Security Cloud Privacy Tech
Road to re:Invent - Intro to AWS Lambda

Road to re:Invent - Intro to AWS Lambda

AWS Lambda is probably the most talked about service in the entire AWS Cloud. It lets you run your code based on various triggers with almost no overhead. In this live stream, we look at AWS Lambda basics and even complete a small project connecting code to events in S3.

Bad Robot Transcript

Good morning, everybody. How you doing today? Let me just kill the overlays. Perfect. Alright in the road to reinvent not 75 days left and forgot to update that we are down to 71 days left. Yeah, I think 71 days left. Let’s jump back up with make sure we make that quick edit 71 days going to stay accurate here 71 days.

71 days left to reinvent. I promised in the kickoff video a couple days ago that we were going to talk about different things leading up to reinvent because I think there is a misperception around Cloud where it’s like, okay, you’re going to build technology in the clouds. We got teams are going to build all this crazy stuff.

And I think there’s a lot of really quick easy. Wednesday can just help you as an individual just some really basic. So are we are here on LinkedIn live. We will be posting this to YouTube afterwards. I’m pushing up maybe to Periscope. We’ll see but at least you tube after the fact so after anything interactive here, I am I am actively monitoring the comments.

So I’m just going to type in here just you know, just ask have a question just ask linkedin’s a little bit delay between a stream which is expected and which is great. So I will address it but it’s about 15 second leg compared to when I say it but it shows up in LinkedIn interacting primarily who’s on LinkedIn.

Today what we’re going to do is we’re going to go through an event yesterday Cloud sec in Toronto supposed to buy to World Canada sponsored by Trend Micro. I was my full-time employer Justice full to school here, but I gave it talk to a modified version of a talk that I’ve been giving add a number of AWS events around the world.

And I mean that was taking some Advanced security Concepts and automating them in a really simple way. Of course the quarter Kita. Is AWS Lambda? It’s a critical service and it’s a really important one but I think people kind of get intimidated Maybe by Landa. So what we’re going to do is we’re going to jump in and we’re going to create some code in Lambda and eurydice just really how easy it is.

Hopefully that will kind of a kind of Knocked Down the intimidation Factor. So what we’re going to do right now is its 4 past the hour we’re going to give ourselves a timer. We’re going to pop that timer up. You’re on the stream and I moved that down in the corner.

We’re going to give ourselves about 30 minutes to learn something in Lambda. So if you can bear out with me for 30 minutes, I’m going to teach you some basics of Lambda. Now, one of the things that I’m going to have to do this based on the logistics of the stream is I may have to pause to look at a commentary, but I think generally were good stream health is good.

And the LinkedIn Channel comments are up and what I’m going to do is I’m going to flip to my screen because the clock is already ticking. Let me go here and share out. I’m going to make sure that we are just sharing out Google. Perfect. Let’s make this a little wider.

And there we got so I am currently logged into an interview at account. This is the account I use for teaching and I refreshed it regularly. So this is an account that is never done anything in Lambda before so you can see the AWS Lambda page here and the tagline very simple.

Let’s run code without thinking about servers and that’s a really really good thing to make a timer a little bit off in the corner there. So you can still kind of see me and to Jeff questions as we go through this fire. I’m up here on LinkedIn happy to answer them as we go but basically we’re going to do a quick walk-through Ab-Soul and are the idea is is it you have code and that needs to run somewhere in a traditional environment.

What you would do is stand up a server or maybe a Mother Day’s you stand up a container that has all your dependencies that runs the code for Lambda takes that away it abstracts that always that you just have your code and AWS worries about running in the background.

What’s actually happening in the background your code executes any unique container in Shut down you don’t need to worry about that is triggered by something. So we are going to start by clicking the Big Orange create a function button. Okay, which presentation are the notes for the presentation I gave you yesterday in Cloud Tech or what we’re talking about today.

I let me know in the comments as I was continue along. So I asked to create a function and it appears tries to make this as simple as possible. They allow you to start from scratch blueprint common sample code for common use cases. This is really really useful. I’ll show you what that looks like.

When you switch over it starts to give you some options like cloudfront modify response header for your content delivery Network process streams and Dynamo at config rule change, right? So, native your scenarios already have blueprints set up extremely handy for eyebrow the serverless apropos. Toys R Us are everything gets an acronym why not Service app repositories a community-based tool kit that essentially where people have and yes, Augusta will send you the link app for yesterday’s note that presentation.

I also giving it at the end of this time in Toronto again and a potentially at reinvent and but yeah, I’ll send you that and I’ll write something up on today’s fantastic feedback. I’m so back to the service app repository. Basically, these are instead of just blueprints of one function there a collection of serverless pieces to help you build an application in really jumpstarts are foundational architectures what to get more familiar with the stuff browse through the service app repository.

There is some gold in there, but we are going from scratch why not? Let’s do some coding right from scratch and I want to show you how easy this is even if you are not used to write in code. Kavia, I’m going to make some mistakes. That’s the whole idea of these live streams.

That’s the whole core goal of helping you guy walking through this together as a team. I’m going to stumble hopefully will fall. But what we’re going to call our function is road to reinvent sample one super exciting. Normally. This would be a lot more descriptive but I’m not quite sure what we’re going to build yet.

So it’s quite easy given a function name. Now, you’re critical decision is the runtime what type of code are you going to be writing by default? I know JSI, but you can see here go. Net Java python Ruby a bunch of stuff for supported including custom run times. You can build your own out to some people have some done some really funny at Legacy language is some useful nice stuff, but we’re going to be doing today is picking python 3.7.

I find this is a great way to ease people in lots of great libraries at the support it Lots of utility and the syntax is really simple for people are just dipping their toe in the water of writing code. All right. So now the next section is asking for is around permission.

There are two sets of permissions when it comes to Lambda. There are the admitting roll and the execution roll. I know we got to go to the place. I can clear the admin role is simply who can access the Lambda function as a thing within a wso who can do what we’re about to do that feed mineral.

The execution role is what the Lambda function itself has as permissions. So by default, it has no permissions. You have to give it some permission. So if you are accessing writing a function that access is an S3 bucket, you need to give it those permissions for S3. If you’re writing something that accesses cloudwatch you need to evict cloudwatch permission all of those permissions in the execution roll are the permissions assigned when the Lambda executes repeatedly, so if you are accessing an AWI service within your Atlanta function, you want to make sure that you have the proper permissions hear what we’re going to do is create a basic land of permissions roll.

This is the default roll suggested by AWS. It’s actually quite good. It doesn’t give a ton of permissions out and it gives us something to work for through cuz we’re just going to look at the concept first. And then we’re going to get a little bit deeper Depending on time cuz we only have to wait a minute or create new role with basically no permissions where the Cliffs at Orange create function button and I just going to take a second while its doing I’m just going to check on the comments on the stream Health looks good.

We are sitting there accident to conk out like it did last time on you folks. So now we flip back and you’ll see we get a green Banner the top lift. Our function has been successfully created and we can run in test right away. There’s a number buttons off the top.

So we see we have our our role name road to reinvent sample one that we can throttle it we can have a whole bunch of extra functions and important thing to note but not to understand yet is if you are ever asked for your function arnor Amazon resource name, it’s right here in the top right corner will cover that some other time, but it’s their front.

I like this default page because it shows you the concept of Lambda. What I mean by that is that we have our function. We just created road to reinvent sample one something needs to trigger that function like a start the function and then that function has a bunch of outputs.

You can see right now in the middle of our diagram here. We have rotary event sample with the land of Icon and we have layers underneath it. Lambda layers are other prepared pieces of code or binary that can attach your function so you don’t have to repeat yourself all the time.

So if you have a set number of dependencies, you can put them in those layers or you can borrow other people’s layers so that you don’t always have to rebuild kind of Handy to expand your land us think of the misery of clickable extensions MN if we follow this map you bear with me as I drag my mouse cursor, which is always a horrible way to highlight things to people but we don’t have much Choice here to Amazon cloudwatch logs.

So that says when are a function is executed if we ever write to standard out or you just print to a console and in the language it will go to cloudwatch logs, so that Basic Lambda execution roll gave us ability to write to me to create a log stream and write to a long string so very very simple, but we’re missing is over on this side.

We’re missing a trigger. And again, we’re taking comments here on LinkedIn. If you have any questions just ask I can see it while I’m in the main browser window. So if you need clarification or me to go somewhere else with this let me know at so now we have the ability to serve add this trigger.

You can view the permissions. That’s the key in the top Corner if you were wondering what we want to set some sort of trigger if we cook the add trigger button, you’re going to see if we can select a trigger know there’s a whole bunch of default options here in this is really great.

It starts to give you an idea of the first steps you can take with land and that’s really gluing stuff together so we can start with API Gateway for building a serverless application. API Gateway is how you get an HTTP or https endpoint to trigger Lambda. So somebody hit this URL your Lambda will fire very very Load balancers cloudwatch events codecommit dynamodb all these sort of standard AWS triggers can be initiate your your Lambda function, which is great.

So you don’t have to have a trigger by the way, you can execute this thing manually, but this is one of the key part of parts of it, right and you can also take some key Partners. So using your notice is Power by Amazon event bridge that is a number there service that will tackle on another day, but it’s basically it helps connect SAS services to things like Lambda Nancy datadog One login pagerduty signal effects sugar, all these partners of already made easy one.

So if you’re using one of these services and want to take an action on an event, this is how you do it. We’re going to add something real quick. And I think we’ll get rid of it. Cuz I don’t know if it highlights example, but if we hit S3, you’ll see that it’s going to ask me.

Okay, we’ll what bucket. And then one event type so all object create event. So anytime an object is created. I want this to trigger will maybe I only want it when an object is copied or when something is permanently deleted. You can check the parameters around when this trigger goes.

I think that’s pretty straightforward most the time for us 3 we’re going to say is all object create event. So anytime anyone creates an object in this S3 bucket. I want this Lambda to be invoked. Which sucks right that’s pretty straightforward pretty simple. You can use this to verify objects.

You can use this to a lot of time to do a thumbnail conversion of images of popular example convert videos that kind of stuff right? This is how you set up a trigger and if we at the bottom receipt Lambda will add the necessary permissions for you. That is a very very nice feature.

It will add them to the role that’s being used to give you a virus trigger work. So if we have to make this trigger works with orange add button and you’ll see now that we have a trigger in our diagram in this case. It’s at three triggers road to reinvent sample which then writes out to Amazon cloudwatch logs.

That makes sense for everybody and let me know in the LinkedIn comments. Love to hear your feedback is you’re going through this. We’ve got that number folks in the Stream at you’re out there listening. Let’s know what what’s let me know if his hit in the nose for you, right? There’s a basic intro to a door slam.

Which is the key cuz I think that’s sort of the techniques were going to or the toll we’re going to take moving forward into into road to reinvent here is basic introduction to stop help you get better, right? So we’re going to remove this trigger right now because we don’t really need it.

Okay, we don’t need it yet. We’re going to keep things really really simple to see that actually takes the second pending deletion. So we’re going to click save and that should then fire off that trigger. So now it’s remove so we can actually invoke this code right now. We can hit test test is going to do absolutely nothing does nothing we hit test you’re going to see it’s going to ask.

Okay. Is there a test event that you want to send to this land up if you click on the templates, you’ll see there’s a bunch of default AWS It’s that happened. So if we scroll up here to like an S3 put that’s going to give you the sample. Json document that’s sent to your code.

Anytime S3 puts it on. It’s a really really great to start coding here. If we wanted to say every time that there is an S3 object. We want the following thing triggered and we can do that. So, you know, what is a really simple example, let’s do this. Let’s use our ministry put and we’re going to give this event a name sample S3 put event.

Okay, and we are then going to create so you’ll see in here before we create this event. You’re going to see that we get in the document we get records records has a square bracket, which means it’s in a ray at the list of 0 or more of the following and that is another sub document that contains the event version the region I’m the event names of what is happening in S3 and the parameters around it.

So who made that request the response sure most the stuff you’re just going to ignore and what you want to know here as though it has three there was a bucket the bucket name was example bucket in our case when we put this into production. This will be the name of the actual bucket.

Find the key was test key. So somebody saved a file in a directory test named filename key in the directory test test an example bucket. That’s what this event is saying that’s under a subdocument as if we create this and run that test what you’re going to see is we have an execution result which is succeeded.

Nothing. We have succeeded in life right turn value from the function in this case status 200, which is the standard for HTTP success and the body is Hello from land. So we have run a hello world if you scroll up you’ll see the actual long and trees. That’s a request ID and request a report and so on.

So I test has been successful in n Augusta has a fantastic question. Can you add updater remove the trigger on the Fly you can but that’s between execution so you can change triggers at anytime you want. So you saw we added a trigger then remove the trigger and executions will happen as it’s going executions happened on the last say version.

So while we were adding the trigger, the nothing was triggering event when we added it. There was a potential for things to be triggered. So there is nothing that requires you to set up triggers. When you create your your code. You can change it on the flying that’s actually a great tool because your code can be modular and then as long as it except the input from the trigger, so we’re going to write some code that doesn’t need a trigger for a trigger it manually and then we are going to set up that tree so we have this option now of the scroll down and hopefully it goes so that answers your question and if it doesn’t let me know in the comments and I’ll go deeper here.

So if you scroll down here, you’ll see our function code, okay? Now for those of you who are unfamiliar with land at war with python, we’re going to dive into what this means in a second, but I want to say something really important about this Frame you’ll notice the function code and I don’t know why I’m pointing at my screen like you can see we’ve code entry type so we can edit it in line.

I run * Python and the Handler is Lambda function. Lambda Handler know you noticed Lambda function is the name of our file Lambda hand blur is the name of What’s called? The functions of death is the key word in Lambda to define a new function this line of Code online 3 defines a function called land a Handler.

In the Box for AWS Lambda if your Handler is not pointing to the right place. Your code will not work. This is literally the line. The Handler is the line that says this is where Lambda is going to start your code. Okay, it starts or code passing two objects and event and context the event is what we saw in the Testament DS3 put request context gives you information about what’s happening in the Lambda itself.

We’re not going to get there now, but what also is very important understand is this I Frame Window we’re looking at again don’t know why I’m making the sign is actually an import from code nine which is an AWS service that stands up a development environment in the cloud.

We’ll tackle that on another video cuz we don’t want to go into it now, but it’s a full ID or integrated development environment and it makes it really easy to edit your code in the browser. You not going to want a typically build code in line like we’re doing now you’re going to want to set up a little more formal code practices.

For our purposes and dipping your toe in the water. This is really really good. So you can see here at arlanda has a note to do Implement AKA do something but when this executed it had a return code status 200 the body was dumping out a Json object called.

Hello from Lambda. Remember we saw that in our code you can see it in the bottom in the execution results. We could also change that we could say hello from the livestream don’t know if live stream if we’ve agreed on it being one word or two, but we’re going to run it that way.

Right. So now if I save this and then if I run a test again, we scroll back up to the top you’re going to see that output has changed. Hello from the livestream. Yes, we’ve taken 12 minutes or so to create a hello world. That’s slightly more advanced. What if we scroll down door code? We now have the ability to look at what’s happening.

So if we save print which is going to then print out all of our Rent information. We’re going to use another function. This is called Jason. Dumps now dumps is dumped it to a string the event and I think I’ve got that right off the top of my head, but they see what we’re saying is printed the log the event that was passed to our function.

Okay. I think that makes sense print to the log of the event was passed where function we’re going to say. We’re going to test it again. We’re going to scroll to the top and we’re going to see that it succeeded again, but if you look at our log output here is our test event.

Shantae so what has happened is that we have dumped the event that has been passed to our AWS Lambda function. We know now or Testament send that Json document we have access to it we can dump it. So what we’re going to do is we’re actually going to dive into the records object.

So we are coming back to our python code. We’re going to get a little more complicated. I’m going to walk you through this. I’m going to talk it through myself out loud because I literally have nothing planned. This is all sort of off-the-cuff. So again may make mistakes. Let me know in the comments.

So we are going to double-check we’re going to say if records. In event ceramic sure that the key records is in the event we know it is but we’re just going to make sure because encoding and ever want to assume you want to verify so if that is their what we’re going to do is say for each record in event records.

print record print this is a new record. Okay, let’s remove this line. We’re going to comment in Python and octothorpe bag a hashtag or number sign is a single line comment. I’m so what we’ve got here is if the key records is in event. Okay. So we’re checking to make sure there’s records in this event for each record in that collection of Records print.

This is a new record and then print the contents of that record makes sense. Right? We’re going to save we’re going to cross our fingers and hope it works. This is the glamour of development by the way Tiny Steps try see if it works if we can look right here.

So if we look down in our execution, you will see the execution results. This is a new record. Okay, so we are down on the line 7 in our Loop where we’ve actually accessed each record, and it’s been for printing the entirety of That records if we scroll over a little bit.

We see all of those parameters earlier. So what we want is we don’t want to deal with most of those we want to look for the S3 key and then under S3. We want to find bucket and name. So again, what we’re going to do is we’re going to say if S3 in record.

So does the key S3 work in record Okay, then if bucket in record, so if that s3t has a bucket key then if name and yeah, you need to check all these just to make sure in record S3 forgot that up here S3 bucket. print three bucket 4 minute and then I’m going to copy cuz I’m getting lazy.

We added some complexity here. Okay, we got eight minutes left. We added some complexity. Not a problem at what we have is checking for each new record is the key S3 in that record is to keep bucket under the key S3 is the team name under the keys S3 in bucket, right? So we’ve tested our data structure to go down to see if this value that I’ve highlighted with my mouse exist.

If it does exist, we are going to print out S3 bucket. And then this is a placeholder for everything after format. So in other words, we’re going to take the name and print it out. So we’re going to have ideally in our output we’re going to have this is a new record and then under that S3 bucket record three little.

So we know it and then after that we’re going to go after the object and key. Okay. So let’s just keep that in mind. We’re going to save it. We’re going to test it. And what you’ll see out here is this is a new record S3 bucket example bucket.

So if we do the same thing back here if we say if object. In record helps if I can spell especially with 7 minutes left record if key in record S3. object French S3 key, so we’re doing the exact same format only difference is we’re looking at a different object.

in two objects key Augustus got a fantastic question going to tackle that one second once we do this, so if I haven’t missed typed anything if I click save and I run test you’ll see now we have our bucket name and our key name we’ve successfully pulled these out.

So what we’re going to do is back in our higher up in our function. What we want to do is create two variables. We’re going to create a variable called key when I make sure that’s empty. We’re going to make a variable called bucket and where you keep that empty and what we’re going to do is assign the values to those variables.

Okay, very very simple hear the reason why we’ve created a variable that’s a placeholder a little piece of storage that we can write to his because instead of each of these Loops. What we’re going to do is a die down here at the end. We’re going to ignore the print record in our return code.

We are going to actually write something instead of hello from the livestream at we’re going to say new object in S3 bucket. Called so I’ve done to placeholders here and we’re going to say bucket and key. So what’s going to happen now by Sav and I test this you’re going to see that the response status code 200.

This is been successful at we have a new object in an S3 bucket example bucket called test key. So what we’ve done is taking the complex document that S3 sends out saying there’s a new bucket. There’s any object who put request and we’ve ripped out the information we want which is the name of the bucket and the name of the keys so that we can do something with that we’re going to do something with it, maybe suikoden 5 minutes, but I guess he’s got a fantastic question on the stream here and and that is simply what’s the cost of this right are the limitations are amazing the same Lambda function across the regions that kind of thinks a lot of questions rolled up into one question, which I love we have run this function five or six times already and let me just run again for fun.

Lambda pricing varies but we’re right now we’re using our the smallest land two types of give the land of the amount of memory you want and how long you allow your function to run right now, we’re using the to minimum defaults because it’s minimal code this bills in collections of 1 million executions.

We’ve done 6 6 at it is $0.20 us per million executions in the this region wearing in u.s. East 1 20 cents per million executions negligible cost right you pay for other as other eight of a very very minimal cost. This function is only in the region. We put it in you can call it from other regions.

If you set up a vermicious correctly or you can copy this function into other regions. So it will execute locally that does have an impact on cost and timing of things like that. But Lambda like most other eight of your services is regionally-based the right now you can see in the top-right where North Virginia and that’s meaning that that’s all we’ve got here.

Right? So that’s fine. As far as security. Like we said the big two things here are the admin role which is who can access this function and write this code and the execution roll. What ability did this have to access AWS resources. So what we’ve done in in today’s quick tutorial is created a code that interprets as three input functionality right? I’m so what we’re going to Shoe Show you real quick cuz we met 3 minutes.

Is how this actually works with a trigger right? I’m so let me go to services and I’m going to open up S3 in a new console or in a new window here all increase the font size. You can see it. I’m going to create a new bucket which is road to reinvent.

Road to reinvent next. Yeah, I’ll keep the defaults. That’s fine block all public access. Please use this all the time. Let’s you’re hosting a website. I a block all public access. I love that version. I love that default now at create the bucket. Kay credit there we go. So now we have road to reinvent as a bucket going to flip back into the tab for our function to close the Service drop down.

We’re going to add a trigger now. Okay, because we have a code that takes an S3 put request and spits out to the to log some information and it Returns the results of the name of the bucket and the name of the key. So we add trigger drop down back to S3 at the bottom K select our bucket road to reinvent on all objects create events shirt when I know prefix still suffix.

So anytime anyone puts an object in our bucket, this is going to trigger arlanda put the orange add button to take just a second and you will see now at the top road to reinvent was successfully the trigger rotary event was successfully added this function is not receiving events from this trigger.

What’s trap? Let’s try. Let’s go to our bucket. We are going to upload something. I’m going to drag and drop an image very simply. It’s just a screenshot go to click next. I don’t need any additional permissions just me as the owner because this is going to trigger the background final take normal.

So I’m paying to store this object. It’s fractional cost because it’s only 168 KGB. But if I go back to my Lambda function going to introduce a new section of land at 2 to which is great. We’re going to click on the monitoring link here. So under the name of our function monitoring UFC cloudwatch metrics, which are glorious that we’ve basically done nothing just started playing around essentially which is fine and you’ll start to see more and more hearing duration because your build on duration.

So how long the function runs ties to how much cost you have but again landed costs are fractional. They’re so small. And what we’re going to do is we’re going to view the Awesome car wash logs so we could hear his opens a new tab for cloudwatch logs gives us our latest event stream.

Hopefully things have shown up here cloudwatch logs is a little bit delayed if we click on the button, you’re going to see we still have our tests right is the new record. Those are the ones we ran manually, but they don’t forget the I raise the eyebrow raised in the bottom.

I like when things work. This is a new record bucket road to reinvent key the name of the file. We dropped their now, we have successfully it with 15 seconds left. We successfully created in AWS Lambda function. Let me go back to the code. We successfully created a function that was triggered any time anyone puts a file in an S3 bucket.

It runs our code which basically says what file was pushed their the really really simple example, but I think in the time we had today that explains the concept right you guys had some great questions on the stream. This is the second time we’ve done this road to reinvent.

I’m still working on the schedule with your will make public. So that is not just random. You’re on LinkedIn and when You see this pop up. I’m going to make a little more regular to make it easy and put this is the core of a lot of patterns around Automation in the cloud weather there security automations or other types.

It’s really simple to get started. It took us 30 minutes of stumbling around to write some code that is reacting to things that happened in S3. It’s really that simple. Okay, you can expand this pattern to a number of things but this is at its core from a cost perspective, which is a fantastic question.

Thank you. Augusto costing is is fractional. It’s you know, you can play around with it as an individual for weeks and maybe it’s going to cost you $5. Okay, and that’s a ridiculous amount of usage like a ridiculous amount of usage. Obviously you pay for other as other AWS items but this is very simple example, we stitching together.

We’re going to expand on this I think in the future we’re going to tackle other services in the same way, but I thought it was really critical we start with Lambda because you’re going to see a pop up again and again and hopefully this Made it a little less intimidating.

I hope this has been useful. Let me just switch back to my cam and I hope this is been useful. I hope this is been educational for you. I hope maybe generating more questions. If you’re watching this on YouTube time after the fact hit me up in the description or in the comments down below.

I will respond and all the feedback. I’m incorporating into building out this program leading up to reinvent. Like I said, I believe it’s 71 days left and there’s a lot of stuff you can learn so it would hit the ground in reinvent. You are already up to speed on some stuff.

So again, I have written The Ultimate Guide to AWS reinvent is published online up with the link in the description and in the comments so you can read that about the actual event itself, but we’re going to be doing these live streams pretty regularly working up to the events of that and we’re all a little familiar with each other and that we’ve all learned a little bit and hopefully have a better understanding of how to build some cool stuff in the AWS Cloud.

I think it’s really funny think it opens up a lot of possibilities and as always what you want to see I’m not a Tackle anything I will fail, but hopefully we’ll learn something about that skip here and I think that’s really important to realize that none of this stuff goes really smooth out of the gate when you’re stumbling around but that’s part of the way you learn right or at least part of the way I learned.

So thanks for joining me on this Friday. I hope you are set up for a fantastic rest of the day and a wonderful wonderful weekend. I will talk to you online and it will see you on the stream next week. Good morning, everybody. How you doing today? Let me just kill the overlays.

Perfect. Alright in the road to reinvent not 75 days left and forgot to update that we are down to 71 days left. Yeah, I think 71 days left. Let’s jump back up with make sure we make that quick edit 71 days going to stay accurate here 71 days. 71 days left to reinvent.

I promised in the kickoff video a couple days ago that we were going to talk about different things leading up to reinvent because I think there is a misperception around Cloud where it’s like, okay, you’re going to build technology in the clouds. We got teams are going to build all this crazy stuff.

And I think there’s a lot of really quick easy. Wednesday can just help you as an individual just some really basic. So are we are here on LinkedIn live. We will be posting this to YouTube afterwards. I’m pushing up maybe to Periscope. We’ll see but at least you tube after the fact so after anything interactive here, I am I am actively monitoring the comments.

So I’m just going to type in here just you know, just ask have a question just ask linkedin’s a little bit delay between a stream which is expected and which is great. So I will address it but it’s about 15 second leg compared to when I say it but it shows up in LinkedIn interacting primarily who’s on LinkedIn.

Today what we’re going to do is we’re going to go through an event yesterday Cloud sec in Toronto supposed to buy to World Canada sponsored by Trend Micro. I was my full-time employer Justice full to school here, but I gave it talk to a modified version of a talk that I’ve been giving add a number of AWS events around the world.

And I mean that was taking some Advanced security Concepts and automating them in a really simple way. Of course the quarter Kita. Is AWS Lambda? It’s a critical service and it’s a really important one but I think people kind of get intimidated Maybe by Landa. So what we’re going to do is we’re going to jump in and we’re going to create some code in Lambda and eurydice just really how easy it is.

Hopefully that will kind of a kind of Knocked Down the intimidation Factor. So what we’re going to do right now is its 4 past the hour we’re going to give ourselves a timer. We’re going to pop that timer up. You’re on the stream and I moved that down in the corner.

We’re going to give ourselves about 30 minutes to learn something in Lambda. So if you can bear out with me for 30 minutes, I’m going to teach you some basics of Lambda. Now, one of the things that I’m going to have to do this based on the logistics of the stream is I may have to pause to look at a commentary, but I think generally were good stream health is good.

And the LinkedIn Channel comments are up and what I’m going to do is I’m going to flip to my screen because the clock is already ticking. Let me go here and share out. I’m going to make sure that we are just sharing out Google. Perfect. Let’s make this a little wider.

And there we got so I am currently logged into an interview at account. This is the account I use for teaching and I refreshed it regularly. So this is an account that is never done anything in Lambda before so you can see the AWS Lambda page here and the tagline very simple.

Let’s run code without thinking about servers and that’s a really really good thing to make a timer a little bit off in the corner there. So you can still kind of see me and to Jeff questions as we go through this fire. I’m up here on LinkedIn happy to answer them as we go but basically we’re going to do a quick walk-through Ab-Soul and are the idea is is it you have code and that needs to run somewhere in a traditional environment.

What you would do is stand up a server or maybe a Mother Day’s you stand up a container that has all your dependencies that runs the code for Lambda takes that away it abstracts that always that you just have your code and AWS worries about running in the background.

What’s actually happening in the background your code executes any unique container in Shut down you don’t need to worry about that is triggered by something. So we are going to start by clicking the Big Orange create a function button. Okay, which presentation are the notes for the presentation I gave you yesterday in Cloud Tech or what we’re talking about today.

I let me know in the comments as I was continue along. So I asked to create a function and it appears tries to make this as simple as possible. They allow you to start from scratch blueprint common sample code for common use cases. This is really really useful. I’ll show you what that looks like.

When you switch over it starts to give you some options like cloudfront modify response header for your content delivery Network process streams and Dynamo at config rule change, right? So, native your scenarios already have blueprints set up extremely handy for eyebrow the serverless apropos. Toys R Us are everything gets an acronym why not Service app repositories a community-based tool kit that essentially where people have and yes, Augusta will send you the link app for yesterday’s note that presentation.

I also giving it at the end of this time in Toronto again and a potentially at reinvent and but yeah, I’ll send you that and I’ll write something up on today’s fantastic feedback. I’m so back to the service app repository. Basically, these are instead of just blueprints of one function there a collection of serverless pieces to help you build an application in really jumpstarts are foundational architectures what to get more familiar with the stuff browse through the service app repository.

There is some gold in there, but we are going from scratch why not? Let’s do some coding right from scratch and I want to show you how easy this is even if you are not used to write in code. Kavia, I’m going to make some mistakes. That’s the whole idea of these live streams.

That’s the whole core goal of helping you guy walking through this together as a team. I’m going to stumble hopefully will fall. But what we’re going to call our function is road to reinvent sample one super exciting. Normally. This would be a lot more descriptive but I’m not quite sure what we’re going to build yet.

So it’s quite easy given a function name. Now, you’re critical decision is the runtime what type of code are you going to be writing by default? I know JSI, but you can see here go. Net Java python Ruby a bunch of stuff for supported including custom run times. You can build your own out to some people have some done some really funny at Legacy language is some useful nice stuff, but we’re going to be doing today is picking python 3.7.

I find this is a great way to ease people in lots of great libraries at the support it Lots of utility and the syntax is really simple for people are just dipping their toe in the water of writing code. All right. So now the next section is asking for is around permission.

There are two sets of permissions when it comes to Lambda. There are the admitting roll and the execution roll. I know we got to go to the place. I can clear the admin role is simply who can access the Lambda function as a thing within a wso who can do what we’re about to do that feed mineral.

The execution role is what the Lambda function itself has as permissions. So by default, it has no permissions. You have to give it some permission. So if you are accessing writing a function that access is an S3 bucket, you need to give it those permissions for S3. If you’re writing something that accesses cloudwatch you need to evict cloudwatch permission all of those permissions in the execution roll are the permissions assigned when the Lambda executes repeatedly, so if you are accessing an AWI service within your Atlanta function, you want to make sure that you have the proper permissions hear what we’re going to do is create a basic land of permissions roll.

This is the default roll suggested by AWS. It’s actually quite good. It doesn’t give a ton of permissions out and it gives us something to work for through cuz we’re just going to look at the concept first. And then we’re going to get a little bit deeper Depending on time cuz we only have to wait a minute or create new role with basically no permissions where the Cliffs at Orange create function button and I just going to take a second while its doing I’m just going to check on the comments on the stream Health looks good.

We are sitting there accident to conk out like it did last time on you folks. So now we flip back and you’ll see we get a green Banner the top lift. Our function has been successfully created and we can run in test right away. There’s a number buttons off the top.

So we see we have our our role name road to reinvent sample one that we can throttle it we can have a whole bunch of extra functions and important thing to note but not to understand yet is if you are ever asked for your function arnor Amazon resource name, it’s right here in the top right corner will cover that some other time, but it’s their front.

I like this default page because it shows you the concept of Lambda. What I mean by that is that we have our function. We just created road to reinvent sample one something needs to trigger that function like a start the function and then that function has a bunch of outputs.

You can see right now in the middle of our diagram here. We have rotary event sample with the land of Icon and we have layers underneath it. Lambda layers are other prepared pieces of code or binary that can attach your function so you don’t have to repeat yourself all the time.

So if you have a set number of dependencies, you can put them in those layers or you can borrow other people’s layers so that you don’t always have to rebuild kind of Handy to expand your land us think of the misery of clickable extensions MN if we follow this map you bear with me as I drag my mouse cursor, which is always a horrible way to highlight things to people but we don’t have much Choice here to Amazon cloudwatch logs.

So that says when are a function is executed if we ever write to standard out or you just print to a console and in the language it will go to cloudwatch logs, so that Basic Lambda execution roll gave us ability to write to me to create a log stream and write to a long string so very very simple, but we’re missing is over on this side.

We’re missing a trigger. And again, we’re taking comments here on LinkedIn. If you have any questions just ask I can see it while I’m in the main browser window. So if you need clarification or me to go somewhere else with this let me know at so now we have the ability to serve add this trigger.

You can view the permissions. That’s the key in the top Corner if you were wondering what we want to set some sort of trigger if we cook the add trigger button, you’re going to see if we can select a trigger know there’s a whole bunch of default options here in this is really great.

It starts to give you an idea of the first steps you can take with land and that’s really gluing stuff together so we can start with API Gateway for building a serverless application. API Gateway is how you get an HTTP or https endpoint to trigger Lambda. So somebody hit this URL your Lambda will fire very very Load balancers cloudwatch events codecommit dynamodb all these sort of standard AWS triggers can be initiate your your Lambda function, which is great.

So you don’t have to have a trigger by the way, you can execute this thing manually, but this is one of the key part of parts of it, right and you can also take some key Partners. So using your notice is Power by Amazon event bridge that is a number there service that will tackle on another day, but it’s basically it helps connect SAS services to things like Lambda Nancy datadog One login pagerduty signal effects sugar, all these partners of already made easy one.

So if you’re using one of these services and want to take an action on an event, this is how you do it. We’re going to add something real quick. And I think we’ll get rid of it. Cuz I don’t know if it highlights example, but if we hit S3, you’ll see that it’s going to ask me.

Okay, we’ll what bucket. And then one event type so all object create event. So anytime an object is created. I want this to trigger will maybe I only want it when an object is copied or when something is permanently deleted. You can check the parameters around when this trigger goes.

I think that’s pretty straightforward most the time for us 3 we’re going to say is all object create event. So anytime anyone creates an object in this S3 bucket. I want this Lambda to be invoked. Which sucks right that’s pretty straightforward pretty simple. You can use this to verify objects.

You can use this to a lot of time to do a thumbnail conversion of images of popular example convert videos that kind of stuff right? This is how you set up a trigger and if we at the bottom receipt Lambda will add the necessary permissions for you. That is a very very nice feature.

It will add them to the role that’s being used to give you a virus trigger work. So if we have to make this trigger works with orange add button and you’ll see now that we have a trigger in our diagram in this case. It’s at three triggers road to reinvent sample which then writes out to Amazon cloudwatch logs.

That makes sense for everybody and let me know in the LinkedIn comments. Love to hear your feedback is you’re going through this. We’ve got that number folks in the Stream at you’re out there listening. Let’s know what what’s let me know if his hit in the nose for you, right? There’s a basic intro to a door slam.

Which is the key cuz I think that’s sort of the techniques were going to or the toll we’re going to take moving forward into into road to reinvent here is basic introduction to stop help you get better, right? So we’re going to remove this trigger right now because we don’t really need it.

Okay, we don’t need it yet. We’re going to keep things really really simple to see that actually takes the second pending deletion. So we’re going to click save and that should then fire off that trigger. So now it’s remove so we can actually invoke this code right now. We can hit test test is going to do absolutely nothing does nothing we hit test you’re going to see it’s going to ask.

Okay. Is there a test event that you want to send to this land up if you click on the templates, you’ll see there’s a bunch of default AWS It’s that happened. So if we scroll up here to like an S3 put that’s going to give you the sample. Json document that’s sent to your code.

Anytime S3 puts it on. It’s a really really great to start coding here. If we wanted to say every time that there is an S3 object. We want the following thing triggered and we can do that. So, you know, what is a really simple example, let’s do this. Let’s use our ministry put and we’re going to give this event a name sample S3 put event.

Okay, and we are then going to create so you’ll see in here before we create this event. You’re going to see that we get in the document we get records records has a square bracket, which means it’s in a ray at the list of 0 or more of the following and that is another sub document that contains the event version the region I’m the event names of what is happening in S3 and the parameters around it.

So who made that request the response sure most the stuff you’re just going to ignore and what you want to know here as though it has three there was a bucket the bucket name was example bucket in our case when we put this into production. This will be the name of the actual bucket.

Find the key was test key. So somebody saved a file in a directory test named filename key in the directory test test an example bucket. That’s what this event is saying that’s under a subdocument as if we create this and run that test what you’re going to see is we have an execution result which is succeeded.

Nothing. We have succeeded in life right turn value from the function in this case status 200, which is the standard for HTTP success and the body is Hello from land. So we have run a hello world if you scroll up you’ll see the actual long and trees. That’s a request ID and request a report and so on.

So I test has been successful in n Augusta has a fantastic question. Can you add updater remove the trigger on the Fly you can but that’s between execution so you can change triggers at anytime you want. So you saw we added a trigger then remove the trigger and executions will happen as it’s going executions happened on the last say version.

So while we were adding the trigger, the nothing was triggering event when we added it. There was a potential for things to be triggered. So there is nothing that requires you to set up triggers. When you create your your code. You can change it on the flying that’s actually a great tool because your code can be modular and then as long as it except the input from the trigger, so we’re going to write some code that doesn’t need a trigger for a trigger it manually and then we are going to set up that tree so we have this option now of the scroll down and hopefully it goes so that answers your question and if it doesn’t let me know in the comments and I’ll go deeper here.

So if you scroll down here, you’ll see our function code, okay? Now for those of you who are unfamiliar with land at war with python, we’re going to dive into what this means in a second, but I want to say something really important about this Frame you’ll notice the function code and I don’t know why I’m pointing at my screen like you can see we’ve code entry type so we can edit it in line.

I run * Python and the Handler is Lambda function. Lambda Handler know you noticed Lambda function is the name of our file Lambda hand blur is the name of What’s called? The functions of death is the key word in Lambda to define a new function this line of Code online 3 defines a function called land a Handler.

In the Box for AWS Lambda if your Handler is not pointing to the right place. Your code will not work. This is literally the line. The Handler is the line that says this is where Lambda is going to start your code. Okay, it starts or code passing two objects and event and context the event is what we saw in the Testament DS3 put request context gives you information about what’s happening in the Lambda itself.

We’re not going to get there now, but what also is very important understand is this I Frame Window we’re looking at again don’t know why I’m making the sign is actually an import from code nine which is an AWS service that stands up a development environment in the cloud.

We’ll tackle that on another video cuz we don’t want to go into it now, but it’s a full ID or integrated development environment and it makes it really easy to edit your code in the browser. You not going to want a typically build code in line like we’re doing now you’re going to want to set up a little more formal code practices.

For our purposes and dipping your toe in the water. This is really really good. So you can see here at arlanda has a note to do Implement AKA do something but when this executed it had a return code status 200 the body was dumping out a Json object called.

Hello from Lambda. Remember we saw that in our code you can see it in the bottom in the execution results. We could also change that we could say hello from the livestream don’t know if live stream if we’ve agreed on it being one word or two, but we’re going to run it that way.

Right. So now if I save this and then if I run a test again, we scroll back up to the top you’re going to see that output has changed. Hello from the livestream. Yes, we’ve taken 12 minutes or so to create a hello world. That’s slightly more advanced. What if we scroll down door code? We now have the ability to look at what’s happening.

So if we save print which is going to then print out all of our Rent information. We’re going to use another function. This is called Jason. Dumps now dumps is dumped it to a string the event and I think I’ve got that right off the top of my head, but they see what we’re saying is printed the log the event that was passed to our function.

Okay. I think that makes sense print to the log of the event was passed where function we’re going to say. We’re going to test it again. We’re going to scroll to the top and we’re going to see that it succeeded again, but if you look at our log output here is our test event.

Shantae so what has happened is that we have dumped the event that has been passed to our AWS Lambda function. We know now or Testament send that Json document we have access to it we can dump it. So what we’re going to do is we’re actually going to dive into the records object.

So we are coming back to our python code. We’re going to get a little more complicated. I’m going to walk you through this. I’m going to talk it through myself out loud because I literally have nothing planned. This is all sort of off-the-cuff. So again may make mistakes. Let me know in the comments.

So we are going to double-check we’re going to say if records. In event ceramic sure that the key records is in the event we know it is but we’re just going to make sure because encoding and ever want to assume you want to verify so if that is their what we’re going to do is say for each record in event records.

print record print this is a new record. Okay, let’s remove this line. We’re going to comment in Python and octothorpe bag a hashtag or number sign is a single line comment. I’m so what we’ve got here is if the key records is in event. Okay. So we’re checking to make sure there’s records in this event for each record in that collection of Records print.

This is a new record and then print the contents of that record makes sense. Right? We’re going to save we’re going to cross our fingers and hope it works. This is the glamour of development by the way Tiny Steps try see if it works if we can look right here.

So if we look down in our execution, you will see the execution results. This is a new record. Okay, so we are down on the line 7 in our Loop where we’ve actually accessed each record, and it’s been for printing the entirety of That records if we scroll over a little bit.

We see all of those parameters earlier. So what we want is we don’t want to deal with most of those we want to look for the S3 key and then under S3. We want to find bucket and name. So again, what we’re going to do is we’re going to say if S3 in record.

So does the key S3 work in record Okay, then if bucket in record, so if that s3t has a bucket key then if name and yeah, you need to check all these just to make sure in record S3 forgot that up here S3 bucket. print three bucket 4 minute and then I’m going to copy cuz I’m getting lazy.

We added some complexity here. Okay, we got eight minutes left. We added some complexity. Not a problem at what we have is checking for each new record is the key S3 in that record is to keep bucket under the key S3 is the team name under the keys S3 in bucket, right? So we’ve tested our data structure to go down to see if this value that I’ve highlighted with my mouse exist.

If it does exist, we are going to print out S3 bucket. And then this is a placeholder for everything after format. So in other words, we’re going to take the name and print it out. So we’re going to have ideally in our output we’re going to have this is a new record and then under that S3 bucket record three little.

So we know it and then after that we’re going to go after the object and key. Okay. So let’s just keep that in mind. We’re going to save it. We’re going to test it. And what you’ll see out here is this is a new record S3 bucket example bucket.

So if we do the same thing back here if we say if object. In record helps if I can spell especially with 7 minutes left record if key in record S3. object French S3 key, so we’re doing the exact same format only difference is we’re looking at a different object.

in two objects key Augustus got a fantastic question going to tackle that one second once we do this, so if I haven’t missed typed anything if I click save and I run test you’ll see now we have our bucket name and our key name we’ve successfully pulled these out.

So what we’re going to do is back in our higher up in our function. What we want to do is create two variables. We’re going to create a variable called key when I make sure that’s empty. We’re going to make a variable called bucket and where you keep that empty and what we’re going to do is assign the values to those variables.

Okay, very very simple hear the reason why we’ve created a variable that’s a placeholder a little piece of storage that we can write to his because instead of each of these Loops. What we’re going to do is a die down here at the end. We’re going to ignore the print record in our return code.

We are going to actually write something instead of hello from the livestream at we’re going to say new object in S3 bucket. Called so I’ve done to placeholders here and we’re going to say bucket and key. So what’s going to happen now by Sav and I test this you’re going to see that the response status code 200.

This is been successful at we have a new object in an S3 bucket example bucket called test key. So what we’ve done is taking the complex document that S3 sends out saying there’s a new bucket. There’s any object who put request and we’ve ripped out the information we want which is the name of the bucket and the name of the keys so that we can do something with that we’re going to do something with it, maybe suikoden 5 minutes, but I guess he’s got a fantastic question on the stream here and and that is simply what’s the cost of this right are the limitations are amazing the same Lambda function across the regions that kind of thinks a lot of questions rolled up into one question, which I love we have run this function five or six times already and let me just run again for fun.

Lambda pricing varies but we’re right now we’re using our the smallest land two types of give the land of the amount of memory you want and how long you allow your function to run right now, we’re using the to minimum defaults because it’s minimal code this bills in collections of 1 million executions.

We’ve done 6 6 at it is $0.20 us per million executions in the this region wearing in u.s. East 1 20 cents per million executions negligible cost right you pay for other as other eight of a very very minimal cost. This function is only in the region. We put it in you can call it from other regions.

If you set up a vermicious correctly or you can copy this function into other regions. So it will execute locally that does have an impact on cost and timing of things like that. But Lambda like most other eight of your services is regionally-based the right now you can see in the top-right where North Virginia and that’s meaning that that’s all we’ve got here.

Right? So that’s fine. As far as security. Like we said the big two things here are the admin role which is who can access this function and write this code and the execution roll. What ability did this have to access AWS resources. So what we’ve done in in today’s quick tutorial is created a code that interprets as three input functionality right? I’m so what we’re going to Shoe Show you real quick cuz we met 3 minutes.

Is how this actually works with a trigger right? I’m so let me go to services and I’m going to open up S3 in a new console or in a new window here all increase the font size. You can see it. I’m going to create a new bucket which is road to reinvent.

Road to reinvent next. Yeah, I’ll keep the defaults. That’s fine block all public access. Please use this all the time. Let’s you’re hosting a website. I a block all public access. I love that version. I love that default now at create the bucket. Kay credit there we go. So now we have road to reinvent as a bucket going to flip back into the tab for our function to close the Service drop down.

We’re going to add a trigger now. Okay, because we have a code that takes an S3 put request and spits out to the to log some information and it Returns the results of the name of the bucket and the name of the key. So we add trigger drop down back to S3 at the bottom K select our bucket road to reinvent on all objects create events shirt when I know prefix still suffix.

So anytime anyone puts an object in our bucket, this is going to trigger arlanda put the orange add button to take just a second and you will see now at the top road to reinvent was successfully the trigger rotary event was successfully added this function is not receiving events from this trigger.

What’s trap? Let’s try. Let’s go to our bucket. We are going to upload something. I’m going to drag and drop an image very simply. It’s just a screenshot go to click next. I don’t need any additional permissions just me as the owner because this is going to trigger the background final take normal.

So I’m paying to store this object. It’s fractional cost because it’s only 168 KGB. But if I go back to my Lambda function going to introduce a new section of land at 2 to which is great. We’re going to click on the monitoring link here. So under the name of our function monitoring UFC cloudwatch metrics, which are glorious that we’ve basically done nothing just started playing around essentially which is fine and you’ll start to see more and more hearing duration because your build on duration.

So how long the function runs ties to how much cost you have but again landed costs are fractional. They’re so small. And what we’re going to do is we’re going to view the Awesome car wash logs so we could hear his opens a new tab for cloudwatch logs gives us our latest event stream.

Hopefully things have shown up here cloudwatch logs is a little bit delayed if we click on the button, you’re going to see we still have our tests right is the new record. Those are the ones we ran manually, but they don’t forget the I raise the eyebrow raised in the bottom.

I like when things work. This is a new record bucket road to reinvent key the name of the file. We dropped their now, we have successfully it with 15 seconds left. We successfully created in AWS Lambda function. Let me go back to the code. We successfully created a function that was triggered any time anyone puts a file in an S3 bucket.

It runs our code which basically says what file was pushed their the really really simple example, but I think in the time we had today that explains the concept right you guys had some great questions on the stream. This is the second time we’ve done this road to reinvent.

I’m still working on the schedule with your will make public. So that is not just random. You’re on LinkedIn and when You see this pop up. I’m going to make a little more regular to make it easy and put this is the core of a lot of patterns around Automation in the cloud weather there security automations or other types.

It’s really simple to get started. It took us 30 minutes of stumbling around to write some code that is reacting to things that happened in S3. It’s really that simple. Okay, you can expand this pattern to a number of things but this is at its core from a cost perspective, which is a fantastic question.

Thank you. Augusto costing is is fractional. It’s you know, you can play around with it as an individual for weeks and maybe it’s going to cost you $5. Okay, and that’s a ridiculous amount of usage like a ridiculous amount of usage. Obviously you pay for other as other AWS items but this is very simple example, we stitching together.

We’re going to expand on this I think in the future we’re going to tackle other services in the same way, but I thought it was really critical we start with Lambda because you’re going to see a pop up again and again and hopefully this Made it a little less intimidating.

I hope this has been useful. Let me just switch back to my cam and I hope this is been useful. I hope this is been educational for you. I hope maybe generating more questions. If you’re watching this on YouTube time after the fact hit me up in the description or in the comments down below.

I will respond and all the feedback. I’m incorporating into building out this program leading up to reinvent. Like I said, I believe it’s 71 days left and there’s a lot of stuff you can learn so it would hit the ground in reinvent. You are already up to speed on some stuff.

So again, I have written The Ultimate Guide to AWS reinvent is published online up with the link in the description and in the comments so you can read that about the actual event itself, but we’re going to be doing these live streams pretty regularly working up to the events of that and we’re all a little familiar with each other and that we’ve all learned a little bit and hopefully have a better understanding of how to build some cool stuff in the AWS Cloud.

I think it’s really funny think it opens up a lot of possibilities and as always what you want to see I’m not a Tackle anything I will fail, but hopefully we’ll learn something about that skip here and I think that’s really important to realize that none of this stuff goes really smooth out of the gate when you’re stumbling around but that’s part of the way you learn right or at least part of the way I learned.

So thanks for joining me on this Friday. I hope you are set up for a fantastic rest of the day and a wonderful wonderful weekend. I will talk to you online and it will see you on the stream next week.

More Content