How can I use an AWS SAM file to migrate a Lambda function to another AWS account or Region?

4 分的閱讀內容
1

I need to move an AWS Lambda function from one AWS account or AWS Region to another AWS account or Region.

Short description

To migrate a Lambda function to another AWS account or Region, use an AWS Serverless Application Model (AWS SAM) file:

  1. Download the AWS SAM file for the Lambda function along with its deployment package.
  2. Upload the Lambda function's deployment package to an Amazon Simple Storage Service (Amazon S3) bucket in the Region that you're migrating the function to.
  3. Use the AWS SAM file and AWS CloudFormation to deploy and manage a new Lambda function in another AWS account or Region.

For more information, see Deploying a Hello World application.

Note: You can also migrate a Lambda function in the Lambda console or the AWS Command Line Interface (AWS CLI).

Resolution

Download the Lambda function AWS SAM file and its deployment package

  1. In the Lambda console, choose Functions on the left panel.
  2. Choose the name of the Lambda function that you want to migrate.
  3. In the Lambda function window, choose Actions, and then select Export Function.
  4. In the Export function window, choose Download AWS SAM file.
  5. After the AWS SAM file is downloaded, return to the Export function window, and then choose Download deployment package to download the deployment package.

Upload the Lambda function's deployment package to an Amazon S3 bucket located in the AWS Region that you're migrating the function to

  1. Sign in to the Amazon S3 console using the AWS account that you want to migrate the Lambda function to.
  2. In the Buckets list, choose the name of the S3 bucket that you want to upload your files to.
  3. Choose Upload.
  4. On the Upload page, choose Add files.
  5. Choose the Lambda function's deployment package that you downloaded. Then, choose Open.
  6. Choose Upload.
  7. Choose Files and folders. To open the deployment package, select the deployment package file name.
  8. In the Object Overview section of the file, note the S3 URI value. This is the S3 path location for the deployment package. Save the value for use in the next step.

Use the AWS SAM file and AWS CloudFormation to deploy and manage a new Lambda function in another AWS account or Region

  1. Open the Lambda function AWS SAM file that you downloaded.

    Example Lambda function AWS SAM file code

    AWSTemplateFormatVersion: '2010-09-09'
    Transform: 'AWS::Serverless-2016-10-31'
    Description: An AWS Serverless Specification template describing your function.
    Resources:
      MyLambdaFunction:
        Type: 'AWS::Serverless::Function'
        Properties:
          Handler: lambda_function.lambda_handler
          Runtime: python3.6
          CodeUri: .                #S3 bucket Link
          Description: ''
          MemorySize: 128
          Timeout: 6
          Role: 'arn:aws:iam::733097455070:role/service-role/FirstLambdaPolicy'    #Replace
          Environment:
            Variables:
              homelocation: .tmp
          Tags:
            sampleTag: test
          Tracing: Active
  2. After CodeUri, replace the dot (.) with the S3 path location of the Lambda deployment package that you retrieved in the previous step.

    Important: Make sure that the AWS Identity and Access Management (IAM) user that creates the CloudFormation stack has 's3:GetObject' permission for this S3 object.

  3. Migrate a function to another AWS account:
    For the Role: value, delete the existing IAM role ARN. Then, replace the value with the IAM role ARN in the second AWS account.
    For functions with layers, add a permission in the layer for the second AWS account that allows that layer to use the first account's layer. Or, replace the Lambda layer ARN in the AWS SAM file with the Lambda layer ARN in the second AWS account.

    -or-

    Migrate a function to another Region:
    For the Role: value, continue using the existing IAM role ARN.
    For functions with layers, replace the Lambda layer ARN with the Lambda layer ARN in the second AWS Region.

    Important: For functions in a virtual private cloud (VPC), replace the values for SecurityGroupdIds and SubnetIds with the resources in the second AWS account or Region.

  4. For functions with event sources, the event source configuration isn't exported as part of the AWS SAM file that's downloaded from Lambda function. To match the original event source with the resource values from your second account or Region, see the syntax for the "events" property. Then, add the events to the AWS SAM file in your second AWS account or Region.

  5. Use the edited AWS SAM file to create an AWS CloudFormation stack in the second AWS account or Region that you want to migrate the function to.

    Note: After you create the AWS CloudFormation stack, the migrated Lambda function appears in your Lambda console.

AWS 官方
AWS 官方已更新 8 個月前