Questions tagged with AWS Lambda

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Redshift serverless data api sql calls

Hi, I am new to Redshift serverless and working on a Lambda function to connect to serverless database using Python redshift Data API and execute bunch of SQL and stored procedures that are stored in a Nexus repository artifact. I am seeing errors when I try to execute SQL statements read from a file as a string. Here is an example of a DDL from one of the scripts. -- Table Definitions -- ---------------------------------- -- test1 ----------------------- -- ---------------------------------- DROP TABLE IF EXISTS test1; CREATE TABLE test1 ( id varchar(32), name varchar(64) DEFAULT NULL, grade varchar(64) DEFAULT NULL, zip varchar(5) DEFAULT NULL -- test2 -------------------------- -- ---------------------------------- DROP TABLE IF EXISTS test2; CREATE TABLE test2( id varchar(32), user_id varchar(32) DEFAULT NULL, hnum varchar(6), ts_created timestamp DEFAULT NULL, ts_updated timestamp DEFAULT NULL -- and few other tables in the same script The function runs fine if I hard code the sql query in the code and I don't see any syntax or other errors with the sql file contents since I could run those using Redshift query editor by manually copy n pasting all the DDLs. Am I missing anything or using data API is not the right approach for this use case? Error and Traceback from the lambda function execution: During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/var/runtime/bootstrap.py", line 60, in <module> main() File "/var/runtime/bootstrap.py", line 57, in main awslambdaricmain.main([os.environ["LAMBDA_TASK_ROOT"], os.environ["_HANDLER"]]) File "/var/runtime/awslambdaric/__main__.py", line 21, in main bootstrap.run(app_root, handler, lambda_runtime_api_addr) File "/var/runtime/awslambdaric/bootstrap.py", line 405, in run handle_event_request( File "/var/runtime/awslambdaric/bootstrap.py", line 165, in handle_event_request xray_fault = make_xray_fault(etype.__name__, str(value), os.getcwd(), tb_tuples) FileNotFoundError: [Errno 2] No such file or directory
1
answers
0
votes
54
views
asked 16 days ago

Create Lambda Layer Through Cloud Formation - How to make sure your request credentials have permission to GetObject for bucket?

I am able to deploy a lambda function via CloudFormation, but I wish to deploy it while including a Lambda layer for the requests library. My CloudFormation template contains the following resources: LambdaFunction (gets created successfully) LambdaIAMRole (gets created successfully) LambdaIAMPolicy (gets created successfully) LambdaScheduledRule (gets created successfully) LambdaResourcePolicy (for the LambdaScheduledRule, gets created successfully) LambdaLayer (CREATE_FAILED) Status Reason: Your access has been denied by S3, please make sure your request credentials have permission to GetObject for [bucket] xxxx-nprd-xxxx-xxx-xxxxx-us-east-2/python.zip. S3 Error Code: AccessDenied. S3 Error Message: Access Denied (Service: AWSLambdaInternal; Status Code: 403; Error Code: AccessDeniedException; Request ID: e1d25641-e4cc-47d7-abb4-f0d1b9fb4240; Proxy: null) Here is the code I used to create some of the above resources: "LambdaFunction" : { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": {"Ref" : "CodeSourceBucket" }, "S3Key": "lambdafunction.zip" }, "Environment":{ "Variables" :{ "BUCKET": {"Ref": "xxxx-nprd-xxxx-xxx-xxxxx-us-east-2"}, "BUCKET_PREFIX": {"Ref": "xxx"}, "WEBSITE_URL": {"Ref": "xxx"} } }, "EphemeralStorage" : { "Size" : 512 }, "Handler": "lambda_handler", "Role": {"Fn::GetAtt" : [ "LambdaIAMRole", "Arn" ]}, "Runtime": "python3.9", "FunctionName": { "Fn::Sub": "xxx"}, "Description": "xxx", "Timeout": "90", "MemorySize": 512 } }, "LambdaIAMRole" : { "Type": "AWS::IAM::Role", "Properties": { "RoleName": { "Fn::Sub": "xxx-role"}, "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "lambda.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "Path": "/" } }, "IAMPolicy": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": { "Fn::Sub": "xxxxxx"}, "PolicyDocument" : { "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ {"xxxx-nprd-xxxx-xxx-xxxxx-us-east-2"}, {"xxxx-nprd-xxxx-xxx-xxxxx-us-east-2/*"} ] }, { "Effect": "Allow", "Action": [ "s3:get*", "s3:put*" ], "Resource": [ {"xxxx-nprd-xxxx-xxx-xxxxx-us-east-2"}, {"xxxx-nprd-xxxx-xxx-xxxxx-us-east-2/*"} ] }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "glue:StartJobRun", "glue:GetJobRun" ], "Resource": "*" }, { "Effect": "Allow", "Action": "lambda:GetLayerVersion", "Resource": "arn:aws:lambda:us-east-x:xxxxxxxxxxxx:request_layer-2-28:1" } ] }, "Roles" : [ {"Ref":"IAMRole"} ] } }, "LambdaLayer": { "Type" : "AWS::Lambda::LayerVersion", "Properties" : { "CompatibleArchitectures" : [ "x86_64" ], "CompatibleRuntimes" : [ "python3.7", "python3.8", "python3.9" ], "Content" : { "S3Bucket": "xxxx-nprd-xxxx-xxx-xxxxx-us-east-2", "S3Key": "python.zip" }, "Description" : "Requests library" } } I was able to manually create my lambda layer for the requests library through the AWS console after creating my lambda function, but I don't know which permissions to include in the template to allow the lambda function to access the Lambda Layer of the python.zip in the S3 bucket (the python.zip contains the requests library). My stack keeps failing to be created because the LambdaLayer resource is failing. I don't see a "lambda layer" policy that I can attach to the role I am using for this lambda function. I also do not see a lambda layer resource policy. I tried to add { "Effect": "Allow", "Action": "lambda:GetLayerVersion", "Resource": "arn:aws:lambda:us-east-x:xxxxxxxxxxxx:layer:request_layer-2-28:1" } to the IAM policy, but it didn't work. Am I supposed to add "Layers" property to the LambdaFunction resource? I also tried to add { "Effect": "Allow", "Action": [ "s3:GetObject" ], to the policy but it did't work. Please help.
1
answers
0
votes
33
views
asked 19 days ago

DynamoDB Javascript v3 API GetItemCommand UnknownOperationException

I'm trying to use the JavaScript v3 api to retrieve a single item from DynamoDB in a nodejs lambda. I'm getting UnknownOperationException. Here's the parameter object I'm passing into GetItemCommand: ``` { "TableName": "test_biblestudy_tools_user", "Key": { "userid": { "S": "06f4dc4b-3368-4277-9dbe-892edec668c6" } }, "ProjectionExpression": "email" } ``` The lambda's execution role has GetItem on the table. One thing I wanted to do was turn on HTTP wire tracing for this, but I didn't see any example of how to do that when using the JavaScript v3 api. Right now all I'm configuring is the region, and I don't know how to configure anything else: ``` import { DynamoDBClient, GetItemCommand, TransactWriteItemsCommand } from '@aws-sdk/client-dynamodb'; const db_client = new DynamoDBClient({ region: 'us-east-1' }); ``` How can I configure this client for http wire trace? Would that likely show me something useful here? I tried CloudTrail Data Plane Event Logging, but the failed call doesn't create a log. Here's the full error from the CloudWatch log: ``` UnknownOperationException: UnknownError at throwDefaultError (/var/task/node_modules/@aws-sdk/client-dynamodb/node_modules/@aws-sdk/smithy-client/dist-cjs/default-error-handler.js:8:22) at deserializeAws_json1_0GetItemCommandError (/var/task/node_modules/@aws-sdk/client-dynamodb/dist-cjs/protocols/Aws_json1_0.js:1740:51) at processTicksAndRejections (node:internal/process/task_queues:96:5) at async /var/task/node_modules/@aws-sdk/client-dynamodb/node_modules/@aws-sdk/middleware-serde/dist-cjs/deserializerMiddleware.js:7:24 at async StandardRetryStrategy.retry (/var/task/node_modules/@aws-sdk/middleware-retry/dist-cjs/StandardRetryStrategy.js:51:46) at async /var/task/node_modules/@aws-sdk/middleware-logger/dist-cjs/loggerMiddleware.js:6:22 at async Runtime.handler (file:///var/task/index.js:139:23) { '$fault': 'client', '$metadata': { httpStatusCode: 400, requestId: 'c688c34f-7c64-4d9a-9eb4-3258ee5aecf6', extendedRequestId: undefined, cfId: undefined, attempts: 1, totalRetryDelay: 0 }, __type: 'com.amazon.coral.service#UnknownOperationException' } ```
2
answers
0
votes
48
views
asked 19 days ago