Lambda Event Processing
Prerequisites
- AWS account with appropriate permissions
- Terraform >= 1.0
Step 1: Create the S3 Bucket
module "uploads_bucket" {
source = "registry.patterneddesigns.ca/essentials/s3-bucket/aws"
version = "3.0.0"
bucket_name = "file-uploads"
versioning_enabled = true
encryption_type = "aws:kms"
kms_key_arn = aws_kms_key.main.arn
}
Step 2: Create the Lambda Function
module "processor" {
source = "registry.patterneddesigns.ca/patterneddesigns/lambda-function/aws"
version = "3.1.0"
function_name = "s3-event-processor"
runtime = "python3.12"
handler = "main.handler"
source_path = "./src/processor"
timeout = 60
environment_variables = {
BUCKET_NAME = module.uploads_bucket.bucket_id
}
}
Step 3: Configure S3 Event Notification
resource "aws_lambda_permission" "s3" {
statement_id = "AllowS3Invoke"
action = "lambda:InvokeFunction"
function_name = module.processor.function_name
principal = "s3.amazonaws.com"
source_arn = module.uploads_bucket.bucket_arn
}
resource "aws_s3_bucket_notification" "uploads" {
bucket = module.uploads_bucket.bucket_id
lambda_function {
lambda_function_arn = module.processor.function_arn
events = ["s3:ObjectCreated:*"]
filter_prefix = "uploads/"
filter_suffix = ".json"
}
depends_on = [aws_lambda_permission.s3]
}
Step 4: Grant Lambda Access to S3
resource "aws_iam_role_policy" "lambda_s3" {
name = "lambda-s3-access"
role = module.processor.role_arn
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"s3:GetObject",
"s3:PutObject"
]
Resource = "${module.uploads_bucket.bucket_arn}/*"
}
]
})
}
Step 5: Deploy and Test
Run terraform apply and test by uploading a file:
aws s3 cp test.json s3://file-uploads/uploads/test.json
Check CloudWatch Logs to verify the Lambda function processed the event.