Implementation<\/h3>\n\n\n\n\n- I will use Terraform to provision the Lambda function.<\/li>\n\n\n\n
- I will use Python as Lambda runtime.<\/li>\n\n\n\n
- Python script will pick the files uploaded to a path and move them to their respective folder with year, month, and date.<\/li>\n\n\n\n
- S3 notification will trigger the Lambda (When any new files get uploaded to the bucket on a path)<\/li>\n<\/ul>\n\n\n\n
Prerequisite:<\/h4>\n\n\n\n\n- Basic understanding of AWS services such as Lambda, S3, IAM, etc.<\/li>\n\n\n\n
- Basic understanding of Python and boto3 SDK<\/li>\n\n\n\n
- Basic knowledge of Terraform.<\/li>\n<\/ul>\n\n\n\n
\n\n\n\nProject setup<\/h3>\n\n\n\n
Creating the file structure as below. .tf<\/code> files will store the Terraform code, and the Python code will be in lambda_functions\/main.py<\/code><\/p>\n\n\n\npre-setup-script.sh <\/code>will be used to test the Lambda function. This script will create random files in the bucket and this event will trigger the Lambda function.<\/p>\n\n\n\n![\"\"\/](\"https:\/\/cdn-images-1.medium.com\/max\/1600\/1*BLAzSNv0PH1aYO0cJiRgTg.png\")
<\/figure>\n\n\n\nBefore we write Terraform, let me create a bucket with the name <\/strong>inbound-bucket-custome<\/strong><\/code> and a folder <\/strong>incoming<\/strong><\/code> . I will also create a bucket to store Terraform state\u200a\u2014\u200a<\/strong>my-backend-devops101-terraform<\/strong><\/code><\/p>\n\n\n\n
\n\n\n\nNote:<\/strong> I have placed all the code used in this blog post in my public GitHub repository. You can find it with this link.<\/strong><\/a><\/p>\n\n\n\nPython script for Lambda function<\/h3>\n\n\n\n
lambda_functions\/main.py<\/code><\/p>\n\n\n\n![\"\"\/](\"https:\/\/cdn-images-1.medium.com\/max\/1600\/1*7oKwUCc2inH5z1mx0GXKyw.png\")
<\/figure>\n\n\n\nThis code will perform the below functions.<\/p>\n\n\n\n
\n- Retrieves the S3 bucket and file path from an environment variable (
BUCKET_PATH<\/code>).<\/li>\n\n\n\n- Lists all files in a specific directory (
prefix<\/code>) within the S3 bucket.<\/li>\n<\/ul>\n\n\n\nFor each file:<\/p>\n\n\n\n
\n- Extracts the
year<\/code>, month<\/code>, and date<\/code> from the file name.<\/li>\n\n\n\n- Constructs a new path for the file based on this date information.<\/li>\n\n\n\n
- Copies the file to the new path.<\/li>\n\n\n\n
- Deletes the original file.<\/li>\n<\/ul>\n\n\n\n
Terraform to deploy an AWS Lambda function with Python runtime<\/h3>\n\n\n\nSetting up Terraform providers and s3 backend<\/strong><\/h4>\n\n\n\nversions.tf<\/code><\/p>\n\n\n\n![\"\"\/](\"https:\/\/cdn-images-1.medium.com\/max\/1600\/1*CGXDyuKTxVeCve_8XwFmnA.png\")
<\/figure>\n\n\n\nPackage the Python code as a zip file<\/strong><\/h4>\n\n\n\nThe lambda function will require the zip file with Python code. I have used the Terraform data source archive_file<\/code> to zip the Python function code. We have provided the path to the Lambda function and the destination where to store the zip file.<\/p>\n\n\n\nlambda.tf<\/code><\/p>\n\n\n\n![\"\"\/](\"https:\/\/cdn-images-1.medium.com\/max\/1600\/1*tdYk14qgSMrXuYAS_K6Owg.png\")
<\/figure>\n\n\n\nCreate Lambda function Terraform resources<\/h4>\n\n\n\n\nruntime -> python3.11<\/code><\/li>\n\n\n\nfilename -> location of the zip file with Python code<\/code><\/li>\n\n\n\nsource_code_hash -> This allows the Terraform to update the Lambda with the code changes<\/code><\/li>\n\n\n\n- We will pass the bucket name as an environment variable, Python code will access it using
os.getenv(\u201cENV_NAME\u201d)<\/code><\/li>\n<\/ul>\n\n\n\nlambda.tf<\/code><\/p>\n\n\n\n![\"\"\/](\"https:\/\/cdn-images-1.medium.com\/max\/1600\/1*sFem5jr3vloVgkc5yTH8ww.png\")
<\/figure>\n\n\n\nCreate a Lambda execution role.<\/h4>\n\n\n\n
lambda.tf<\/code><\/p>\n\n\n\n![\"\"\/](\"https:\/\/cdn-images-1.medium.com\/max\/1600\/1*oYsq_ZIX-fryufg5vG_1aA.png\")
<\/figure>\n\n\n\nIam policy that allows Lambda to access the files from the bucket<\/h4>\n\n\n\n![\"\"\/](\"https:\/\/cdn-images-1.medium.com\/max\/1600\/1*CgNdDpa_-CZAT7cySCebkw.png\")
<\/figure>\n\n\n\nAttach the policy with the required permissions to the Lambda execution role<\/h4>\n\n\n\n![\"\"\/](\"https:\/\/cdn-images-1.medium.com\/max\/1600\/1*IL3G6bsxKnpGVBk7DJ9Jxg.png\")
<\/figure>\n\n\n\nCreate an S3 trigger for the Lambda function<\/h4>\n\n\n\n
Lambda needs explicit permission to be triggered by S3 hence we will create lambda permissions before creating the S3 trigger<\/p>\n\n\n\n
lambda.tf<\/code><\/p>\n\n\n\n![\"\"\/](\"https:\/\/cdn-images-1.medium.com\/max\/1600\/1*PZDrGy6W31MFJxTcQF-ZeA.png\")
<\/figure>\n\n\n\nCreate A bucket policy that will allow Lambda to get the bucket objects for the S3 notification trigger<\/h4>\n\n\n\n![\"\"\/](\"https:\/\/cdn-images-1.medium.com\/max\/1600\/1*uxEi7lRfYL7qId8TZe8paw.png\")
<\/figure>\n\n\n\n
\n\n\n\nConfigure the AWS credentials<\/h4>\n\n\n\n\n- Create an IAM user with only CLI access<\/li>\n\n\n\n
- Create Access and Security key<\/li>\n\n\n\n
- Install AWS CLI<\/li>\n\n\n\n
- Run
aws configure<\/code><\/li>\n<\/ul>\n\n\n\n![\"\"\/](\"https:\/\/cdn-images-1.medium.com\/max\/1600\/1*6uzuc0w9xZ-vwju9X4sXBQ.png\")
<\/figure>\n\n\n\nNote<\/em><\/strong>: We should never expose sensitive such as access keys, or security keys in the repo, or any public place. I will remove these credentials before publishing the blog post.<\/em><\/p>\n\n\n\nDeploy the Terraform<\/h4>\n\n\n\n# Initialize the Terraform\nterraform init\n\n# Plan the Terraform\nterraform plan\n\n# Apply terraform\nterraform apply<\/code><\/pre>\n\n\n\n![\"\"\/](\"https:\/\/cdn-images-1.medium.com\/max\/1600\/1*6WFjSWrSXgS4HurarsTXeQ.png\")
<\/figure>\n\n\n\nThis will deploy all the resources.<\/p>\n\n\n\n
\n\n\n\nLet\u2019s test it. As you can see screenshots below, there are no files in the bucket path.<\/p>\n\n\n\n![\"\"\/](\"https:\/\/cdn-images-1.medium.com\/max\/1600\/1*2xnOQ46ab-dvEo5_h0bcmg.png\")
<\/figure>\n\n\n\n![\"\"\/](\"https:\/\/cdn-images-1.medium.com\/max\/1600\/1*SbBTK9QsuIZ45dMi7oxqiA.png\")
<\/figure>\n\n\n\nLet me create some objects in the bucket, which should trigger the lambda function.<\/h4>\n\n\n\nI have created a short script that does it for us\u200a\u2014\u200apre-setup-script.sh<\/code>## pre-setup-script.sh ##\n#!\/bin\/bash\n\n# Define the S3 bucket name\nS3_BUCKET=\"inbound-bucket-custome\"\n\n# Create 10 files with the format filename-randomnumber-yyyy-mm-dd\nfor i in {1..10}; do\nRANDOM_NUMBER=$((1 + RANDOM % 1000))\nFILENAME=\"filename-$RANDOM_NUMBER-$(date +%Y-%m-%d).txt\"\necho \"This is file number $i\" > $FILENAME\naws s3 cp $FILENAME s3:\/\/$S3_BUCKET\/incoming\/\ndone<\/code><\/pre>\n\n\n\nWe will run this script to upload files to the bucket.<\/p>\n\n\n\n![\"\"\/](\"https:\/\/cdn-images-1.medium.com\/max\/1600\/1*PLR5oGVhXTC3fv0dwHHh6Q.png\")
<\/figure>\n\n\n\nThis will trigger the lambda function, which will move these files into the new folder structure.<\/p>\n\n\n\n![\"\"\/](\"https:\/\/cdn-images-1.medium.com\/max\/1600\/1*mDhzdBtwXbKTqlK_7uRr0Q.png\")
<\/figure>\n\n\n\n![\"\"\/](\"https:\/\/cdn-images-1.medium.com\/max\/1600\/1*vdMcs9vqi7CB821s33zrPQ.png\")
<\/figure>\n\n\n\n
\n\n\n\nThat is all for this blog post, I hope you found it useful.<\/p>\n\n\n\n
Prerequisite:<\/h4>\n\n\n\n\n- Basic understanding of AWS services such as Lambda, S3, IAM, etc.<\/li>\n\n\n\n
- Basic understanding of Python and boto3 SDK<\/li>\n\n\n\n
- Basic knowledge of Terraform.<\/li>\n<\/ul>\n\n\n\n
\n\n\n\nProject setup<\/h3>\n\n\n\n
Creating the file structure as below. .tf<\/code> files will store the Terraform code, and the Python code will be in lambda_functions\/main.py<\/code><\/p>\n\n\n\npre-setup-script.sh <\/code>will be used to test the Lambda function. This script will create random files in the bucket and this event will trigger the Lambda function.<\/p>\n\n\n\n<\/figure>\n\n\n\nBefore we write Terraform, let me create a bucket with the name <\/strong>inbound-bucket-custome<\/strong><\/code> and a folder <\/strong>incoming<\/strong><\/code> . I will also create a bucket to store Terraform state\u200a\u2014\u200a<\/strong>my-backend-devops101-terraform<\/strong><\/code><\/p>\n\n\n\n
\n\n\n\nNote:<\/strong> I have placed all the code used in this blog post in my public GitHub repository. You can find it with this link.<\/strong><\/a><\/p>\n\n\n\nPython script for Lambda function<\/h3>\n\n\n\n
lambda_functions\/main.py<\/code><\/p>\n\n\n\n<\/figure>\n\n\n\nThis code will perform the below functions.<\/p>\n\n\n\n
\n- Retrieves the S3 bucket and file path from an environment variable (
BUCKET_PATH<\/code>).<\/li>\n\n\n\n- Lists all files in a specific directory (
prefix<\/code>) within the S3 bucket.<\/li>\n<\/ul>\n\n\n\nFor each file:<\/p>\n\n\n\n
\n- Extracts the
year<\/code>, month<\/code>, and date<\/code> from the file name.<\/li>\n\n\n\n- Constructs a new path for the file based on this date information.<\/li>\n\n\n\n
- Copies the file to the new path.<\/li>\n\n\n\n
- Deletes the original file.<\/li>\n<\/ul>\n\n\n\n
Terraform to deploy an AWS Lambda function with Python runtime<\/h3>\n\n\n\nSetting up Terraform providers and s3 backend<\/strong><\/h4>\n\n\n\nversions.tf<\/code><\/p>\n\n\n\n<\/figure>\n\n\n\nPackage the Python code as a zip file<\/strong><\/h4>\n\n\n\nThe lambda function will require the zip file with Python code. I have used the Terraform data source archive_file<\/code> to zip the Python function code. We have provided the path to the Lambda function and the destination where to store the zip file.<\/p>\n\n\n\nlambda.tf<\/code><\/p>\n\n\n\n<\/figure>\n\n\n\nCreate Lambda function Terraform resources<\/h4>\n\n\n\n\nruntime -> python3.11<\/code><\/li>\n\n\n\nfilename -> location of the zip file with Python code<\/code><\/li>\n\n\n\nsource_code_hash -> This allows the Terraform to update the Lambda with the code changes<\/code><\/li>\n\n\n\n- We will pass the bucket name as an environment variable, Python code will access it using
os.getenv(\u201cENV_NAME\u201d)<\/code><\/li>\n<\/ul>\n\n\n\nlambda.tf<\/code><\/p>\n\n\n\n<\/figure>\n\n\n\nCreate a Lambda execution role.<\/h4>\n\n\n\n
lambda.tf<\/code><\/p>\n\n\n\n<\/figure>\n\n\n\nIam policy that allows Lambda to access the files from the bucket<\/h4>\n\n\n\n<\/figure>\n\n\n\nAttach the policy with the required permissions to the Lambda execution role<\/h4>\n\n\n\n<\/figure>\n\n\n\nCreate an S3 trigger for the Lambda function<\/h4>\n\n\n\n
Lambda needs explicit permission to be triggered by S3 hence we will create lambda permissions before creating the S3 trigger<\/p>\n\n\n\n
lambda.tf<\/code><\/p>\n\n\n\n<\/figure>\n\n\n\nCreate A bucket policy that will allow Lambda to get the bucket objects for the S3 notification trigger<\/h4>\n\n\n\n<\/figure>\n\n\n\n
\n\n\n\nConfigure the AWS credentials<\/h4>\n\n\n\n\n- Create an IAM user with only CLI access<\/li>\n\n\n\n
- Create Access and Security key<\/li>\n\n\n\n
- Install AWS CLI<\/li>\n\n\n\n
- Run
aws configure<\/code><\/li>\n<\/ul>\n\n\n\n<\/figure>\n\n\n\nNote<\/em><\/strong>: We should never expose sensitive such as access keys, or security keys in the repo, or any public place. I will remove these credentials before publishing the blog post.<\/em><\/p>\n\n\n\nDeploy the Terraform<\/h4>\n\n\n\n# Initialize the Terraform\nterraform init\n\n# Plan the Terraform\nterraform plan\n\n# Apply terraform\nterraform apply<\/code><\/pre>\n\n\n\n<\/figure>\n\n\n\nThis will deploy all the resources.<\/p>\n\n\n\n
\n\n\n\nLet\u2019s test it. As you can see screenshots below, there are no files in the bucket path.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/figure>\n\n\n\nLet me create some objects in the bucket, which should trigger the lambda function.<\/h4>\n\n\n\nI have created a short script that does it for us\u200a\u2014\u200apre-setup-script.sh<\/code>## pre-setup-script.sh ##\n#!\/bin\/bash\n\n# Define the S3 bucket name\nS3_BUCKET=\"inbound-bucket-custome\"\n\n# Create 10 files with the format filename-randomnumber-yyyy-mm-dd\nfor i in {1..10}; do\nRANDOM_NUMBER=$((1 + RANDOM % 1000))\nFILENAME=\"filename-$RANDOM_NUMBER-$(date +%Y-%m-%d).txt\"\necho \"This is file number $i\" > $FILENAME\naws s3 cp $FILENAME s3:\/\/$S3_BUCKET\/incoming\/\ndone<\/code><\/pre>\n\n\n\nWe will run this script to upload files to the bucket.<\/p>\n\n\n\n<\/figure>\n\n\n\nThis will trigger the lambda function, which will move these files into the new folder structure.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/figure>\n\n\n\n
\n\n\n\nThat is all for this blog post, I hope you found it useful.<\/p>\n\n\n\n
\n\n\n\n
Project setup<\/h3>\n\n\n\n
Creating the file structure as below. Before we write Terraform, let me create a bucket with the name <\/strong> Note:<\/strong> I have placed all the code used in this blog post in my public GitHub repository. You can find it with this link.<\/strong><\/a><\/p>\n\n\n\n This code will perform the below functions.<\/p>\n\n\n\n For each file:<\/p>\n\n\n\n The lambda function will require the zip file with Python code. I have used the Terraform data source Lambda needs explicit permission to be triggered by S3 hence we will create lambda permissions before creating the S3 trigger<\/p>\n\n\n\n Note<\/em><\/strong>: We should never expose sensitive such as access keys, or security keys in the repo, or any public place. I will remove these credentials before publishing the blog post.<\/em><\/p>\n\n\n\n This will deploy all the resources.<\/p>\n\n\n\n Let\u2019s test it. As you can see screenshots below, there are no files in the bucket path.<\/p>\n\n\n\n We will run this script to upload files to the bucket.<\/p>\n\n\n\n This will trigger the lambda function, which will move these files into the new folder structure.<\/p>\n\n\n\n That is all for this blog post, I hope you found it useful.<\/p>\n\n\n\n.tf<\/code> files will store the Terraform code, and the Python code will be in lambda_functions\/main.py<\/code><\/p>\n\n\n\npre-setup-script.sh <\/code>will be used to test the Lambda function. This script will create random files in the bucket and this event will trigger the Lambda function.<\/p>\n\n\n\n<\/figure>\n\n\n\ninbound-bucket-custome<\/strong><\/code> and a folder <\/strong>incoming<\/strong><\/code> . I will also create a bucket to store Terraform state\u200a\u2014\u200a<\/strong>my-backend-devops101-terraform<\/strong><\/code><\/p>\n\n\n\n
\n\n\n\nPython script for Lambda function<\/h3>\n\n\n\n
lambda_functions\/main.py<\/code><\/p>\n\n\n\n<\/figure>\n\n\n\n\n
BUCKET_PATH<\/code>).<\/li>\n\n\n\nprefix<\/code>) within the S3 bucket.<\/li>\n<\/ul>\n\n\n\n\n
year<\/code>, month<\/code>, and date<\/code> from the file name.<\/li>\n\n\n\nTerraform to deploy an AWS Lambda function with Python runtime<\/h3>\n\n\n\n
Setting up Terraform providers and s3 backend<\/strong><\/h4>\n\n\n\n
versions.tf<\/code><\/p>\n\n\n\n<\/figure>\n\n\n\nPackage the Python code as a zip file<\/strong><\/h4>\n\n\n\n
archive_file<\/code> to zip the Python function code. We have provided the path to the Lambda function and the destination where to store the zip file.<\/p>\n\n\n\nlambda.tf<\/code><\/p>\n\n\n\n<\/figure>\n\n\n\nCreate Lambda function Terraform resources<\/h4>\n\n\n\n
\n
runtime -> python3.11<\/code><\/li>\n\n\n\nfilename -> location of the zip file with Python code<\/code><\/li>\n\n\n\nsource_code_hash -> This allows the Terraform to update the Lambda with the code changes<\/code><\/li>\n\n\n\nos.getenv(\u201cENV_NAME\u201d)<\/code><\/li>\n<\/ul>\n\n\n\nlambda.tf<\/code><\/p>\n\n\n\n<\/figure>\n\n\n\nCreate a Lambda execution role.<\/h4>\n\n\n\n
lambda.tf<\/code><\/p>\n\n\n\n<\/figure>\n\n\n\nIam policy that allows Lambda to access the files from the bucket<\/h4>\n\n\n\n
<\/figure>\n\n\n\nAttach the policy with the required permissions to the Lambda execution role<\/h4>\n\n\n\n
<\/figure>\n\n\n\nCreate an S3 trigger for the Lambda function<\/h4>\n\n\n\n
lambda.tf<\/code><\/p>\n\n\n\n<\/figure>\n\n\n\nCreate A bucket policy that will allow Lambda to get the bucket objects for the S3 notification trigger<\/h4>\n\n\n\n
<\/figure>\n\n\n\n
\n\n\n\nConfigure the AWS credentials<\/h4>\n\n\n\n
\n
aws configure<\/code><\/li>\n<\/ul>\n\n\n\n<\/figure>\n\n\n\nDeploy the Terraform<\/h4>\n\n\n\n
# Initialize the Terraform\nterraform init\n\n# Plan the Terraform\nterraform plan\n\n# Apply terraform\nterraform apply<\/code><\/pre>\n\n\n\n<\/figure>\n\n\n\n
\n\n\n\n<\/figure>\n\n\n\n<\/figure>\n\n\n\nLet me create some objects in the bucket, which should trigger the lambda function.<\/h4>\n\n\n\n
I have created a short script that does it for us\u200a\u2014\u200apre-setup-script.sh<\/code>## pre-setup-script.sh ##\n#!\/bin\/bash\n\n# Define the S3 bucket name\nS3_BUCKET=\"inbound-bucket-custome\"\n\n# Create 10 files with the format filename-randomnumber-yyyy-mm-dd\nfor i in {1..10}; do\nRANDOM_NUMBER=$((1 + RANDOM % 1000))\nFILENAME=\"filename-$RANDOM_NUMBER-$(date +%Y-%m-%d).txt\"\necho \"This is file number $i\" > $FILENAME\naws s3 cp $FILENAME s3:\/\/$S3_BUCKET\/incoming\/\ndone<\/code><\/pre>\n\n\n\n<\/figure>\n\n\n\n<\/figure>\n\n\n\n<\/figure>\n\n\n\n
\n\n\n\n