How to create and deploy AWS Lambda functions with Terraform
AWS Lambda functions can be incredibly useful as quick, single-purpose functions to run in a cloud environment.
Deploying AWS Lambda functions using AWS CloudFormation requires that the code for the function already be in a zip file located in an S3 bucket that the CloudFormation template can reference while deploying the stack.
This can cause problems if you don't have existing CI/CD around your function or if you don't want to create and maintain a storage bucket solely for your Lambda code. As an effective alternative, Terraform has built-in resources that can automatically archive your function code into a zip file, and then reference that file during deployment without needing S3.
Deploy AWS Lambda functions with Terraform
This video tutorial runs through the steps to deploy an AWS Lambda function using Terraform, including a zip file with your function code by using the archive_file data source.
The archive_file data source is somewhat unique in Terraform. Normally, a data source would reference a cloud resource outside your Terraform state but still present in your account. Instead, archive_file data source can create a zip file of a single file or directory that you can use later.
The example in the video takes a single Python file and adds it to an archive file. Then a Lambda function resource is defined and set to use that file name as an input. When the Lambda function is deployed with Terraform, the archive file data source is created first, then uploaded to use as the function code without the need for additional cloud resources.
After the Terraform apply command is finished running, you will see the zip file created by the archive_file data source in your local file system. If you inspect it with the unzip -l command, you can confirm that the source code containing your Lambda function code is present. Lastly, check that the same code is running in your AWS account by checking the AWS Lambda page in the AWS console.
00:03
Hello. In this video, we're going to learn how to use TerraForm to deploy a Lambda function to AWS. To start, I've got a Lambda function here in my repository; this is just lambda.py under source. So this is not a very original function. It's just going to take an event and then print some values from the event. But I'm defining the function with the lambda_handler function definition. And although I don't specify it here, I am going to be using Python 3.10 to deploy it. That'll become important a little bit later on.
00:39
So this function is under my source directory. I have one more file in this repository, and that's under deployment. I have a TerraForm file under main.tf. Now in main.tf, I've got four blocks that I want to explain here. The first is I've got an IAM policy document that just sets up an assume role policy. In this, I'm allowing a Lambda function to assume that role.
01:07
Next I've got an IAM role for Lambda, which I'm assigning the assume_role policy in that first policy document to this new role. Next, I'm creating an archive file, which contains the lambda.py function that I showed you just a moment ago. Now this is using path.module, which is the path to the directory that TerraForm is running under. Then it's using the .syntax here to go up one level in the directory structure. And then it's going into source and then finding the lambda.py file. You can also use source directory and zip an entire directory if you have a Lambda function with more than one file in it. But then I'm taking that file, and I'm outputting it to lambda_function_src.zip.
02:00
And finally, I've got an AWS Lambda function defined here that is consuming the file that we just created -- the archive file lambda_function_src.zip. And we're going to name the function Python TerraForm Lambda. We're going to assign it the iam_for_lambda role that we defined earlier with the assume_role policy that we defined earlier as well. And then we're also going to pass in the source code hash just to verify our checksum here. And that's going to be a base 64 encoded output of a SHA-256 checksum for that archive file. Now as I mentioned earlier, I am running this with Python 3.10. And the handler function is going to be lambda_handler -- the same one that I defined here in lambda.py.
02:54
So now that we know what we're deploying, let's open up the terminal. And first I'm going to check my AWS account for what Lambda functions I have in there currently. And you see I've got two right now that are unassociated with this demo. But it's worth noting that they're there because after we deploy it, we're going to want to make sure our deployment is successful. So next I want to make sure that I'm in this deployment folder, and I'll go ahead and run TerraForm init. And now TerraForm apply.
03:29
So before I apply here, I want to point out a few things. The first is that our Lambda function will be created and the roll for that Lambda function will also be created as a part of the TerraForm plan. We also have a new file here on the left side, which is our lambda_function_src.zip file. So what the archive file data source has done for us is it's zipped up that Lambda function and then put it into a format where the TerraForm provider for AWS can consume it and pass it to Lambda to deploy it as a function.
04:05
So let's actually take another step out here. I'm going to open a new terminal, and I'm going to change into that deployment directory again. And I just want to confirm that what is in that zip file there is the source code for the Lambda function I'm trying to deploy. And I'll do that with the unzip command.
04:26
So there we go. I've confirmed just by listing what's in that lambda_function_src.zip that my lambda.py file is the one that's in there. And I can close out this terminal and go back to my TerraForm apply. So now that I'm here, let's go ahead and deploy this. 04:44 Okay, so TerraForm is letting me know that two resources have been added. Let's go ahead and rerun the AWS Lambda list functions command to confirm that it's deployed into our account. Alright, so there it is: my python_terraform_lambda function has been deployed. And I'm ready to start using it. That is it for this demo. Thank you all for watching. Take care.