Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

AWS Lambda: Upload code from Command Line

Last update: June 2020

AWS is notorious for it's incredibly complicated security model. This guide will walk you through setting up a fully-featured build & upload script for your Lambda functions.

You will need:

Overview

Here's what we'll be doing:

  • Create a new Lambda function triggered by a public URL
  • Obtain secure credentials for updating your function's code from the command line.
  • Add a fully-featured deploy script to your project

1. Create the Lambda function

  1. In the AWS Lambda console, click "Create Function"
  • Select "Author from Scratch"
  • Enter a name. Use this name whenever I mention YOUR_FUNCTION_NAME
  • Select your runtime. (I use the latest Node.js)
  1. Click "Create Function"
  2. Take note of your Lambda ARN. It's listed in the top-right corner of your Lambda dashboard.

Optional: Add API Gateway

If you'd like to call your Lambda from an HTTP endpoint, follow these additional steps:

  1. Visit your Lambda function's homepage (https://console.aws.amazon.com/lambda/home/functions/<YOUR_FUNCTION_NAME>?tab=configuration)
  2. Click on Designer, if it isn't already open
  3. Click Add Trigger
  4. Select API Gateway.
  5. Click Create an API
  6. Select HTTP API
  7. Under Security, select Open (Your API will be publically available with no auth. For protected APIs, see the official docs)
  8. Click Add
  9. You will be returned to your Lambda function's homepage.

You can get the URL of your new HTTP endpoint by clicking on API Gateway in the Designer, and then copying the displayed API endpoint url.

2. Create a IAM policy

Create a IAM policy for updating the code:

  1. In the IAM console, click Create Policy
  2. Under Service select Lambda:
  3. Under Actions search for the UpdateFunctionCode permission. Add it.
  4. Under Reseources select Specific then Add ARN then paste in your Lambda function ARN (You can find it in the Lambda console at the top right)
  5. Click Review Policy
  6. Add a name (remember it, we'll need it soon), and click Create Policy

Create a IAM user

  1. In the IAM console, click New User
  2. Enter a username, and enable Programmatic Access
  3. At the Permissions stage, select Add Permissions Directly
  4. Click Filter Policies and select Customer Managed
  5. Select the policy you created in the previous section
  6. Skip through the Tags section
  7. Click Create User
  8. Copy the AWS Access key ID and Secret Access Key

Adding the IAM user to your CLI

  1. In your command line, enter aws configure --profile <MY_PROFILE_NAME>
  2. Enter your Access Key ID and a Secret Access Key.

Create an upload script

  1. Create a .env file (if you don't already have one, for containing your upload credentials:
LAMBDA_NAME=mylambda
AWS_IAM_PROFILE=<MY_PROFILE_NAME>
LAMBDA_ENDPOINT_URL=https://*****.execute-api.us-east-1.amazonaws.com/default/****
SLACK_NOTIFICATION_WEBHOOK_URL=https://hooks.slack.com/services/****
  1. In your project create a new bash script deploy.sh
  2. Give it execute permissions with chmod +x deploy.sh
export $(egrep -v '^#' .env | xargs) # This allows us to access environment variables from a .env file
echo "🌀  Uploading..."
rm function.zip 
zip -r function.zip index.js node_modules package.json
aws lambda update-function-code \
  --function=$LAMBDA_NAME \
  --profile=$AWS_IAM_PROFILE \
  --zip-file=fileb://function.zip
terminal-notifier -title 'Deploy Lambda' -message 'Deploy complete'
echo "✅ Done"
  1. Run ./upload.sh to build a ZIP file and upload it to Lambda

Appendix

You can add other notifications to your upload script. I like adding:

  • terminal-notifier to get native macOS notifications when my upload is done (macOS only)
  • A Slack webhook to send a notification so I can get up and stretch and come back once the upload is done.
  • A bash echo prints the Lambda URL to the console so I can immediately try it out

Example script:


#... our upload code, then:

# Native macOS notification
# The `-open` flag lets me click on the notification to jump directly to the Lambda console
terminal-notifier -title 'Deploy PDF Lambda' -message '✅ Deploy Complete' -open "https://console.aws.amazon.com/lambda/home?region=us-east-1#/functions/${LAMBDA_NAME}"

# Slack notification
curl -X POST -H 'Content-type: application/json' $SLACK_NOTIFICATION_WEBHOOK_URL --data '{\"text\":\"Lambda Deploy complete\"}'

# Print the deploy URL to the console
echo 'Deployed to production:\n$LAMBDA_ENDPOINT_URL \nOperation completed'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment