-nat.</li> <li>Want to use NAT instances and stay up-to-date with the latest security patches? fck-nat.</li> <li>Want to reuse your Bastion hosts as a NAT? fck-nat.</li> </ul> <p>Full documentation is available at <a href="https://fck-nat.dev" rel="nofollow noopener noreferrer">https://fck-nat.dev</a></p> <p>fck-nat offers a ready-to-use ARM and x86 based AMIs built on Amazon Linux 2023 which can support up to 5Gbps burst NAT traffic on a t4g.nano instance. How does that compare to a Managed NAT Gateway?</p> <p>Hourly rates:</p> <ul> <li>Managed NAT Gateway hourly: $0.045</li> <li>t4g.nano hourly: $0.0042</li> </ul> <p>Per GB rates:</p> <ul> <li>Managed NAT Gateway per GB: $0.045</li> <li>fck-nat per GB: $0.00</li> </ul> <p>Sitting idle, fck-nat costs 10% of a Managed NAT Gateway. In practice, the savings are even greater.</p> <p><em>"But what about AWS' NAT Instance AMI?"</em></p> <p>The official AWS supported NAT Instance AMI hasn't been updates since 2018, is still running Amazon Linux 1 which is now…</p> </div> </div> <div class="gh-btn-container"><a class="gh-btn" href="https://github.com/AndrewGuenther/fck-nat" rel="noopener noreferrer">View on GitHub</a></div> </div> <h2> Key Features </h2> <h3> Cost Efficiency </h3> <ul> <li> <strong>Low Costs</strong>: Operating on a t4g.nano instance, fck-nat costs approximately $3.06/month compared to AWS Managed NAT Gateway's $32/month.</li> <li> <strong>No Data Transfer Costs</strong>: Unlike Managed NAT Gateway, fck-nat does not charge for per-GB data transfer.</li> </ul> <h3> High Performance </h3> <ul> <li> <strong>Performance Tuning Tips</strong>: To maximize fck-nat's performance, ensure you choose <strong><a href="https://fck-nat.dev/stable/choosing_an_instance_size/" rel="noopener noreferrer">the right EC2 instance</a></strong> type based on your traffic needs.</li> <li> <strong>Scalable Bandwidth</strong>: Supports up to 5 Gbps egress on smaller instances and higher capacities on larger instances with over 32 vCPUs.</li> <li> <strong>Optimized Configurations</strong>: Uses advanced routing and security configurations to maximize throughput.</li> </ul> <h3> Flexibility and Control </h3> <ul> <li> <strong>Custom Deployments</strong>: Supports deployment via CDK, Terraform, and CloudFormation.</li> <li> <strong>High-Availability Mode</strong>: Automatically replaces instances in case of failure while maintaining consistent IP addresses.</li> </ul> <h3> Monitoring and Security </h3> <ul> <li> <strong>CloudWatch Integration</strong>: Provides detailed metrics for monitoring NAT traffic.</li> <li> <strong>Enhanced Security</strong>: Leverages security groups and supports custom firewall rules using iptables.</li> </ul> <h3> Sustainability </h3> <ul> <li> <strong>ARM-based Instances</strong>: Optimized for ARM architecture to reduce costs and energy consumption.</li> </ul> <h2> Benefits of Using fck-nat </h2> <p><strong>Cost Savings</strong>: fck-nat offers a highly affordable solution for managing NAT. Unlike AWS Managed NAT Gateway, which incurs steep costs for both usage and data transfer, fck-nat eliminates per-GB transfer charges and operates on low-cost instances, saving you hundreds of dollars monthly.</p> <p><strong>Customizability</strong>: You can adapt fck-nat to fit your requirements. Whether you need custom routing rules, specific security configurations, or tailored deployment strategies, fck-nat offers the flexibility to align with your infrastructure.</p> <p><strong>Simplicity</strong>: Deploying fck-nat is straightforward, even for users with minimal experience. Comprehensive guides and examples make the setup process quick and easy, ensuring you can get up and running without unnecessary complexity.</p> <p><strong>Reliability</strong>: High availability is built into fck-nat's design. With support for automatic failover and redundant instances, it guarantees consistent performance and minimal downtime, keeping your network running smoothly.</p> <h2> Use Cases </h2> <h3> Enterprise Cost Optimization </h3> <p><strong>Replace AWS Managed NAT Gateways</strong> in your Virtual Private Clouds (VPCs) to significantly <strong>cut costs</strong>. fck-nat maintains excellent performance, making it a perfect option for businesses aiming to optimize cloud expenses.</p> <h3> Hybrid Architectures </h3> <p><strong>Seamlessly integrate fck-nat</strong> with private subnets in hybrid cloud setups. This ensures efficient management of egress traffic without the steep costs associated with other NAT solutions.</p> <h3> Development Environments </h3> <p><strong>Simplify and reduce costs</strong> for NAT in development or test environments. fck-nat’s affordability and straightforward deployment make it ideal for <strong>temporary or experimental setups</strong>.</p> <h2> Step-by-Step Guide: Setting Up fck-nat </h2> <h3> Prerequisites </h3> <ul> <li>Access to an AWS account.</li> <li>Basic understanding of AWS VPCs, routing, and EC2 instances.</li> </ul> <h3> Deployment Methods </h3> <h4> Using Terraform </h4> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">module</span> <span class="s2">"fck-nat"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"RaJiska/fck-nat/aws"</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"my-fck-nat"</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="s2">"vpc-abc1234"</span> <span class="nx">subnet_id</span> <span class="p">=</span> <span class="s2">"subnet-abc1234"</span> <span class="nx">update_route_tables</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">route_tables_ids</span> <span class="p">=</span> <span class="p">{</span> <span class="s2">"private-route-1"</span> <span class="p">=</span> <span class="s2">"rtb-abc1234Foo"</span> <span class="s2">"private-route-2"</span> <span class="p">=</span> <span class="s2">"rtb-abc1234Bar"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h4> Using CDK (TypeScript) </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">natGatewayProvider</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">FckNatInstanceProvider</span><span class="p">({</span> <span class="na">instanceType</span><span class="p">:</span> <span class="nb">InstanceType</span><span class="p">.</span><span class="k">of</span><span class="p">(</span><span class="nx">InstanceClass</span><span class="p">.</span><span class="nx">T4G</span><span class="p">,</span> <span class="nx">InstanceSize</span><span class="p">.</span><span class="nx">NANO</span><span class="p">),</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">vpc</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Vpc</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">vpc</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="nx">natGatewayProvider</span><span class="p">,</span> <span class="p">});</span> <span class="nx">natGatewayProvider</span><span class="p">.</span><span class="nx">securityGroup</span><span class="p">.</span><span class="nf">addIngressRule</span><span class="p">(</span><span class="nx">Peer</span><span class="p">.</span><span class="nf">ipv4</span><span class="p">(</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">vpcCidrBlock</span><span class="p">),</span> <span class="nx">Port</span><span class="p">.</span><span class="nf">allTraffic</span><span class="p">());</span> </code></pre> </div> <h4> Manual Deployment </h4> <ul> <li>Launch the fck-nat AMI from the EC2 Console.</li> <li>Disable source/destination checks on the instance.</li> <li>Update private subnet route tables to point to the fck-nat instance.</li> </ul> <h3> Configuration Options </h3> <ul> <li> <code>/etc/fck-nat.conf</code> file controls behavior: <ul> <li> <code>eni_id</code>: Elastic Network Interface ID for HA mode.</li> <li> <code>eip_id</code>: Elastic IP for consistent external IP.</li> <li> <code>cwagent_enabled</code>: Enable CloudWatch agent for detailed metrics.</li> </ul> </li> </ul> <h3> Validating Deployment </h3> <ol> <li>SSH into a private instance routed through fck-nat.</li> <li>Verify public IP matches the fck-nat Elastic IP.</li> </ol> <h2> Considerations for Production Environments </h2> <h3> Scaling Limitations </h3> <p>fck-nat does not include native support for automatic scaling. This can be a challenge for applications with fluctuating or large-scale traffic requirements, as manual intervention might be needed to adjust resources.</p> <h3> Compliance and Security </h3> <p>Meeting strict compliance and security standards may require additional configurations. While fck-nat supports security groups and custom firewall rules, organizations may need to perform audits and implement tailored adjustments to ensure compliance.</p> <h3> High Availability </h3> <p>Deploying fck-nat in a high-availability setup requires careful planning and continuous monitoring. Failover events, while supported, depend on manual configurations or external tools to ensure seamless operations.</p> <p>Before deploying fck-nat in critical systems, it is essential to evaluate these factors thoroughly and consider supplementary tools or processes to address potential gaps.</p> <h2> Conclusion </h2> <p><strong>fck-nat bridges the gap</strong> between cost-efficiency and performance in AWS network configurations. However, it is important to note that this solution has some <strong>limitations for production environments</strong>. For instance, it does not natively support automatic scaling for high-traffic scenarios, and additional configuration may be required to meet compliance and security standards. With flexible deployment options, advanced features, and significant cost savings, fck-nat is best suited for cost-sensitive setups or development environments. To learn more and get started, visit the <a href="https://github.com/AndrewGuenther/fck-nat" rel="noopener noreferrer">fck-nat GitHub page</a>.</p> aws networking opensource cloud Donovan HOANG Mon, 08 Jul 2024 05:00:00 +0000 https://forem.com/dhoang1905/getting-started-with-amazon-sagemaker-building-your-first-machine-learning-model-2m7n https://forem.com/dhoang1905/getting-started-with-amazon-sagemaker-building-your-first-machine-learning-model-2m7n <p>This article provides a guide on using Amazon SageMaker to build, train, and deploy a machine learning model for predicting house prices using the Ames Housing dataset. It covers the key features of SageMaker, data preprocessing steps, model training, and deployment, and demonstrates how to test the deployed model. The guide also includes important steps to clean up resources to avoid unnecessary costs.</p> <h1> Overview of Amazon Sagemaker </h1> <p> </p> <p>Amazon SageMaker is a fully managed service provided by AWS (Amazon Web Services) that enables developers and data scientists to build, train, and deploy machine learning models at scale. It simplifies the machine learning workflow by offering a suite of tools and services designed to handle various stages of the machine learning lifecycle, from data preparation to model deployment and monitoring.</p> <p> </p> <h2> Key Features </h2> <p> </p> <h3> Integrated Development Environment: </h3> <p> </p> <ul> <li><p><strong>SageMaker Studio:</strong> An integrated development environment (IDE) for machine learning that provides a web-based interface to build, train, and deploy models. It offers a collaborative environment with support for notebooks, debugging, and monitoring.<br> Data Preparation:</p></li> <li><p><strong>Data Wrangler:</strong> Simplifies data preparation and feature engineering with a visual interface that integrates with various data sources.</p></li> <li><p><strong>Feature Store:</strong> A repository to store, share, and manage features for machine learning models, ensuring consistency and reusability across projects.</p></li> </ul> <p> </p> <h3> Model Building: </h3> <p> </p> <ul> <li><p><strong>Built-in Algorithms:</strong> Provides a collection of pre-built machine learning algorithms optimized for performance and scalability.</p></li> <li><p><strong>Custom Algorithms:</strong> Supports bringing your own algorithms and frameworks, including TensorFlow, PyTorch, and Scikit-learn.</p></li> </ul> <p> </p> <h3> Model Training: </h3> <p> </p> <ul> <li><p><strong>Managed Training:</strong> Automatically provisions and manages the underlying infrastructure for training machine learning models.</p></li> <li><p><strong>Distributed Training:</strong> Supports distributed training for large datasets and complex models, reducing training time.</p></li> <li><p><strong>Automatic Model Tuning:</strong> Also known as hyperparameter optimization, it helps find the best version of a model by automatically adjusting hyperparameters.</p></li> </ul> <p> </p> <h3> Model Deployment: </h3> <p> </p> <ul> <li><p><strong>Real-time Inference:</strong> Deploy models as scalable, secure, and high-performance endpoints for real-time predictions.</p></li> <li><p><strong>Batch Transform:</strong> Allows for batch processing of large datasets for inference.</p></li> <li><p><strong>Multi-Model Endpoints:</strong> Supports deploying multiple models on a single endpoint, optimizing resource utilization.</p></li> </ul> <p> </p> <h3> Model Monitoring and Management: </h3> <p> </p> <ul> <li><p><strong>Model Monitor:</strong> Automatically monitors deployed models for data drift and performance degradation, triggering alerts and actions when necessary.</p></li> <li><p><strong>Pipelines:</strong> Enables the creation and management of end-to-end machine learning workflows, from data preparation to deployment and monitoring.</p></li> </ul> <p> </p> <h1> Step-by-Step guide </h1> <p> </p> <p><strong>AWS Free Tier :</strong></p> <p>First let's talk about AWS Free Tier for SageMaker. What is interesting in our case is the "Studio notebooks, and notebook instances" and "Training" section. Based on what it offers, we are going to use <code>ml.t2.medium</code> as Notebook instance type and <code>ml.m5.large</code> as Training instance (check the availability of theses types in the region you will provision the resources, I am currently using eu-west-3 region). </p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcjvh94jinabmpyocs2w3.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcjvh94jinabmpyocs2w3.png" alt="AWS Free Tier for SageMaker" width="800" height="452"></a></p> <h2> Storing datasets </h2> <p> </p> <p>First, create a basic S3 bucket that will be used to store our raw dataset and then the training and test formatted datasets.</p> <p>For this example, I will use the "Ames Housing Dataset" dataset which is a well-known dataset used in machine learning for predictive modeling. It contains information about various houses in Ames, Iowa, and includes features such as the size of the house, the year it was built, the type of roof, and the sale price. The goal is to predict the sale price of houses based on these features.</p> <h2> IAM Role </h2> <p> </p> <p>First, create an IAM role with the <code>AmazonSageMakerFullAccess</code> policy as well as the permission to get and create files on the dataset S3 bucket.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4q32rjjxwf6csoerkxhp.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4q32rjjxwf6csoerkxhp.png" alt="IAM role policies" width="800" height="386"></a></p> <h2> Notebook instance </h2> <p> </p> <p>Create a SageMaker Notebook instance with the following parameters : </p> <ul> <li>type : <code>ml.t2.medium</code> </li> <li>attach the previously created IAM role</li> </ul> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frtbz1fpfofh6lexafpe5.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frtbz1fpfofh6lexafpe5.png" alt="SageMaker Notebook instance configuration" width="800" height="475"></a></p> <h2> Load and explore dataset </h2> <p> </p> <p>Once your instance appears as "InService" you can click on "Open Jupyter". (It can take minutes for your instance to become ready to use)</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7rx6fos7vy9uv1rboo35.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7rx6fos7vy9uv1rboo35.png" alt="Notebook instance InService state" width="800" height="77"></a></p> <p>This will open a new page with the Jupyter Notebook interface. Now create a new notebook of type <code>conda_python3</code>.</p> <p><strong>Dependencies and dataset loading</strong></p> <p>Add this code in the first block and run it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">boto3</span> <span class="kn">import</span> <span class="n">pandas</span> <span class="k">as</span> <span class="n">pd</span> <span class="kn">import</span> <span class="n">numpy</span> <span class="k">as</span> <span class="n">np</span> <span class="kn">import</span> <span class="n">sagemaker</span> <span class="kn">from</span> <span class="n">sagemaker</span> <span class="kn">import</span> <span class="n">get_execution_role</span> <span class="kn">from</span> <span class="n">sagemaker.serializers</span> <span class="kn">import</span> <span class="n">CSVSerializer</span> <span class="kn">from</span> <span class="n">sagemaker.deserializers</span> <span class="kn">import</span> <span class="n">JSONDeserializer</span> <span class="kn">from</span> <span class="n">sklearn.model_selection</span> <span class="kn">import</span> <span class="n">train_test_split</span> <span class="c1"># Load Data from S3 </span><span class="n">s3</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">s3</span><span class="sh">'</span><span class="p">)</span> <span class="n">bucket_name</span> <span class="o">=</span> <span class="sh">'</span><span class="s">dhoang-sagemaker-datasets</span><span class="sh">'</span> <span class="n">file_key</span> <span class="o">=</span> <span class="sh">'</span><span class="s">AmesHousing.csv</span><span class="sh">'</span> <span class="n">obj</span> <span class="o">=</span> <span class="n">s3</span><span class="p">.</span><span class="nf">get_object</span><span class="p">(</span><span class="n">Bucket</span><span class="o">=</span><span class="n">bucket_name</span><span class="p">,</span> <span class="n">Key</span><span class="o">=</span><span class="n">file_key</span><span class="p">)</span> <span class="n">df</span> <span class="o">=</span> <span class="n">pd</span><span class="p">.</span><span class="nf">read_csv</span><span class="p">(</span><span class="n">obj</span><span class="p">[</span><span class="sh">'</span><span class="s">Body</span><span class="sh">'</span><span class="p">])</span> <span class="n">df</span> </code></pre> </div> <p>It will import all the libraries that we need to access the S3 bucket, pre-process the dataset, train our model and deploy it. You should have a result like this : </p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd2gdy55pd2ogf4pycf44.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd2gdy55pd2ogf4pycf44.png" alt="Imported dataset" width="800" height="302"></a></p> <p><strong>Pre-processing the dataset</strong> </p> <p>Because we want to avoid empty or non-numerical values, we need to pre-process the dataset. In addition, we need to split the formatted dataset into a train and a test part to validate the model.</p> <p>Add this code and run it :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Preprocess Data </span><span class="nf">print</span><span class="p">(</span><span class="n">df</span><span class="p">.</span><span class="nf">isnull</span><span class="p">().</span><span class="nf">sum</span><span class="p">())</span> <span class="n">numeric_cols</span> <span class="o">=</span> <span class="n">df</span><span class="p">.</span><span class="nf">select_dtypes</span><span class="p">(</span><span class="n">include</span><span class="o">=</span><span class="p">[</span><span class="sh">'</span><span class="s">int64</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">float64</span><span class="sh">'</span><span class="p">]).</span><span class="n">columns</span> <span class="n">df</span><span class="p">[</span><span class="n">numeric_cols</span><span class="p">]</span> <span class="o">=</span> <span class="n">df</span><span class="p">[</span><span class="n">numeric_cols</span><span class="p">].</span><span class="nf">fillna</span><span class="p">(</span><span class="n">df</span><span class="p">[</span><span class="n">numeric_cols</span><span class="p">].</span><span class="nf">mean</span><span class="p">())</span> <span class="n">categorical_cols</span> <span class="o">=</span> <span class="n">df</span><span class="p">.</span><span class="nf">select_dtypes</span><span class="p">(</span><span class="n">include</span><span class="o">=</span><span class="p">[</span><span class="sh">'</span><span class="s">object</span><span class="sh">'</span><span class="p">]).</span><span class="n">columns</span> <span class="n">df</span><span class="p">[</span><span class="n">categorical_cols</span><span class="p">]</span> <span class="o">=</span> <span class="n">df</span><span class="p">[</span><span class="n">categorical_cols</span><span class="p">].</span><span class="nf">fillna</span><span class="p">(</span><span class="n">df</span><span class="p">[</span><span class="n">categorical_cols</span><span class="p">].</span><span class="nf">mode</span><span class="p">().</span><span class="n">iloc</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span> <span class="c1"># Encode Categorical Features </span><span class="n">df</span> <span class="o">=</span> <span class="n">pd</span><span class="p">.</span><span class="nf">get_dummies</span><span class="p">(</span><span class="n">df</span><span class="p">)</span> <span class="c1"># Ensure all boolean columns are converted to numeric </span><span class="n">df</span> <span class="o">=</span> <span class="n">df</span><span class="p">.</span><span class="nf">applymap</span><span class="p">(</span><span class="k">lambda</span> <span class="n">x</span><span class="p">:</span> <span class="mi">1</span> <span class="k">if</span> <span class="n">x</span> <span class="ow">is</span> <span class="bp">True</span> <span class="k">else</span> <span class="mi">0</span> <span class="k">if</span> <span class="n">x</span> <span class="ow">is</span> <span class="bp">False</span> <span class="k">else</span> <span class="n">x</span><span class="p">)</span> <span class="c1"># Split the Data </span><span class="n">train</span><span class="p">,</span> <span class="n">test</span> <span class="o">=</span> <span class="nf">train_test_split</span><span class="p">(</span><span class="n">df</span><span class="p">,</span> <span class="n">test_size</span><span class="o">=</span><span class="mf">0.2</span><span class="p">,</span> <span class="n">random_state</span><span class="o">=</span><span class="mi">42</span><span class="p">)</span> <span class="n">train</span><span class="p">.</span><span class="nf">to_csv</span><span class="p">(</span><span class="sh">'</span><span class="s">train.csv</span><span class="sh">'</span><span class="p">,</span> <span class="n">index</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">header</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">test</span><span class="p">.</span><span class="nf">to_csv</span><span class="p">(</span><span class="sh">'</span><span class="s">test.csv</span><span class="sh">'</span><span class="p">,</span> <span class="n">index</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">header</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="c1"># Upload the Processed Data to S3 </span><span class="n">s3_resource</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">resource</span><span class="p">(</span><span class="sh">'</span><span class="s">s3</span><span class="sh">'</span><span class="p">)</span> <span class="n">s3_resource</span><span class="p">.</span><span class="nc">Bucket</span><span class="p">(</span><span class="n">bucket_name</span><span class="p">).</span><span class="nf">upload_file</span><span class="p">(</span><span class="sh">'</span><span class="s">train.csv</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">train.csv</span><span class="sh">'</span><span class="p">)</span> <span class="n">s3_resource</span><span class="p">.</span><span class="nc">Bucket</span><span class="p">(</span><span class="n">bucket_name</span><span class="p">).</span><span class="nf">upload_file</span><span class="p">(</span><span class="sh">'</span><span class="s">test.csv</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">test.csv</span><span class="sh">'</span><span class="p">)</span> </code></pre> </div> <p><strong>Train and deploy the model</strong></p> <p>Now this is the that we are going to explore SageMaker features. In our case, we use the <code>linear-learner</code> from SageMaker that allow us to make a linear regression on our dataset.</p> <p>Next, we define the instance type that will be used for our SageMaker Training Jobs, here <code>ml.m5.large</code> to benefits of the Free Tier.</p> <p>Then, after being trained, the model is deployed as a SageMaker Endpoint so we can use it afterward.</p> <p>Add this code and run it :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Train Model </span><span class="n">role</span> <span class="o">=</span> <span class="nf">get_execution_role</span><span class="p">()</span> <span class="n">sess</span> <span class="o">=</span> <span class="n">sagemaker</span><span class="p">.</span><span class="nc">Session</span><span class="p">()</span> <span class="n">output_location</span> <span class="o">=</span> <span class="sh">'</span><span class="s">s3://{}/output</span><span class="sh">'</span><span class="p">.</span><span class="nf">format</span><span class="p">(</span><span class="n">bucket_name</span><span class="p">)</span> <span class="n">container</span> <span class="o">=</span> <span class="n">sagemaker</span><span class="p">.</span><span class="n">image_uris</span><span class="p">.</span><span class="nf">retrieve</span><span class="p">(</span><span class="sh">"</span><span class="s">linear-learner</span><span class="sh">"</span><span class="p">,</span> <span class="n">sess</span><span class="p">.</span><span class="n">boto_region_name</span><span class="p">,</span> <span class="sh">"</span><span class="s">1.0-1</span><span class="sh">"</span><span class="p">)</span> <span class="n">linear</span> <span class="o">=</span> <span class="n">sagemaker</span><span class="p">.</span><span class="n">estimator</span><span class="p">.</span><span class="nc">Estimator</span><span class="p">(</span> <span class="n">container</span><span class="p">,</span> <span class="n">role</span><span class="p">,</span> <span class="n">instance_count</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> <span class="n">instance_type</span><span class="o">=</span><span class="sh">'</span><span class="s">ml.m5.large</span><span class="sh">'</span><span class="p">,</span> <span class="n">output_path</span><span class="o">=</span><span class="n">output_location</span><span class="p">,</span> <span class="n">sagemaker_session</span><span class="o">=</span><span class="n">sess</span> <span class="p">)</span> <span class="n">linear</span><span class="p">.</span><span class="nf">set_hyperparameters</span><span class="p">(</span> <span class="n">predictor_type</span><span class="o">=</span><span class="sh">'</span><span class="s">regressor</span><span class="sh">'</span><span class="p">,</span> <span class="n">mini_batch_size</span><span class="o">=</span><span class="mi">100</span> <span class="p">)</span> <span class="n">train_data</span> <span class="o">=</span> <span class="sh">'</span><span class="s">s3://{}/train.csv</span><span class="sh">'</span><span class="p">.</span><span class="nf">format</span><span class="p">(</span><span class="n">bucket_name</span><span class="p">)</span> <span class="n">test_data</span> <span class="o">=</span> <span class="sh">'</span><span class="s">s3://{}/test.csv</span><span class="sh">'</span><span class="p">.</span><span class="nf">format</span><span class="p">(</span><span class="n">bucket_name</span><span class="p">)</span> <span class="n">data_channels</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">train</span><span class="sh">'</span><span class="p">:</span> <span class="n">sagemaker</span><span class="p">.</span><span class="n">inputs</span><span class="p">.</span><span class="nc">TrainingInput</span><span class="p">(</span><span class="n">train_data</span><span class="p">,</span> <span class="n">content_type</span><span class="o">=</span><span class="sh">'</span><span class="s">text/csv</span><span class="sh">'</span><span class="p">),</span> <span class="sh">'</span><span class="s">validation</span><span class="sh">'</span><span class="p">:</span> <span class="n">sagemaker</span><span class="p">.</span><span class="n">inputs</span><span class="p">.</span><span class="nc">TrainingInput</span><span class="p">(</span><span class="n">test_data</span><span class="p">,</span> <span class="n">content_type</span><span class="o">=</span><span class="sh">'</span><span class="s">text/csv</span><span class="sh">'</span><span class="p">)</span> <span class="p">}</span> <span class="n">linear</span><span class="p">.</span><span class="nf">fit</span><span class="p">(</span><span class="n">inputs</span><span class="o">=</span><span class="n">data_channels</span><span class="p">)</span> <span class="c1"># Deploy Model </span><span class="n">predictor</span> <span class="o">=</span> <span class="n">linear</span><span class="p">.</span><span class="nf">deploy</span><span class="p">(</span><span class="n">initial_instance_count</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> <span class="n">instance_type</span><span class="o">=</span><span class="sh">'</span><span class="s">ml.t2.medium</span><span class="sh">'</span><span class="p">)</span> </code></pre> </div> <p>It should take some minutes to execute. During this time, you can go to the console to see the Training Job status : </p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4lz9io00x62m7ql1z60c.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4lz9io00x62m7ql1z60c.png" alt="Training job status in console" width="800" height="245"></a></p> <p>with the logs in your notebook : </p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fez5q32pmo98ergw4k4vn.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fez5q32pmo98ergw4k4vn.png" alt="Log of training" width="800" height="202"></a></p> <p>and after the job finished, the Model Endpoint deployment : </p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1mr06g0u6fk0ud6hbnr6.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1mr06g0u6fk0ud6hbnr6.png" alt="Endpoint creation" width="800" height="218"></a></p> <p>Wait until the Endpoint status appears as <code>InService</code>.</p> <p><strong>Test the model</strong></p> <p>The following code aims to use the fresh new Endpoint to analyse and predict SalePrice on the test dataset. I will run it into the notebook, but you can actually run it from anywhere (if you have access to your endpoint) :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Test Model </span><span class="n">test_data_no_target</span> <span class="o">=</span> <span class="n">test</span><span class="p">.</span><span class="nf">drop</span><span class="p">(</span><span class="n">columns</span><span class="o">=</span><span class="p">[</span><span class="sh">'</span><span class="s">SalePrice</span><span class="sh">'</span><span class="p">])</span> <span class="c1"># Ensure all data is numeric </span><span class="k">assert</span> <span class="n">test_data_no_target</span><span class="p">.</span><span class="nf">applymap</span><span class="p">(</span><span class="n">np</span><span class="p">.</span><span class="n">isreal</span><span class="p">).</span><span class="nf">all</span><span class="p">().</span><span class="nf">all</span><span class="p">(),</span> <span class="sh">"</span><span class="s">Test data contains non-numeric values</span><span class="sh">"</span> <span class="c1"># Convert test data to CSV string </span><span class="n">csv_input</span> <span class="o">=</span> <span class="n">test_data_no_target</span><span class="p">.</span><span class="nf">to_csv</span><span class="p">(</span><span class="n">header</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">index</span><span class="o">=</span><span class="bp">False</span><span class="p">).</span><span class="nf">strip</span><span class="p">()</span> <span class="c1"># Initialize the predictor with correct serializers </span><span class="n">predictor</span> <span class="o">=</span> <span class="n">sagemaker</span><span class="p">.</span><span class="n">predictor</span><span class="p">.</span><span class="nc">Predictor</span><span class="p">(</span> <span class="n">endpoint_name</span><span class="o">=</span><span class="n">predictor</span><span class="p">.</span><span class="n">endpoint_name</span><span class="p">,</span> <span class="n">sagemaker_session</span><span class="o">=</span><span class="n">sagemaker</span><span class="p">.</span><span class="nc">Session</span><span class="p">(),</span> <span class="n">serializer</span><span class="o">=</span><span class="nc">CSVSerializer</span><span class="p">(),</span> <span class="n">deserializer</span><span class="o">=</span><span class="nc">JSONDeserializer</span><span class="p">()</span> <span class="p">)</span> <span class="c1"># Make predictions </span><span class="n">predictions</span> <span class="o">=</span> <span class="n">predictor</span><span class="p">.</span><span class="nf">predict</span><span class="p">(</span><span class="n">csv_input</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">predictions</span><span class="p">)</span> </code></pre> </div> <p>You should get a set of analysis results, here the precision is not mandatory as I just want to provide you a guide to use SageMaker. </p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuhekjvxd4hrw336jip4n.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuhekjvxd4hrw336jip4n.png" alt="Model result on test dataset" width="800" height="268"></a></p> <h2> Cleaning </h2> <p> </p> <p>To avoid unwanted cost and clean your account, do not forget to delete : </p> <ul> <li>SageMaker Endpoint</li> <li>SageMaker Notebook instance</li> <li>S3 bucket</li> <li>IAM role</li> </ul> <p>Thanks for reading ! Hope this helped you to use or understand how to train a model with Amazon SageMaker from a raw dataset to a ready to use endpoint. Don’t hesitate to give me your feedback or suggestions.</p> aws ai machinelearning sagemaker Donovan HOANG Mon, 24 Jun 2024 06:30:00 +0000 https://forem.com/dhoang1905/managing-and-rotating-secrets-with-aws-secrets-manager-eci https://forem.com/dhoang1905/managing-and-rotating-secrets-with-aws-secrets-manager-eci <h2> TL; DR; </h2> <p>Securely managing secrets and credentials is crucial for maintaining the integrity of your applications in the cloud. AWS Secrets Manager simplifies this process by providing a centralized, secure repository for storing, managing, and rotating secrets such as database credentials, API keys, and application credentials. This article explains how to use AWS Secrets Manager, highlights its key features, and provides a practical example using Terraform to set up secret rotation with a Lambda function. You'll learn how to securely store secrets, eliminate hard-coded credentials, automate secret rotation, and enhance your application's security.</p> <p>Maintaining the security and integrity of your apps and data in today's cloud environments depends on securely managing secrets and credentials. You can securely store, manage and rotate secrets with the aid of AWS Secrets Manager. This post will walk you through the process of safely storing managing and rotating credentials and secrets using AWS Secrets Manager. Furthermore, I will provide an example case of AWS Secrets Manager with Terraform. </p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F80jlp4frdd0hbet4k0my.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F80jlp4frdd0hbet4k0my.png" alt="AWS Secret Manager Logo"></a></p> <h2> Understanding AWS Secrets Manager </h2> <p>AWS Secrets Manager enables you to manage, retrieve, and rotate database credentials, application credentials, OAuth tokens, API keys, and other sensitive secrets throughout their lifecycle. Many AWS services can store and use secrets directly from Secrets Manager.</p> <p>By using Secrets Manager, you can enhance your security posture by eliminating the need to hard-code credentials in your application source code. Storing credentials in Secrets Manager helps prevent potential exposure to anyone who can access your application or its components. Instead of hard-coding credentials, you make a runtime call to Secrets Manager to retrieve them dynamically when needed.</p> <h3> Key features : </h3> <p><strong>Secure Storage:</strong></p> <ul> <li>Encryption: Secrets are encrypted at rest using AWS Key Management Service (KMS) keys, ensuring that your sensitive data is protected.</li> <li>Access Control: Fine-grained access control policies can be set using AWS IAM to restrict access to secrets based on roles and permissions.</li> </ul> <p><strong>Automatic Rotation:</strong></p> <ul> <li>Rotation Schedules: AWS Secrets Manager allows you to automatically rotate secrets according to a predefined schedule, helping to ensure that your secrets are regularly updated according to your security policies and without manual intervention.</li> <li>Lambda Integration: Integrate genuinely with AWS Lambda to define custom rotation logic for your secrets.</li> </ul> <p><strong>Access Control and Auditing:</strong></p> <ul> <li>IAM Policies: Define who or what can access your secrets through IAM, ensuring that only authorized users and applications can retrieve sensitive data.</li> <li>Audit Logging: Integration with AWS CloudTrail provides detailed logs of secrets access, enabling you to monitor and audit sensitive data usage for compliance and security purposes.</li> </ul> <p><strong>Secrets Management:</strong></p> <ul> <li>Versioning: AWS Secrets Manager supports versioning of secrets, allowing you to maintain multiple versions of a secret and revert to previous versions if necessary.</li> <li>Secret Retrieval: Retrieve secrets programmatically using AWS SDKs, CLI, or HTTP-based requests, ensuring that your applications can securely access secrets when needed.</li> </ul> <p><strong>Integration with AWS Services:</strong></p> <ul> <li>Amazon RDS: Easily rotate database credentials for Amazon RDS instances with built-in support.</li> <li>Other AWS Services: Seamless integration with other AWS services like Amazon EC2, AWS Lambda, and Amazon ECS to securely manage access to secrets across your application.</li> </ul> <h2> Setting Up AWS Secrets Manager with Terraform </h2> <p>First let's create a simple secret with two values : a username and a password :</p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code> <span class="k">resource</span> <span class="s2">"aws_secretsmanager_secret"</span> <span class="s2">"credentials"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"sensitive-credentials"</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_secretsmanager_secret_version"</span> <span class="s2">"example_version"</span> <span class="p">{</span> <span class="nx">secret_id</span> <span class="p">=</span> <span class="nx">aws_secretsmanager_secret</span><span class="p">.</span><span class="nx">credentials</span><span class="p">.</span><span class="nx">id</span> <span class="nx">secret_string</span> <span class="p">=</span> <span class="nx">jsonencode</span><span class="p">({</span> <span class="nx">username</span> <span class="p">=</span> <span class="s2">"example_user"</span> <span class="nx">password</span> <span class="p">=</span> <span class="s2">"example_password"</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>Then create the lambda with its specific permissions :</p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code> <span class="k">resource</span> <span class="s2">"aws_iam_role"</span> <span class="s2">"lambda_rotation_role"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"lambda_rotation_role"</span> <span class="nx">assume_role_policy</span> <span class="p">=</span> <span class="nx">jsonencode</span><span class="p">({</span> <span class="nx">Version</span> <span class="p">=</span> <span class="s2">"2012-10-17"</span> <span class="nx">Statement</span> <span class="p">=</span> <span class="p">[</span> <span class="p">{</span> <span class="nx">Action</span> <span class="p">=</span> <span class="s2">"sts:AssumeRole"</span> <span class="nx">Effect</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="nx">Principal</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Service</span> <span class="p">=</span> <span class="s2">"lambda.amazonaws.com"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">]</span> <span class="p">})</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_iam_role_policy_attachment"</span> <span class="s2">"lambda_rotation_policy_attachment"</span> <span class="p">{</span> <span class="nx">role</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">lambda_rotation_role</span><span class="p">.</span><span class="nx">name</span> <span class="nx">policy_arn</span> <span class="p">=</span> <span class="nx">aws_iam_policy</span><span class="p">.</span><span class="nx">lambda_rotation_policy</span><span class="p">.</span><span class="nx">arn</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_iam_policy"</span> <span class="s2">"lambda_rotation_policy"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"lambda_rotation_policy"</span> <span class="nx">policy</span> <span class="p">=</span> <span class="nx">jsonencode</span><span class="p">({</span> <span class="nx">Version</span> <span class="p">=</span> <span class="s2">"2012-10-17"</span> <span class="nx">Statement</span> <span class="p">=</span> <span class="p">[</span> <span class="p">{</span> <span class="nx">Effect</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="nx">Action</span> <span class="p">=</span> <span class="p">[</span> <span class="s2">"secretsmanager:GetSecretValue"</span><span class="p">,</span> <span class="s2">"secretsmanager:PutSecretValue"</span><span class="p">,</span> <span class="s2">"secretsmanager:UpdateSecretVersionStage"</span><span class="p">,</span> <span class="s2">"secretsmanager:DescribeSecret"</span> <span class="p">]</span> <span class="nx">Resource</span> <span class="p">=</span> <span class="p">[</span> <span class="nx">aws_secretsmanager_secret</span><span class="p">.</span><span class="nx">credentials</span><span class="p">.</span><span class="nx">arn</span> <span class="p">]</span> <span class="p">}</span> <span class="p">]</span> <span class="p">})</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_lambda_function"</span> <span class="s2">"rotation_lambda"</span> <span class="p">{</span> <span class="nx">filename</span> <span class="p">=</span> <span class="s2">"lambda_rotation.zip"</span> <span class="c1"># Path to your zip file</span> <span class="nx">function_name</span> <span class="p">=</span> <span class="s2">"SecretRotationFunction"</span> <span class="nx">role</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">lambda_rotation_role</span><span class="p">.</span><span class="nx">arn</span> <span class="nx">handler</span> <span class="p">=</span> <span class="s2">"rotation.lambda_handler"</span> <span class="nx">runtime</span> <span class="p">=</span> <span class="s2">"python3.8"</span> <span class="nx">source_code_hash</span> <span class="p">=</span> <span class="nx">filebase64sha256</span><span class="p">(</span><span class="s2">"lambda_rotation.zip"</span><span class="p">)</span> <span class="nx">environment</span> <span class="p">{</span> <span class="nx">variables</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">SECRET_ARN</span> <span class="p">=</span> <span class="nx">aws_secretsmanager_secret</span><span class="p">.</span><span class="nx">credentials</span><span class="p">.</span><span class="nx">arn</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>With the corresponding python script that will handle the secret rotation logic depending on your need :</p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="kn">import</span> <span class="n">boto3</span> <span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">os</span> <span class="kn">import</span> <span class="n">secrets</span> <span class="kn">import</span> <span class="n">string</span> <span class="k">def</span> <span class="nf">generate_random_password</span><span class="p">(</span><span class="n">length</span><span class="o">=</span><span class="mi">16</span><span class="p">):</span> <span class="c1"># Define the characters to use for password generation </span> <span class="n">alphabet</span> <span class="o">=</span> <span class="n">string</span><span class="p">.</span><span class="n">ascii_letters</span> <span class="o">+</span> <span class="n">string</span><span class="p">.</span><span class="n">digits</span> <span class="o">+</span> <span class="n">string</span><span class="p">.</span><span class="n">punctuation</span> <span class="c1"># Generate a random password </span> <span class="n">password</span> <span class="o">=</span> <span class="sh">''</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">secrets</span><span class="p">.</span><span class="nf">choice</span><span class="p">(</span><span class="n">alphabet</span><span class="p">)</span> <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="n">length</span><span class="p">))</span> <span class="k">return</span> <span class="n">password</span> <span class="k">def</span> <span class="nf">lambda_handler</span><span class="p">(</span><span class="n">event</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="c1"># Retrieve the secret details </span> <span class="n">secretsmanager_client</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">secretsmanager</span><span class="sh">'</span><span class="p">)</span> <span class="n">secret_arn</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">'</span><span class="s">SECRET_ARN</span><span class="sh">'</span><span class="p">]</span> <span class="c1"># Get the current secret value </span> <span class="n">current_secret_value</span> <span class="o">=</span> <span class="n">secretsmanager_client</span><span class="p">.</span><span class="nf">get_secret_value</span><span class="p">(</span> <span class="n">SecretId</span><span class="o">=</span><span class="n">secret_arn</span> <span class="p">)</span> <span class="c1"># Generate a new random password </span> <span class="n">new_password</span> <span class="o">=</span> <span class="nf">generate_random_password</span><span class="p">()</span> <span class="c1"># Update the secret with the new password </span> <span class="n">secretsmanager_client</span><span class="p">.</span><span class="nf">put_secret_value</span><span class="p">(</span> <span class="n">SecretId</span><span class="o">=</span><span class="n">secret_arn</span><span class="p">,</span> <span class="n">SecretString</span><span class="o">=</span><span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span> <span class="sh">"</span><span class="s">username</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">current_secret_value</span><span class="p">[</span><span class="sh">'</span><span class="s">SecretString</span><span class="sh">'</span><span class="p">])[</span><span class="sh">'</span><span class="s">username</span><span class="sh">'</span><span class="p">],</span> <span class="sh">"</span><span class="s">password</span><span class="sh">"</span><span class="p">:</span> <span class="n">new_password</span> <span class="p">})</span> <span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">'</span><span class="s">statusCode</span><span class="sh">'</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="sh">'</span><span class="s">body</span><span class="sh">'</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="sh">'</span><span class="s">Secret rotated successfully</span><span class="sh">'</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>And finally, configure Secret Manager to use the Lambda to rotate the secret every 30 days : </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code> <span class="k">resource</span> <span class="s2">"aws_secretsmanager_secret_rotation"</span> <span class="s2">"example_rotation"</span> <span class="p">{</span> <span class="nx">secret_id</span> <span class="p">=</span> <span class="nx">aws_secretsmanager_secret</span><span class="p">.</span><span class="nx">credentials</span><span class="p">.</span><span class="nx">id</span> <span class="nx">rotation_lambda_arn</span> <span class="p">=</span> <span class="nx">aws_lambda_function</span><span class="p">.</span><span class="nx">rotation_lambda</span><span class="p">.</span><span class="nx">arn</span> <span class="nx">rotation_rules</span> <span class="p">{</span> <span class="nx">automatically_after_days</span> <span class="p">=</span> <span class="mi">30</span> <span class="p">}</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_lambda_permission"</span> <span class="s2">"allow_secretsmanager"</span> <span class="p">{</span> <span class="nx">statement_id</span> <span class="p">=</span> <span class="s2">"AllowSecretsManagerInvoke"</span> <span class="nx">action</span> <span class="p">=</span> <span class="s2">"lambda:InvokeFunction"</span> <span class="nx">function_name</span> <span class="p">=</span> <span class="nx">aws_lambda_function</span><span class="p">.</span><span class="nx">rotation_lambda</span><span class="p">.</span><span class="nx">function_name</span> <span class="nx">principal</span> <span class="p">=</span> <span class="s2">"secretsmanager.amazonaws.com"</span> <span class="nx">source_arn</span> <span class="p">=</span> <span class="nx">aws_secretsmanager_secret</span><span class="p">.</span><span class="nx">credentials</span><span class="p">.</span><span class="nx">arn</span> <span class="p">}</span> </code></pre> </div> <p><strong>Deploy it</strong> 🚀</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <p>zip lambda_rotation.zip rotation.py<br> terraform init<br> terraform apply</p> </code></pre> </div> <h2> <br> <br> <br> Test the solution<br> </h2> <p>In your AWS console, go to the AWS Secret Manager page and select the secret that we just created. Click on "Retrieve secret value", you should see the inital value that we set with Terraform : </p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8lxtol3wjdvc92w6lpfb.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8lxtol3wjdvc92w6lpfb.png" alt="Secret value before rotation"></a></p> <p>Now on the "Rotation" tab click on "Rotate secret immediately" and confirm. After retrieving the secret value another time, you should now have a fresh new generated password:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7pisg0vp2444et9q1872.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7pisg0vp2444et9q1872.png" alt="Secret value after rotation"></a></p> <p>This action will now be performed each 30 days. You can change the period of rotation and even define a cron schedule expression to fit more accurately your need.</p> <p>Thanks for reading ! Hope this helped you to use or understand how to take advantages of Secret Manager thanks to the rotation of secrets. Don’t hesitate to give me your feedback or suggestions.</p> aws terraform security Donovan HOANG Mon, 15 Jan 2024 19:11:47 +0000 https://forem.com/dhoang1905/invoke-your-step-functions-with-api-gateway-1p0m https://forem.com/dhoang1905/invoke-your-step-functions-with-api-gateway-1p0m <h2> TL; DR. </h2> <p>This article provides a comprehensive guide to leveraging AWS Step Functions for efficient orchestration of serverless application workflows. We’ll delve into integrating these workflows with your application backends, ensuring that inputs are correctly processed and outputs are accurately returned. The focus is on simplifying workflow management in complex serverless environments and enhancing the reliability of data exchange within these processes.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ful800v7ziwkvonjeaonr.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ful800v7ziwkvonjeaonr.png" alt="Preview image"></a></p> <h1> Introduction </h1> <p>Managing workflows in serverless applications can become increasingly challenging as processes proliferate. Fortunately, AWS Step Functions offer a robust solution for orchestrating and managing these serverless processes efficiently.</p> <p>In this article, we’ll demonstrate how to integrate these workflows seamlessly with your application backends. More importantly, we’ll focus on ensuring accurate handling and return of both inputs and outputs within these orchestrated workflows.</p> <p>You can find all the sources of this project on <a href="https://github.com/Donovan1905/apigw-sfn-integration" rel="noopener noreferrer">Github</a>.</p> <div class="ltag-github-readme-tag"> <div class="readme-overview"> <h2> <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev.to%2Fassets%2Fgithub-logo-5a155e1f9a670af7944dd5e12375bc76ed542ea80224905ecaf878b9157cdefc.svg" alt="GitHub logo"> <a href="https://github.com/Donovan1905" rel="noopener noreferrer"> Donovan1905 </a> / <a href="https://github.com/Donovan1905/apigw-sfn-integration" rel="noopener noreferrer"> apigw-sfn-integration </a> </h2> <h3> AWS Api Gateway integration for Step Functions </h3> </div> <div class="ltag-github-body"> <div id="readme" class="md"> <div class="markdown-heading"> <h1 class="heading-element">apigw-sfn-integration</h1> </div> <p>AWS Api Gateway integration for Step Functions</p> </div> </div> <br> <div class="gh-btn-container"><a class="gh-btn" href="https://github.com/Donovan1905/apigw-sfn-integration" rel="noopener noreferrer">View on GitHub</a></div> <br> </div> <br> <h1> The use cases </h1> <p>In modern cloud architectures, the need to efficiently manage complex workflows often leads to the integration of AWS Step Functions with API Gateway. This combination is particularly valuable when dealing with multi-step processes that require orchestration across various AWS services. By leveraging API Gateway to trigger Step Functions, developers can initiate intricate workflows through simple HTTP requests, streamlining the execution of tasks that are too complex or lengthy for traditional, single-step functions.</p> <p>Because of the API Gateway timeout limit, you will have to choose between two possible approaches, the synchronous and asynchronous ways :</p> <h2> Synchronous </h2> <p>If you want your API response to give you the final result of your Step Function execution, you will need to use Express function type. This type will allow you to use the <code>states:StartSyncExecution</code> action and wait for the output of your workflow. Even if the Express Step Function timeout limit is much lower that the Standard ones (5 minutes instead of 1 year), it will be even more limited by the API Gateway timeout limit, which is 29 seconds.</p> <p>So if your workflows will for sure have an execution time lower that 29 seconds and the output of your Step Function are important regarding your need, Express Step Functions are your solution !</p> <h2> Asynchronous </h2> <p>On the other hand, if your executions will, even though it is only some of those, you will need to use Standard Step Function which a timeout limit of 1 year with the <code>states:StartExecution</code> action (only possible invocation with Standard functions). Since this will execute asynchonously, you will get the execution Arn as an Api output, like this :</p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"executionArn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:states:&lt;region&gt;:&lt;account&gt;:execution:&lt;function_name&gt;:&lt;execution_name&gt;"</span><span class="p">,</span><span class="w"> </span><span class="nl">"startDate"</span><span class="p">:</span><span class="w"> </span><span class="err">&lt;date&gt;</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>With this Arn you will be able to use the <code>states:DescribeExecution</code> to get the state of the execution (Running, Succeeded, Failed, …) as well as the output of the state machine. You fetch this data or with the AWS SDK in your application of by creating another Api route that will retrieve the execution data of a given execution Arn.</p> <p>Alternatively, you could publish messages on an SQS queue all along the execution and consume it by the concerned application directly. This will prevent your application to retry the <code>DescribeExecution</code> call and wait for the end of the process to get the result state. You could for example update a status of the workflow (for example an EC2 instance that starts, process some data and then stop) in live on a dashboard.</p> <p>No matter which approach you choose, you will also need to define request and response mapping in the Api Gateway Integration. Theses are meant to define a template that will transform the data between Api Gateway and the Step Function.</p> <p>Now that you have the keys to choose the type of the functions that fit your need, we will go further with the implementation of this infrastructure using Terraform.</p> <h1> Deploy with Terraform </h1> <h2> The Step Function </h2> <p>Let's take a simple workflow for this one. Starting by checking the status of a given instance, if it is stopped we start it but if it is already running we stop it. There will be 2 Step Function like this except that one got a delay timer of 29 seconds so we can test the asynchronous approach.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj22tonunxfm06fknkwho.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj22tonunxfm06fknkwho.png" alt="Step Function diagram"></a></p> <p>First, create <code>.tftpl</code> files that will be loaded into Terraform as datasources to deploy the Step Function :</p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="err">./express_state_machine_template.tftpl</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"StartAt"</span><span class="p">:</span><span class="s2">"CheckInstanceStatus"</span><span class="p">,</span><span class="w"> </span><span class="nl">"States"</span><span class="p">:{</span><span class="w"> </span><span class="nl">"CheckInstanceStatus"</span><span class="p">:{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="s2">"Task"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="s2">"arn:aws:states:::aws-sdk:ec2:describeInstanceStatus"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Parameters"</span><span class="p">:{</span><span class="w"> </span><span class="nl">"InstanceIds.$"</span><span class="p">:</span><span class="w"> </span><span class="s2">"States.Array($.instance_id)"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"ResultPath"</span><span class="p">:</span><span class="s2">"$.InstanceStatus"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Next"</span><span class="p">:</span><span class="s2">"InstanceStatusDecision"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"InstanceStatusDecision"</span><span class="p">:{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="s2">"Choice"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Choices"</span><span class="p">:[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Variable"</span><span class="p">:</span><span class="s2">"$.InstanceStatus.InstanceStatuses[0]"</span><span class="p">,</span><span class="w"> </span><span class="nl">"IsPresent"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"> </span><span class="nl">"Next"</span><span class="p">:</span><span class="s2">"StartInstance"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Variable"</span><span class="p">:</span><span class="s2">"$.InstanceStatus.InstanceStatuses[0].InstanceState.Name"</span><span class="p">,</span><span class="w"> </span><span class="nl">"StringEquals"</span><span class="p">:</span><span class="s2">"running"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Next"</span><span class="p">:</span><span class="s2">"StopInstance"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Default"</span><span class="p">:</span><span class="s2">"EndState"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"StartInstance"</span><span class="p">:{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="s2">"Task"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="s2">"arn:aws:states:::aws-sdk:ec2:startInstances"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Parameters"</span><span class="p">:{</span><span class="w"> </span><span class="nl">"InstanceIds.$"</span><span class="p">:</span><span class="w"> </span><span class="s2">"States.Array($.instance_id)"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"End"</span><span class="p">:</span><span class="kc">true</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"StopInstance"</span><span class="p">:{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="s2">"Task"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="s2">"arn:aws:states:::aws-sdk:ec2:stopInstances"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Parameters"</span><span class="p">:{</span><span class="w"> </span><span class="nl">"InstanceIds.$"</span><span class="p">:</span><span class="w"> </span><span class="s2">"States.Array($.instance_id)"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"End"</span><span class="p">:</span><span class="kc">true</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"EndState"</span><span class="p">:{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="s2">"Succeed"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>For <code>./standard_state_machine_template.tftpl</code> simply add the following action :</p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="err">...</span><span class="w"> </span><span class="nl">"Wait"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Wait"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Seconds"</span><span class="p">:</span><span class="w"> </span><span class="mi">29</span><span class="p">,</span><span class="w"> </span><span class="nl">"Next"</span><span class="p">:</span><span class="w"> </span><span class="s2">"CheckInstanceStatus"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">...</span><span class="w"> </span></code></pre> </div> <p>Next, import the templates as datasources and define your Step Functions resources :</p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code> <p><span class="c1"># ./sfn.tf</span></p> <p><span class="k">data</span> <span class="s2">"template_file"</span> <span class="s2">"express_state_machine_template"</span> <span class="p">{</span><br> <span class="nx">template</span> <span class="p">=</span> <span class="nx">file</span><span class="p">(</span><span class="s2">"</span><span class="k">${</span><span class="nx">path</span><span class="p">.</span><span class="k">module}</span><span class="s2">/express_state_machine_template.tftpl"</span><span class="p">)</span><br> <span class="nx">vars</span> <span class="p">=</span> <span class="p">{</span><br> <span class="nx">instance_id</span> <span class="p">=</span> <span class="nx">aws_instance</span><span class="p">.</span><span class="nx">example</span><span class="p">.</span><span class="nx">id</span><br> <span class="p">}</span><br> <span class="p">}</span></p> <p><span class="k">resource</span> <span class="s2">"aws_sfn_state_machine"</span> <span class="s2">"express_sfn_state_machine"</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">project_name</span><span class="k">}</span><span class="s2">-express"</span><br> <span class="nx">role_arn</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">iam_for_sfn</span><span class="p">.</span><span class="nx">arn</span><br> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"EXPRESS"</span></p> <p><span class="nx">definition</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">template_file</span><span class="p">.</span><span class="nx">express_state_machine_template</span><span class="p">.</span><span class="nx">rendered</span><br> <span class="p">}</span></p> <p><span class="k">data</span> <span class="s2">"template_file"</span> <span class="s2">"standard_state_machine_template"</span> <span class="p">{</span><br> <span class="nx">template</span> <span class="p">=</span> <span class="nx">file</span><span class="p">(</span><span class="s2">"</span><span class="k">${</span><span class="nx">path</span><span class="p">.</span><span class="k">module}</span><span class="s2">/standard_state_machine_template.tftpl"</span><span class="p">)</span><br> <span class="nx">vars</span> <span class="p">=</span> <span class="p">{</span><br> <span class="nx">instance_id</span> <span class="p">=</span> <span class="nx">aws_instance</span><span class="p">.</span><span class="nx">example</span><span class="p">.</span><span class="nx">id</span><br> <span class="p">}</span><br> <span class="p">}</span></p> <p><span class="k">resource</span> <span class="s2">"aws_sfn_state_machine"</span> <span class="s2">"standard_sfn_state_machine"</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">project_name</span><span class="k">}</span><span class="s2">-standard"</span><br> <span class="nx">role_arn</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">iam_for_sfn</span><span class="p">.</span><span class="nx">arn</span><br> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"STANDARD"</span></p> <p><span class="nx">definition</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">template_file</span><span class="p">.</span><span class="nx">standard_state_machine_template</span><span class="p">.</span><span class="nx">rendered</span><br> <span class="p">}</span></p> </code></pre> </div> <h2> <br> <br> <br> IAM roles<br> </h2> <p>Then we define the two IAM roles that will be used, one for the Step Function execution and one to allow the Api Gateway to invoke the functions.</p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code> <p><span class="c1"># ./iam.tf</span></p> <p><span class="err">./</span><span class="k">data</span> <span class="s2">"aws_iam_policy_document"</span> <span class="s2">"assume_role_policy_sfn"</span> <span class="p">{</span><br> <span class="nx">statement</span> <span class="p">{</span><br> <span class="nx">effect</span> <span class="p">=</span> <span class="s2">"Allow"</span><br> <span class="nx">principals</span> <span class="p">{</span><br> <span class="nx">identifiers</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"states.amazonaws.com"</span><span class="p">]</span><br> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"Service"</span><br> <span class="p">}</span><br> <span class="nx">actions</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"sts:AssumeRole"</span><span class="p">]</span><br> <span class="p">}</span><br> <span class="p">}</span></p> <p><span class="k">data</span> <span class="s2">"aws_iam_policy_document"</span> <span class="s2">"role_policy_sfn"</span> <span class="p">{</span><br> <span class="nx">statement</span> <span class="p">{</span><br> <span class="nx">effect</span> <span class="p">=</span> <span class="s2">"Allow"</span><br> <span class="nx">actions</span> <span class="p">=</span> <span class="p">[</span><br> <span class="s2">"ec2:<em>"</em></span><br> <span class="p">]</span><br> <span class="nx">resources</span> <span class="p">=</span> <span class="p">[</span><br> <span class="s2">""</span><span class="p">,</span><br> <span class="p">]</span><br> <span class="p">}</span></p> <p><span class="nx">statement</span> <span class="p">{</span><br> <span class="nx">sid</span> <span class="p">=</span> <span class="s2">"LoggingPolicy"</span><br> <span class="nx">effect</span> <span class="p">=</span> <span class="s2">"Allow"</span><br> <span class="nx">actions</span> <span class="p">=</span> <span class="p">[</span><br> <span class="s2">"logs:<em>"</em></span><br> <span class="p">]</span><br> <span class="nx">resources</span> <span class="p">=</span> <span class="p">[</span><br> <span class="s2">""</span><br> <span class="p">]</span><br> <span class="p">}</span><br> <span class="p">}</span></p> <p><span class="k">resource</span> <span class="s2">"aws_iam_role"</span> <span class="s2">"iam_for_sfn"</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"stepFunctionExecutionIAM"</span></p> <p><span class="nx">inline_policy</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"PolicyForSfn"</span><br> <span class="nx">policy</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">aws_iam_policy_document</span><span class="p">.</span><span class="nx">role_policy_sfn</span><span class="p">.</span><span class="nx">json</span><br> <span class="p">}</span></p> <p><span class="nx">assume_role_policy</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">aws_iam_policy_document</span><span class="p">.</span><span class="nx">assume_role_policy_sfn</span><span class="p">.</span><span class="nx">json</span><br> <span class="p">}</span></p> <p><span class="k">data</span> <span class="s2">"aws_iam_policy_document"</span> <span class="s2">"assume_role_policy_apigw"</span> <span class="p">{</span><br> <span class="nx">statement</span> <span class="p">{</span><br> <span class="nx">sid</span> <span class="p">=</span> <span class="s2">""</span><br> <span class="nx">effect</span> <span class="p">=</span> <span class="s2">"Allow"</span><br> <span class="nx">principals</span> <span class="p">{</span><br> <span class="nx">identifiers</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"apigateway.amazonaws.com"</span><span class="p">]</span><br> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"Service"</span><br> <span class="p">}</span><br> <span class="nx">actions</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"sts:AssumeRole"</span><span class="p">]</span><br> <span class="p">}</span><br> <span class="p">}</span></p> <p><span class="k">data</span> <span class="s2">"aws_iam_policy_document"</span> <span class="s2">"policy_start_sfn"</span> <span class="p">{</span><br> <span class="nx">statement</span> <span class="p">{</span><br> <span class="nx">sid</span> <span class="p">=</span> <span class="s2">"ApiGwPolicy"</span><br> <span class="nx">effect</span> <span class="p">=</span> <span class="s2">"Allow"</span><br> <span class="nx">actions</span> <span class="p">=</span> <span class="p">[</span><br> <span class="s2">"states:StartSyncExecution"</span><span class="p">,</span><br> <span class="s2">"states:StartExecution"</span><br> <span class="p">]</span><br> <span class="nx">resources</span> <span class="p">=</span> <span class="p">[</span><br> <span class="s2">"*"</span><br> <span class="p">]</span><br> <span class="p">}</span></p> <p><span class="p">}</span></p> <p><span class="k">resource</span> <span class="s2">"aws_iam_role"</span> <span class="s2">"iam_for_apigw_start_sfn"</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">project_name</span><span class="k">}</span><span class="s2">-apigw-exec-sfn"</span><br> <span class="nx">assume_role_policy</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">aws_iam_policy_document</span><span class="p">.</span><span class="nx">assume_role_policy_apigw</span><span class="p">.</span><span class="nx">json</span><br> <span class="p">}</span></p> <p><span class="k">resource</span> <span class="s2">"aws_iam_role_policy"</span> <span class="s2">"policy_start_sfn"</span> <span class="p">{</span><br> <span class="nx">policy</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">aws_iam_policy_document</span><span class="p">.</span><span class="nx">policy_start_sfn</span><span class="p">.</span><span class="nx">json</span><br> <span class="nx">role</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">iam_for_apigw_start_sfn</span><span class="p">.</span><span class="nx">id</span><br> <span class="p">}</span></p> </code></pre> </div> <h2> <br> <br> <br> EC2 instance<br> </h2> <p>We just need a simple EC2 instance, nothing particular here it just needs to be started and stopped.</p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code> <p><span class="c1"># ./ec2.tf</span></p> <p><span class="k">data</span> <span class="s2">"aws_ami"</span> <span class="s2">"amazon_linux_2023"</span> <span class="p">{</span><br> <span class="nx">most_recent</span> <span class="p">=</span> <span class="kc">true</span><br> <span class="nx">owners</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"amazon"</span><span class="p">]</span></p> <p><span class="nx">filter</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"architecture"</span><br> <span class="nx">values</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"x86_64"</span><span class="p">]</span><br> <span class="p">}</span></p> <p><span class="nx">filter</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"description"</span><br> <span class="nx">values</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"Amazon Linux 2023 *"</span><span class="p">]</span><br> <span class="p">}</span><br> <span class="p">}</span></p> <p><span class="k">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"example"</span> <span class="p">{</span><br> <span class="nx">ami</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">aws_ami</span><span class="p">.</span><span class="nx">amazon_linux_2023</span><span class="p">.</span><span class="nx">id</span><br> <span class="nx">instance_type</span> <span class="p">=</span> <span class="s2">"t3.nano"</span></p> <p><span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span><br> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"HelloWorld"</span><br> <span class="p">}</span><br> <span class="p">}</span></p> </code></pre> </div> <h2> <br> <br> <br> Finally, Api Gateway !<br> </h2> <p>Our Api definition will contain all the following resources :</p> <ul> <li>api_gateway_rest_api : the Api itself</li> <li>api_gateway_resource : the resource name and path part (one per Step Function)</li> <li>api_gateway_method : the associated resource HTTP verb (one per Step Function)</li> <li>api_gateway_deployment : the content of Api definition</li> <li>api_gateway_integration : the link between your Api route and your Step Function. This is where you define your request mapping template to transform and pass the input to the function (one per Step Function). In the integration, we need to define how we are going to invoke the function, <code>states:StartSyncExecution</code> or <code>states:StartExecution</code> by setting the uri parameter with the following structure <code>arn:aws:apigateway:&lt;region&gt;:states:action/&lt;action_type&gt;</code>. Also, the request mapping template will contain the input biding as well as the stateMachineArn.</li> <li>api_gateway_method_response and api_gateway_integration_response : the link between your Step Function output and the Api Gateway. This is where you define your response mapping template to transform your Step Function result and pass it to the Api Gateway (one per Step Function)</li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code> <p><span class="c1"># ./apigw.tf</span></p> <p><span class="k">resource</span> <span class="s2">"aws_api_gateway_rest_api"</span> <span class="s2">"apigw"</span> <span class="p">{</span><br> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">project_name</span><span class="k">}</span><span class="s2">-apigw"</span><br> <span class="p">}</span></p> <p><span class="k">resource</span> <span class="s2">"aws_api_gateway_resource"</span> <span class="s2">"express_ec2"</span> <span class="p">{</span><br> <span class="nx">parent_id</span> <span class="p">=</span> <span class="nx">aws_api_gateway_rest_api</span><span class="p">.</span><span class="nx">apigw</span><span class="p">.</span><span class="nx">root_resource_id</span><br> <span class="nx">path_part</span> <span class="p">=</span> <span class="s2">"express-instance"</span><br> <span class="nx">rest_api_id</span> <span class="p">=</span> <span class="nx">aws_api_gateway_rest_api</span><span class="p">.</span><span class="nx">apigw</span><span class="p">.</span><span class="nx">id</span><br> <span class="p">}</span></p> <p><span class="k">resource</span> <span class="s2">"aws_api_gateway_method"</span> <span class="s2">"express_post"</span> <span class="p">{</span><br> <span class="nx">authorization</span> <span class="p">=</span> <span class="s2">"NONE"</span><br> <span class="nx">http_method</span> <span class="p">=</span> <span class="s2">"POST"</span><br> <span class="nx">resource_id</span> <span class="p">=</span> <span class="nx">aws_api_gateway_resource</span><span class="p">.</span><span class="nx">express_ec2</span><span class="p">.</span><span class="nx">id</span><br> <span class="nx">rest_api_id</span> <span class="p">=</span> <span class="nx">aws_api_gateway_rest_api</span><span class="p">.</span><span class="nx">apigw</span><span class="p">.</span><span class="nx">id</span><br> <span class="p">}</span></p> <p><span class="k">resource</span> <span class="s2">"aws_api_gateway_resource"</span> <span class="s2">"standard_ec2"</span> <span class="p">{</span><br> <span class="nx">parent_id</span> <span class="p">=</span> <span class="nx">aws_api_gateway_rest_api</span><span class="p">.</span><span class="nx">apigw</span><span class="p">.</span><span class="nx">root_resource_id</span><br> <span class="nx">path_part</span> <span class="p">=</span> <span class="s2">"standard-instance"</span><br> <span class="nx">rest_api_id</span> <span class="p">=</span> <span class="nx">aws_api_gateway_rest_api</span><span class="p">.</span><span class="nx">apigw</span><span class="p">.</span><span class="nx">id</span><br> <span class="p">}</span></p> <p><span class="k">resource</span> <span class="s2">"aws_api_gateway_method"</span> <span class="s2">"standard_post"</span> <span class="p">{</span><br> <span class="nx">authorization</span> <span class="p">=</span> <span class="s2">"NONE"</span><br> <span class="nx">http_method</span> <span class="p">=</span> <span class="s2">"POST"</span><br> <span class="nx">resource_id</span> <span class="p">=</span> <span class="nx">aws_api_gateway_resource</span><span class="p">.</span><span class="nx">standard_ec2</span><span class="p">.</span><span class="nx">id</span><br> <span class="nx">rest_api_id</span> <span class="p">=</span> <span class="nx">aws_api_gateway_rest_api</span><span class="p">.</span><span class="nx">apigw</span><span class="p">.</span><span class="nx">id</span><br> <span class="p">}</span></p> <p><span class="k">resource</span> <span class="s2">"aws_api_gateway_deployment"</span> <span class="s2">"example"</span> <span class="p">{</span><br> <span class="nx">rest_api_id</span> <span class="p">=</span> <span class="nx">aws_api_gateway_rest_api</span><span class="p">.</span><span class="nx">apigw</span><span class="p">.</span><span class="nx">id</span></p> <p><span class="nx">triggers</span> <span class="p">=</span> <span class="p">{</span><br> <span class="nx">redeployment</span> <span class="p">=</span> <span class="nx">sha1</span><span class="p">(</span><span class="nx">jsonencode</span><span class="p">([</span><br> <span class="nx">aws_api_gateway_resource</span><span class="p">.</span><span class="nx">express_ec2</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span><br> <span class="nx">aws_api_gateway_method</span><span class="p">.</span><span class="nx">express_post</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span><br> <span class="nx">aws_api_gateway_integration</span><span class="p">.</span><span class="nx">express_integration</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span><br> <span class="nx">aws_api_gateway_resource</span><span class="p">.</span><span class="nx">standard_ec2</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span><br> <span class="nx">aws_api_gateway_method</span><span class="p">.</span><span class="nx">standard_post</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span><br> <span class="nx">aws_api_gateway_integration</span><span class="p">.</span><span class="nx">standard_integration</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span><br> <span class="p">]))</span><br> <span class="p">}</span></p> <p><span class="nx">lifecycle</span> <span class="p">{</span><br> <span class="nx">create_before_destroy</span> <span class="p">=</span> <span class="kc">true</span><br> <span class="p">}</span><br> <span class="p">}</span></p> <p><span class="k">resource</span> <span class="s2">"aws_api_gateway_integration"</span> <span class="s2">"express_integration"</span> <span class="p">{</span><br> <span class="nx">rest_api_id</span> <span class="p">=</span> <span class="nx">aws_api_gateway_rest_api</span><span class="p">.</span><span class="nx">apigw</span><span class="p">.</span><span class="nx">id</span><br> <span class="nx">resource_id</span> <span class="p">=</span> <span class="nx">aws_api_gateway_resource</span><span class="p">.</span><span class="nx">express_ec2</span><span class="p">.</span><span class="nx">id</span><br> <span class="nx">http_method</span> <span class="p">=</span> <span class="nx">aws_api_gateway_method</span><span class="p">.</span><span class="nx">express_post</span><span class="p">.</span><span class="nx">http_method</span><br> <span class="nx">integration_http_method</span> <span class="p">=</span> <span class="s2">"POST"</span><br> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"AWS"</span><br> <span class="nx">uri</span> <span class="p">=</span> <span class="p">(</span><br> <span class="s2">"arn:aws:apigateway:</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">region</span><span class="k">}</span><span class="s2">:states:action/StartSyncExecution"</span><br> <span class="p">)</span><br> <span class="nx">credentials</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">iam_for_apigw_start_sfn</span><span class="p">.</span><span class="nx">arn</span></p> <p><span class="nx">request_templates</span> <span class="p">=</span> <span class="p">{</span><br> <span class="s2">"application/json"</span> <span class="p">=</span> <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"></span></p> <h1> set($input = $input.json('$')) </h1> <p>{<br> "input": "$util.escapeJavaScript($input).replaceAll("\'", "'")",<br> "stateMachineArn": "${aws_sfn_state_machine.express_sfn_state_machine.arn}"<br> }<br> <span class="no">EOF<br> </span> <span class="p">}</span><br> <span class="p">}</span></p> <p><span class="k">resource</span> <span class="s2">"aws_api_gateway_integration"</span> <span class="s2">"standard_integration"</span> <span class="p">{</span><br> <span class="nx">rest_api_id</span> <span class="p">=</span> <span class="nx">aws_api_gateway_rest_api</span><span class="p">.</span><span class="nx">apigw</span><span class="p">.</span><span class="nx">id</span><br> <span class="nx">resource_id</span> <span class="p">=</span> <span class="nx">aws_api_gateway_resource</span><span class="p">.</span><span class="nx">standard_ec2</span><span class="p">.</span><span class="nx">id</span><br> <span class="nx">http_method</span> <span class="p">=</span> <span class="nx">aws_api_gateway_method</span><span class="p">.</span><span class="nx">standard_post</span><span class="p">.</span><span class="nx">http_method</span><br> <span class="nx">integration_http_method</span> <span class="p">=</span> <span class="s2">"POST"</span><br> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"AWS"</span><br> <span class="nx">uri</span> <span class="p">=</span> <span class="p">(</span><br> <span class="s2">"arn:aws:apigateway:</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">region</span><span class="k">}</span><span class="s2">:states:action/StartExecution"</span><br> <span class="p">)</span><br> <span class="nx">credentials</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">iam_for_apigw_start_sfn</span><span class="p">.</span><span class="nx">arn</span></p> <p><span class="nx">request_templates</span> <span class="p">=</span> <span class="p">{</span><br> <span class="s2">"application/json"</span> <span class="p">=</span> <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"></span></p> <h1> set($input = $input.json('$')) </h1> <p>{<br> "input": "$util.escapeJavaScript($input).replaceAll("\'", "'")",<br> "stateMachineArn": "${aws_sfn_state_machine.standard_sfn_state_machine.arn}"<br> }<br> <span class="no">EOF<br> </span> <span class="p">}</span><br> <span class="p">}</span></p> <p><span class="k">resource</span> <span class="s2">"aws_api_gateway_method_response"</span> <span class="s2">"express_response_200"</span> <span class="p">{</span><br> <span class="nx">rest_api_id</span> <span class="p">=</span> <span class="nx">aws_api_gateway_rest_api</span><span class="p">.</span><span class="nx">apigw</span><span class="p">.</span><span class="nx">id</span><br> <span class="nx">resource_id</span> <span class="p">=</span> <span class="nx">aws_api_gateway_resource</span><span class="p">.</span><span class="nx">express_ec2</span><span class="p">.</span><span class="nx">id</span><br> <span class="nx">http_method</span> <span class="p">=</span> <span class="nx">aws_api_gateway_method</span><span class="p">.</span><span class="nx">express_post</span><span class="p">.</span><span class="nx">http_method</span><br> <span class="nx">status_code</span> <span class="p">=</span> <span class="s2">"200"</span><br> <span class="p">}</span></p> <p><span class="k">resource</span> <span class="s2">"aws_api_gateway_integration_response"</span> <span class="s2">"express_response_200"</span> <span class="p">{</span><br> <span class="nx">rest_api_id</span> <span class="p">=</span> <span class="nx">aws_api_gateway_rest_api</span><span class="p">.</span><span class="nx">apigw</span><span class="p">.</span><span class="nx">id</span><br> <span class="nx">resource_id</span> <span class="p">=</span> <span class="nx">aws_api_gateway_resource</span><span class="p">.</span><span class="nx">express_ec2</span><span class="p">.</span><span class="nx">id</span><br> <span class="nx">http_method</span> <span class="p">=</span> <span class="nx">aws_api_gateway_method</span><span class="p">.</span><span class="nx">express_post</span><span class="p">.</span><span class="nx">http_method</span><br> <span class="nx">status_code</span> <span class="p">=</span> <span class="nx">aws_api_gateway_method_response</span><span class="p">.</span><span class="nx">express_response_200</span><span class="p">.</span><span class="nx">status_code</span></p> <p><span class="nx">response_templates</span> <span class="p">=</span> <span class="p">{</span><br> <span class="s2">"application/json"</span> <span class="p">=</span> <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"></span></p> <h1> set ($parsedPayload = $util.parseJson($input.json('$.output'))) </h1> <p>$parsedPayload<br> <span class="no">EOF<br> </span> <span class="p">}</span><br> <span class="p">}</span></p> <p><span class="k">resource</span> <span class="s2">"aws_api_gateway_method_response"</span> <span class="s2">"standard_response_200"</span> <span class="p">{</span><br> <span class="nx">rest_api_id</span> <span class="p">=</span> <span class="nx">aws_api_gateway_rest_api</span><span class="p">.</span><span class="nx">apigw</span><span class="p">.</span><span class="nx">id</span><br> <span class="nx">resource_id</span> <span class="p">=</span> <span class="nx">aws_api_gateway_resource</span><span class="p">.</span><span class="nx">standard_ec2</span><span class="p">.</span><span class="nx">id</span><br> <span class="nx">http_method</span> <span class="p">=</span> <span class="nx">aws_api_gateway_method</span><span class="p">.</span><span class="nx">standard_post</span><span class="p">.</span><span class="nx">http_method</span><br> <span class="nx">status_code</span> <span class="p">=</span> <span class="s2">"200"</span><br> <span class="p">}</span></p> <p><span class="k">resource</span> <span class="s2">"aws_api_gateway_integration_response"</span> <span class="s2">"standard_response_200"</span> <span class="p">{</span><br> <span class="nx">rest_api_id</span> <span class="p">=</span> <span class="nx">aws_api_gateway_rest_api</span><span class="p">.</span><span class="nx">apigw</span><span class="p">.</span><span class="nx">id</span><br> <span class="nx">resource_id</span> <span class="p">=</span> <span class="nx">aws_api_gateway_resource</span><span class="p">.</span><span class="nx">standard_ec2</span><span class="p">.</span><span class="nx">id</span><br> <span class="nx">http_method</span> <span class="p">=</span> <span class="nx">aws_api_gateway_method</span><span class="p">.</span><span class="nx">standard_post</span><span class="p">.</span><span class="nx">http_method</span><br> <span class="nx">status_code</span> <span class="p">=</span> <span class="nx">aws_api_gateway_method_response</span><span class="p">.</span><span class="nx">standard_response_200</span><span class="p">.</span><span class="nx">status_code</span></p> <p><span class="nx">response_templates</span> <span class="p">=</span> <span class="p">{</span><br> <span class="s2">"application/json"</span> <span class="p">=</span> <span class="o">&lt;&lt;</span><span class="no">EOF</span><span class="sh"></span></p> <h1> set ($parsedPayload = $util.parseJson($input.json('$'))) </h1> <p>$parsedPayload<br> <span class="no">EOF<br> </span> <span class="p">}</span><br> <span class="p">}</span></p> </code></pre> </div> <h1> <br> <br> <br> Let's test it !<br> </h1> <p>Make sure to apply the terraform configuration with <code>terraform apply</code>.</p> <h2> Synchronous route </h2> <p>Go your Api Gateway, choose the <code>/express-instance</code> resource with the POST verb, in the "Test" tabs add the following input :</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffzzifnfexqaws0lj3vfh.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffzzifnfexqaws0lj3vfh.png" alt="Test input on Api Gateway"></a></p> <p>After waiting a few seconds, you will first see the input transformation :</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsx1z9pms9ma1tvbw33kl.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsx1z9pms9ma1tvbw33kl.png" alt="Request input transformation"></a></p> <p>And then the output of the workflow :</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn0zapq2k7kihwqqxan0m.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn0zapq2k7kihwqqxan0m.png" alt="Response output transformation for Express Step Function"></a></p> <p>Now your instance is running.</p> <h2> Asynchronous route </h2> <p>Go your Api Gateway, choose the <code>/standard-instance</code> resource with the POST verb, in the "Test" tabs .<br> Enter the same input that we used. Now you will get the result instantly and the input transformation will remain the same.</p> <p>But the output will now contain the <code>executionArn</code> :</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft2z6ihgjxhwkvm5jztth.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft2z6ihgjxhwkvm5jztth.png" alt="Response output transformation for Standard Step Function"></a></p> <p>If you want to check the status of the execution or the content you can use the <code>states:DescribeExecution</code>. Here with the cli but you will ideally use it with SDK in your application or in a Lambda exposed on your Api Gateway :</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F38xktpgdje31zdbbd371.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F38xktpgdje31zdbbd371.png" alt="Description of the Step Function execution in the AWS CLI"></a></p> <h1> Go further… </h1> <p>In addition of the different approaches present in this article, you could integrate in your Step Function many SQS messages publication where you want your application to know the status changes. This will allow your application to react faster based on the internal function state changes.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foe9tuvywz0d4o9tuvbe5.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foe9tuvywz0d4o9tuvbe5.png" alt="Schema of Step Function status checking with SQS messages"></a></p> <p>To finish, you can read <a href="https://aws.amazon.com/blogs/compute/implementing-reactive-progress-tracking-for-aws-step-functions/" rel="noopener noreferrer">this article</a> by AWS that treats about integrating Step Function and track its activity with the Api Gateway v2 WebSockets.</p> <p>Thanks for reading ! Hope this helped you to use or understand how to take advantages of your Step Function thanks to the Api Gateway. Don’t hesitate to give me your feedback or suggestions.</p> aws terraform serverless apigateway Donovan HOANG Fri, 15 Dec 2023 08:55:14 +0000 https://forem.com/dhoang1905/supercharge-file-processing-with-aws-lamda-s3-and-dynamodb-3l06 https://forem.com/dhoang1905/supercharge-file-processing-with-aws-lamda-s3-and-dynamodb-3l06 <h2> TL; DR. </h2> <p>Unlock the potential of serverless architecture with AWS Lambda and DynamoDB to revolutionize your sales data processing:</p> <ul> <li>Streamline data transformations: Say goodbye to complex ETL pipelines.</li> <li>Enrich data dynamically: Calculate prices with taxes, totals, and unique IDs automatically.</li> <li>Scalability and cost-efficiency: AWS Lambda adapts seamlessly to your workload.</li> <li>Embrace serverless efficiency for transformative insights into your sales data.</li> <li>Ready to transform your data? Dive into the article for a step-by-step guide!</li> </ul> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy0nt6w6iqz9fs6b3scv7.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy0nt6w6iqz9fs6b3scv7.png" alt="S3, Lambda, and DynamoDb logos" width="800" height="268"></a></p> <h2> Introduction </h2> <p>When a large volume of files needs to be processed, the costs can skyrocket as well as the capacity of handling this volume. Many options will not be suitable in this case as a server-centric architecture or manual scalability. Imagine being able to automate this process seamlessly, without the need for complex infrastructure. That’s the power of building a serverless file processing system using AWS Lambda and Amazon S3 Events.</p> <p>Enter AWS Lambda and Amazon S3 Events — powerful tools that, when combined, offer a serverless solution for file processing. In this article, we’ll explore the step-by-step process of setting up a serverless file processing system using AWS Lambda and S3 Events. I will use Terraform as IaC tool.</p> <p>You can find all the sources of this project on Github.</p> <div class="ltag-github-readme-tag"> <div class="readme-overview"> <h2> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--A9-wwsHG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev.to/assets/github-logo-5a155e1f9a670af7944dd5e12375bc76ed542ea80224905ecaf878b9157cdefc.svg" alt="GitHub logo"> <a href="https://github.com/Donovan1905" rel="noopener noreferrer"> Donovan1905 </a> / <a href="https://github.com/Donovan1905/s3-serverless-file-processing" rel="noopener noreferrer"> s3-serverless-file-processing </a> </h2> <h3> Serverless file processing using Lambda and S3 on AWS </h3> </div> <div class="ltag-github-body"> <div id="readme" class="md"> <div class="markdown-heading"> <h1 class="heading-element">s3-serverless-file-processing</h1> </div> <p>Serverless file processing using Lambda and S3 on AWS</p> </div> </div> <br> <div class="gh-btn-container"><a class="gh-btn" href="https://github.com/Donovan1905/s3-serverless-file-processing" rel="noopener noreferrer">View on GitHub</a></div> <br> </div> <br> <h2> Use case </h2> <p>In the realm of data-driven enterprises, processing and extracting insights from sales data is a pivotal challenge. Imagine a scenario where CSV files containing sales details—client IDs, products, quantities, and prices—arrive in an Amazon S3 bucket. Traditional methods might involve complex setups, but we’re about to redefine efficiency with the simplicity of serverless architecture.</p> <h3> The Challenge: Data Transformation Complexity: </h3> <ul> <li>Simplify the transformation of CSV data into a structured format.</li> <li>Dynamic Data Enrichment: Automate tasks like calculating prices with taxes, determining total transaction values, and assigning unique command IDs.</li> <li>Scalability and Cost Efficiency: Ensure scalability without the overhead of managing idle infrastructure.</li> </ul> <h3> The Solution: </h3> <p>AWS Lambda and DynamoDB take center stage. Lambda responds to CSV uploads, transforming data seamlessly, while DynamoDB becomes the canvas for storing and enriching sales information.</p> <h3> The Use Case: </h3> <ul> <li> <strong>CSV Upload to S3:</strong> Sales data lands in an S3 bucket, triggering serverless processing.</li> <li> <strong>Lambda Takes the Stage:</strong> Responding to S3 events, Lambda transforms raw CSV data.</li> <li> <strong>DynamoDB, the Canvas of Transformation:</strong> Enriched data is stored with additional computed information.</li> <li> <strong>Scalability in Action:</strong> Lambda scales dynamically, ensuring efficiency and cost-effectiveness.</li> </ul> <p>In the next sections, we delve into the technical details of implementing this serverless file processing system. From configuring Lambda functions to designing DynamoDB tables, let’s unlock the potential of AWS Lambda, DynamoDB and S3 to elevate sales data processing.</p> <h2> CSV processing with Python </h2> <p>To extract and process the CSV file in our Lambda, we are going to use Python runtime with csv and boto3 libraries.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">boto3</span> <span class="kn">import</span> <span class="n">os</span> <span class="kn">import</span> <span class="n">botocore</span> <span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">csv</span> <span class="kn">import</span> <span class="n">uuid</span> <span class="n">s3</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">s3</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">lambda_handler</span><span class="p">(</span><span class="n">event</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="n">local_filename</span> <span class="o">=</span> <span class="sh">"</span><span class="s">/tmp/filename.csv</span><span class="sh">"</span> <span class="n">dynamodb</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">resource</span><span class="p">(</span><span class="sh">'</span><span class="s">dynamodb</span><span class="sh">'</span><span class="p">)</span> <span class="n">item_table</span> <span class="o">=</span> <span class="n">dynamodb</span><span class="p">.</span><span class="nc">Table</span><span class="p">(</span><span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">'</span><span class="s">ITEM_TABLE</span><span class="sh">'</span><span class="p">])</span> <span class="n">command_table</span> <span class="o">=</span> <span class="n">dynamodb</span><span class="p">.</span><span class="nc">Table</span><span class="p">(</span><span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">'</span><span class="s">COMMAND_TABLE</span><span class="sh">'</span><span class="p">])</span> <span class="n">s3</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">s3</span><span class="sh">'</span><span class="p">)</span> <span class="n">BUCKET_NAME</span> <span class="o">=</span> <span class="n">event</span><span class="p">[</span><span class="sh">"</span><span class="s">Records</span><span class="sh">"</span><span class="p">][</span><span class="mi">0</span><span class="p">][</span><span class="sh">"</span><span class="s">s3</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">bucket</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">]</span> <span class="n">S3_KEY</span> <span class="o">=</span> <span class="n">event</span><span class="p">[</span><span class="sh">"</span><span class="s">Records</span><span class="sh">"</span><span class="p">][</span><span class="mi">0</span><span class="p">][</span><span class="sh">"</span><span class="s">s3</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">object</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">key</span><span class="sh">"</span><span class="p">]</span> <span class="nf">print</span><span class="p">(</span><span class="n">BUCKET_NAME</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">S3_KEY</span><span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="n">s3</span><span class="p">.</span><span class="nf">download_file</span><span class="p">(</span><span class="n">BUCKET_NAME</span><span class="p">,</span> <span class="n">S3_KEY</span><span class="p">,</span> <span class="n">local_filename</span><span class="p">)</span> <span class="k">except</span> <span class="n">botocore</span><span class="p">.</span><span class="n">exceptions</span><span class="p">.</span><span class="n">ClientError</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="k">if</span> <span class="n">e</span><span class="p">.</span><span class="n">response</span><span class="p">[</span><span class="sh">'</span><span class="s">Error</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">Code</span><span class="sh">'</span><span class="p">]</span> <span class="o">==</span> <span class="sh">"</span><span class="s">404</span><span class="sh">"</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">The object does not exist: s3://</span><span class="sh">"</span> <span class="o">+</span> <span class="n">BUCKET_NAME</span> <span class="o">+</span> <span class="n">S3_KEY</span><span class="p">)</span> <span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="n">local_filename</span><span class="p">,</span> <span class="n">mode</span><span class="o">=</span><span class="sh">'</span><span class="s">r</span><span class="sh">'</span><span class="p">)</span> <span class="k">as</span> <span class="n">csv_file</span><span class="p">:</span> <span class="n">csv_reader</span> <span class="o">=</span> <span class="n">csv</span><span class="p">.</span><span class="nc">DictReader</span><span class="p">(</span><span class="n">csv_file</span><span class="p">)</span> <span class="n">total_price</span> <span class="o">=</span> <span class="mi">0</span> <span class="n">command_id</span> <span class="o">=</span> <span class="nf">str</span><span class="p">(</span><span class="n">uuid</span><span class="p">.</span><span class="nf">uuid1</span><span class="p">())</span> <span class="k">for</span> <span class="n">row</span> <span class="ow">in</span> <span class="n">csv_reader</span><span class="p">:</span> <span class="n">total_price</span> <span class="o">+=</span> <span class="nf">float</span><span class="p">(</span><span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">unit_price</span><span class="sh">"</span><span class="p">])</span> <span class="o">*</span> <span class="nf">float</span><span class="p">(</span><span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">quantity</span><span class="sh">"</span><span class="p">])</span> <span class="n">item_table</span><span class="p">.</span><span class="nf">put_item</span><span class="p">(</span> <span class="n">Item</span><span class="o">=</span><span class="p">{</span> <span class="sh">'</span><span class="s">id</span><span class="sh">'</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">uuid</span><span class="p">.</span><span class="nf">uuid1</span><span class="p">()),</span> <span class="sh">'</span><span class="s">command_id</span><span class="sh">'</span><span class="p">:</span> <span class="n">command_id</span><span class="p">,</span> <span class="sh">'</span><span class="s">item_name</span><span class="sh">'</span><span class="p">:</span> <span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">item_name</span><span class="sh">"</span><span class="p">],</span> <span class="sh">'</span><span class="s">unit_price</span><span class="sh">'</span><span class="p">:</span> <span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">unit_price</span><span class="sh">"</span><span class="p">],</span> <span class="sh">'</span><span class="s">quantity</span><span class="sh">'</span><span class="p">:</span> <span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">quantity</span><span class="sh">"</span><span class="p">],</span> <span class="sh">'</span><span class="s">customer</span><span class="sh">'</span><span class="p">:</span> <span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">customer</span><span class="sh">"</span><span class="p">],</span> <span class="sh">'</span><span class="s">salesman</span><span class="sh">'</span><span class="p">:</span> <span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">salesman</span><span class="sh">"</span><span class="p">]</span> <span class="p">}</span> <span class="p">)</span> <span class="n">command_table</span><span class="p">.</span><span class="nf">put_item</span><span class="p">(</span> <span class="n">Item</span><span class="o">=</span><span class="p">{</span> <span class="sh">'</span><span class="s">id</span><span class="sh">'</span><span class="p">:</span> <span class="n">command_id</span><span class="p">,</span> <span class="sh">'</span><span class="s">date</span><span class="sh">'</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">datetime</span><span class="p">.</span><span class="nf">now</span><span class="p">()),</span> <span class="sh">'</span><span class="s">status</span><span class="sh">'</span><span class="p">:</span> <span class="sh">"</span><span class="s">Pending</span><span class="sh">"</span> <span class="p">}</span> <span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">statusCode</span><span class="sh">"</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="sh">"</span><span class="s">body</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span> <span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">data processed with command_id </span><span class="sh">"</span> <span class="o">+</span> <span class="n">command_id</span><span class="p">,</span> <span class="p">}),</span> <span class="p">}</span> </code></pre> </div> <p>Next, build the zip package that will be uploaded for Lambda with this script:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># lambda_build_script.sh </span> python3 <span class="nt">-m</span> pip <span class="nb">install</span> <span class="nt">--platform</span> manylinux2014_x86_64 <span class="nt">--implementation</span> <span class="nb">cp</span> <span class="nt">--only-binary</span><span class="o">=</span>:all: <span class="nt">--upgrade</span> <span class="nt">--target</span> venv/lib/python3.11/site-packages/ <span class="nt">-r</span> requirements.txt <span class="nb">mkdir </span>lambda_package <span class="nb">cp</span> <span class="nt">-r</span> venv/lib/python3.11/site-packages/<span class="k">*</span> lambda_package/ <span class="nb">cp</span> <span class="nt">-r</span> src lambda_package/ <span class="nb">cd </span>lambda_package <span class="o">&amp;&amp;</span> zip <span class="nt">-r</span> ../lambda.zip <span class="k">*</span> <span class="o">&amp;&amp;</span> <span class="nb">cd</span> ../ </code></pre> </div> <h2> Deploy with Terraform </h2> <h3> S3 Buckets </h3> <p>We need two buckets here, one to collect the sales CSV files and one to store the Lambda code. Also, we define a bucket notification to trigger the Lambda function during certain event, in our case when a new file is uploaded in our S3.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="c1"># /tf/s3.tf</span> <span class="k">resource</span> <span class="s2">"aws_s3_bucket"</span> <span class="s2">"builds"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">project_name</span><span class="k">}</span><span class="s2">-lambda-builds"</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_s3_bucket"</span> <span class="s2">"bucket"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="kd">local</span><span class="p">.</span><span class="nx">bucket_name</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_s3_bucket_notification"</span> <span class="s2">"s3-lambda-trigger"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="nx">aws_s3_bucket</span><span class="p">.</span><span class="nx">bucket</span><span class="p">.</span><span class="nx">id</span> <span class="nx">lambda_function</span> <span class="p">{</span> <span class="nx">lambda_function_arn</span> <span class="p">=</span> <span class="k">module</span><span class="p">.</span><span class="nx">lambda</span><span class="p">.</span><span class="nx">lambda_function_arn</span> <span class="nx">events</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"s3:ObjectCreated:*"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> IAM roles and policies </h3> <p>In this part, you will need to create the appropriate role to allow your Lambda function to use the S3 bucket.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="c1"># /tf/iam.tf</span> <span class="k">data</span> <span class="s2">"aws_iam_policy_document"</span> <span class="s2">"assume_role_policy_lambda"</span> <span class="p">{</span> <span class="nx">statement</span> <span class="p">{</span> <span class="nx">sid</span> <span class="p">=</span> <span class="s2">""</span> <span class="nx">effect</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="nx">principals</span> <span class="p">{</span> <span class="nx">identifiers</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"lambda.amazonaws.com"</span><span class="p">]</span> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"Service"</span> <span class="p">}</span> <span class="nx">actions</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"sts:AssumeRole"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="k">data</span> <span class="s2">"aws_iam_policy_document"</span> <span class="s2">"policy_s3"</span> <span class="p">{</span> <span class="nx">statement</span> <span class="p">{</span> <span class="nx">sid</span> <span class="p">=</span> <span class="s2">"S3AccessPolicy"</span> <span class="nx">effect</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="nx">actions</span> <span class="p">=</span> <span class="p">[</span> <span class="s2">"s3:*"</span> <span class="p">]</span> <span class="nx">resources</span> <span class="p">=</span> <span class="p">[</span> <span class="s2">"arn:aws:s3:::</span><span class="k">${</span><span class="kd">local</span><span class="p">.</span><span class="nx">bucket_name</span><span class="k">}</span><span class="s2">"</span><span class="p">,</span> <span class="s2">"arn:aws:s3:::</span><span class="k">${</span><span class="kd">local</span><span class="p">.</span><span class="nx">bucket_name</span><span class="k">}</span><span class="s2">/*"</span> <span class="p">]</span> <span class="p">}</span> <span class="nx">statement</span> <span class="p">{</span> <span class="nx">sid</span> <span class="p">=</span> <span class="s2">"DynamoDbAccessPolicy"</span> <span class="nx">effect</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="nx">actions</span> <span class="p">=</span> <span class="p">[</span> <span class="s2">"dynamodb:PutItem"</span><span class="p">,</span> <span class="s2">"dynamodb:GetItem"</span> <span class="p">]</span> <span class="nx">resources</span> <span class="p">=</span> <span class="p">[</span> <span class="nx">aws_dynamodb_table</span><span class="p">.</span><span class="nx">command_table</span><span class="p">.</span><span class="nx">arn</span><span class="p">,</span> <span class="nx">aws_dynamodb_table</span><span class="p">.</span><span class="nx">item_table</span><span class="p">.</span><span class="nx">arn</span> <span class="p">]</span> <span class="p">}</span> <span class="nx">statement</span> <span class="p">{</span> <span class="nx">sid</span> <span class="p">=</span> <span class="s2">"LambdaLoggingPolicy"</span> <span class="nx">effect</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="nx">actions</span> <span class="p">=</span> <span class="p">[</span> <span class="s2">"logs:CreateLogGroup"</span><span class="p">,</span> <span class="s2">"logs:CreateLogStream"</span><span class="p">,</span> <span class="s2">"logs:PutLogEvents"</span> <span class="p">]</span> <span class="nx">resources</span> <span class="p">=</span> <span class="p">[</span> <span class="s2">"arn:aws:logs:*:*:*"</span> <span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_iam_role"</span> <span class="s2">"iam_for_lambda"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">project_name</span><span class="k">}</span><span class="s2">-lambda-role"</span> <span class="nx">assume_role_policy</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">aws_iam_policy_document</span><span class="p">.</span><span class="nx">assume_role_policy_lambda</span><span class="p">.</span><span class="nx">json</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_iam_role_policy"</span> <span class="s2">"lambda_policy"</span> <span class="p">{</span> <span class="nx">policy</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">aws_iam_policy_document</span><span class="p">.</span><span class="nx">policy_s3</span><span class="p">.</span><span class="nx">json</span> <span class="nx">role</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">iam_for_lambda</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> </code></pre> </div> <h3> Lambda function </h3> <p>Next, let’s define the Lambda function itself. Sending the lambda.zip as an S3 object and referencing it in the Lambda definition.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="c1"># /tf/lambda.tf</span> <span class="k">module</span> <span class="s2">"lambda"</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"terraform-aws-modules/lambda/aws"</span> <span class="nx">version</span> <span class="p">=</span> <span class="s2">"5.2.0"</span> <span class="nx">function_name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">project_name</span><span class="k">}</span><span class="s2">-process-sales-data"</span> <span class="nx">runtime</span> <span class="p">=</span> <span class="s2">"python3.11"</span> <span class="nx">handler</span> <span class="p">=</span> <span class="s2">"src.file_processing_handler.lambda_handler"</span> <span class="nx">lambda_role</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">iam_for_lambda</span><span class="p">.</span><span class="nx">arn</span> <span class="nx">create_role</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">environment_variables</span> <span class="p">=</span> <span class="p">{</span> <span class="s2">"REGION"</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">region</span><span class="p">,</span> <span class="s2">"ITEM_TABLE"</span> <span class="p">=</span> <span class="nx">aws_dynamodb_table</span><span class="p">.</span><span class="nx">item_table</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="s2">"COMMAND_TABLE"</span> <span class="p">=</span> <span class="nx">aws_dynamodb_table</span><span class="p">.</span><span class="nx">command_table</span><span class="p">.</span><span class="nx">name</span> <span class="p">}</span> <span class="nx">memory_size</span> <span class="p">=</span> <span class="mi">1028</span> <span class="nx">timeout</span> <span class="p">=</span> <span class="mi">30</span> <span class="nx">create_package</span> <span class="p">=</span> <span class="kc">false</span> <span class="nx">s3_existing_package</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="nx">aws_s3_bucket</span><span class="p">.</span><span class="nx">builds</span><span class="p">.</span><span class="nx">id</span> <span class="nx">key</span> <span class="p">=</span> <span class="nx">aws_s3_object</span><span class="p">.</span><span class="nx">lambda_package</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_s3_object"</span> <span class="s2">"lambda_package"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="nx">aws_s3_bucket</span><span class="p">.</span><span class="nx">builds</span><span class="p">.</span><span class="nx">id</span> <span class="nx">key</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="nx">filemd5</span><span class="p">(</span><span class="kd">local</span><span class="p">.</span><span class="nx">lambda_package</span><span class="p">)</span><span class="k">}</span><span class="s2">.zip"</span> <span class="nx">source</span> <span class="p">=</span> <span class="kd">local</span><span class="p">.</span><span class="nx">lambda_package</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_lambda_permission"</span> <span class="s2">"s3_lambda_permission"</span> <span class="p">{</span> <span class="nx">statement_id</span> <span class="p">=</span> <span class="s2">"AllowS3Invoke"</span> <span class="nx">action</span> <span class="p">=</span> <span class="s2">"lambda:InvokeFunction"</span> <span class="nx">function_name</span> <span class="p">=</span> <span class="k">module</span><span class="p">.</span><span class="nx">lambda</span><span class="p">.</span><span class="nx">lambda_function_name</span> <span class="nx">principal</span> <span class="p">=</span> <span class="s2">"s3.amazonaws.com"</span> <span class="nx">source_arn</span> <span class="p">=</span> <span class="s2">"arn:aws:s3:::</span><span class="k">${</span><span class="nx">aws_s3_bucket</span><span class="p">.</span><span class="nx">bucket</span><span class="p">.</span><span class="nx">id</span><span class="k">}</span><span class="s2">"</span> <span class="p">}</span> </code></pre> </div> <h3> DynamoDB tables </h3> <p>In our scenario, we will use two DynamoDB table. One command table and one item table.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="c1"># /tf/dynamodb.tf</span> <span class="k">resource</span> <span class="s2">"aws_dynamodb_table"</span> <span class="s2">"command_table"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">project_name</span><span class="k">}</span><span class="s2">-command-table"</span> <span class="nx">hash_key</span> <span class="p">=</span> <span class="s2">"id"</span> <span class="nx">billing_mode</span> <span class="p">=</span> <span class="s2">"PAY_PER_REQUEST"</span> <span class="nx">attribute</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"id"</span> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"S"</span> <span class="p">}</span> <span class="nx">deletion_protection_enabled</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_dynamodb_table"</span> <span class="s2">"item_table"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">project_name</span><span class="k">}</span><span class="s2">-item-table"</span> <span class="nx">hash_key</span> <span class="p">=</span> <span class="s2">"id"</span> <span class="nx">billing_mode</span> <span class="p">=</span> <span class="s2">"PAY_PER_REQUEST"</span> <span class="nx">attribute</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"id"</span> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"S"</span> <span class="p">}</span> <span class="nx">deletion_protection_enabled</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> </code></pre> </div> <h2> Let’s test it ! </h2> <p>First you will need to build our lambda sources.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>python3 <span class="nt">-m</span> venv venv <span class="nv">$ </span><span class="nb">source</span> ./venv/bin/activate <span class="nv">$ </span>sh lambda_build_script.sh </code></pre> </div> <p>Now you should have a lambda.zip folder.</p> <p>Make sure to apply the terraform configuration with terraform apply.</p> <p>Now, we will take this CSV example referencing all the product that a client bought (<code>example/sales_sample.csv</code>).</p> <div class="ltag_gist-liquid-tag"> </div> <p>And now let the magic happen ! Just drop the CSV file into the S3 bucket and take a look into your DynamoDb tables to see your processed data.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk5n6btz4bkhyj6unkbnf.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk5n6btz4bkhyj6unkbnf.png" alt="Content of the command table after lambda invocation" width="800" height="88"></a></p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbc7lqpruekl73ine5h29.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbc7lqpruekl73ine5h29.png" alt="Content of the item table after lambda invocation" width="800" height="768"></a></p> <p>Thanks for reading ! Hope this helped you to use or understand the power of AWS services. Don’t hesitate to give me your feedback or suggestions.</p> aws terraform serverless beginners