Update Unicorn Management Service

After creating the Amazon SNS topic and all the subscriptions, the current architecture looks like the following on:

Step 1

The last missing part to complete the architecture is calling our Amazon SNS topic from our Unicorn Management Service.

1. Grant additional IAM permissions to Lambda

In your Amazon IAM console, select Roles in the left navigation. Use the filter text box to find the role with the name wild-rydes-async-msg-1-SubmitRideCompletionFunctio-… (assuming your have chosen wild-rydes-async-msg-1 as your stack name).

Detailed description

Click on the role name and click Add inline policy to attache another one.

Detailed description

Select the JSON tab and passed the following policy statement into it, after you have substitute «…» with the correct values. It will add the permission to your Lambda function to publish messages to this particular Amazon SNS topic:

policy

Make sure you provide the AWS ACCOUNT ID in the form of XXXXXXXXXXXX and not XXXX-XXXX-XXXX!

Click Review policy and enter the Name SubmitRideCompletionFunctionRolePolicy1. Click Create policy. To validate this step, select on the role again and your should see 3 policies attached to your role, including the one you just have created:

Detailed description

2. Provide the Amazon SNS topic ARN to Lambda

In your AWS Lambda console, select Functions in the left navigation. Use the filter text box to find the function with the name wild-rydes-async-msg-1-SubmitRideCompletionFunctio-… (assuming your have chosen wild-rydes-async-msg-1 as your stack name).

Detailed description

Click on the function name and scroll down to the section Environment variables. Our Lambda function expects an environment variable with the Name TOPIC_ARN. It uses this Amazon SNS topic to publish all messages to. Lookup your Amazon SNS topic name in the Amazon SNS console and add this variable. Click the Save button in the top right corner to save the change.

Detailed description

3. Update your Lambda function to call Amazon SNS

Open your AWS Lambda console and select Functions in the left navigation. Select the function with the name wild-rydes-async-msg-1-SubmitRideCompletionFunctio-… (assuming your have chosen wild-rydes-async-msg-1 as your stack name). Scroll a bit down to the section Function code. Add the definition of the sns client directly after the dynamodb client:

Cheat Sheet

After the put item DynamoDB statement and before we are sending the response back to the caller, add the code to publish a message to Amazon SNS:

Cheat Sheet
Detailed description

Using AWS Lambda Layers
If you are wondering why the uploaded AWS Lambda function archive is less then 1 kB, but it requires boto3 to run, here comes the answer. We are using a custom AWS Lambda layer with Python 3.6 and boto3 1.9.248. To create this layer, we only run the script below in our ‘lambda-layers’ sub-folder. In our AWS SAM template, we make use of this zip file to create the layer. Stay curious and have a look into the file ‘wild-rydes-async-messaging/lab-1/template.yaml’.

pipenv --python 3.6
pipenv shell
pipenv install boto3
PY_DIR='build/python/lib/python3.6/site-packages'
mkdir -p $PY_DIR
pipenv lock -r > requirements.txt
pip install -r requirements.txt --no-deps -t $PY_DIR
cd build
zip -r ../python_layer_with_boto3.zip .
cd ..
rm -r build

1. Grant additional IAM permissions to Lambda

In your Cloud9 IDE for this workshop, open the SAM template file wild-rydes-async-messaging/lab-1/template.yaml. In the Resources section, look for the SubmitRideCompletionFunction definition. It already contains one policies entry called DynamoDBCrudPolicy. Directly below, add a policy entry which grants Amazon SNS publish message permission. You can look up the supported policies here.

Cheat Sheet
Detailed description

2. Provide the Amazon SNS topic ARN to Lambda

In your Cloud9 IDE for this workshop, open the SAM template file wild-rydes-async-messaging/lab-1/template.yaml. In the Resources section, look for the SubmitRideCompletionFunction definition. It already contains one environment variables entry called TABLE_NAME. Directly below, add an additional variable with the key TOPIC_ARN and the corresponding value.

Cheat Sheet
Detailed description

3. Update your Lambda function to call Amazon SNS

In your Cloud9 IDE, open the Python based AWS Lambda function wild-rydes-async-messaging/lab-1/unicorn-management-service/app.py.
Add the definition of the sns client directly after the dynamodb client:

Cheat Sheet

After the put item DynamoDB statement and before we are sending the response back to the caller, add the code to publish a message to Amazon SNS:

Cheat Sheet
Detailed description

4. Deploy the updated AWS SAM template

Run the following command to build the lab again, after we have added the additional policy:

cd ~/environment/wild-rydes-async-messaging/lab-1
sam build

Now we are ready to update the application, by running the following command to deploy the change:

sam deploy \
    --guided \
    --stack-name wild-rydes-async-msg-1 \
    --capabilities CAPABILITY_IAM

Because AWS SAM will only deploy/update/delete resources which are changed, it only takes a couple of seconds to deploy the new version.