AWS -

Lambda

AWS Lambda is a compute service that runs your code in response to events and automatically manages the compute resources for you, making it easy to build applications that respond quickly to new information. You basically write Node functions that run on the cloud with close to zero configuration and automatic scaling. They are billed according to usage.

1. Create AWS Lambda function.

Name
Description
Code (Node.js)
Role (Execution)
Memory
Timeout

console.log('Loading event');
exports.handler = function(event, context) {
    console.log('event:');
    console.log(event);
    context.done(null, 'Hello World');
};

1. Allow user to invoke lambad functions with a new user policy.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Resource": [
        "*"
      ],
      "Action": [
        "lambda:InvokeFunction"
      ]
    }
  ]
}

1. Execution role should at least have logging permissions.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [ "logs:*" ],
      "Resource": "arn:aws:logs:*:*:*"
    }
  ]
}

1. Create a lambda invocation role which allows entities to invoke lambdas.

Policy
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Resource": [
        "*"
      ],
      "Action": [
        "lambda:InvokeFunction"
      ]
    }
  ]
}
Trust
{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Principal": {"AWS": "arn:aws:iam::ACCOUNT-ID-WITHOUT-HYPHENS:root"},
    "Action": "sts:AssumeRole"
  }]
}

1. Create an AWS User. Attach a new user policy to allow the user to assume the invocation role.

{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Action": ["sts:AssumeRole"],
    "Resource": "arn:aws:iam::ACCOUNT-ID-WITHOUT-HYPHENS:role/Test*"
  }]
}