After creating the Amazon SNS topic, all the Amazon SQS queues and the subscriptions, the current architecture looks like the following on:
The last missing part to complete the architecture is calling our Amazon SNS topic from our Unicorn Management Service.
In your Amazon IAM console, select Roles in the left navigation. Use the filter text box to find the role with the name wild-rydes-async-msg-2-SubmitRideCompletionFunctio-… (assuming your have chosen wild-rydes-async-msg-2
as your stack name).
Click on the role name and click Add inline policy to attache another one.
Select the JSON tab and passed the following policy statement into it, after you have substitute «…» with the correct values. It will add the permission to your Lambda function to publish messages to this particular Amazon SNS topic:
Make sure you provide the AWS ACCOUNT ID in the form of XXXXXXXXXXXX and not XXXX-XXXX-XXXX!
Click Review policy and enter the Name SubmitRideCompletionFunctionRolePolicy1
. Click Create policy. To validate this step, select on the role again and your should see 3 policies attached to your role, including the one you just have created:
In your AWS Lambda console, select Functions in the left navigation. Use the filter text box to find the function with the name wild-rydes-async-msg-2-SubmitRideCompletionFunctio-… (assuming your have chosen wild-rydes-async-msg-2
as your stack name).
Click on the function name and scroll down to the section Environment variables. Our Lambda function expects an environment variable with the Name TOPIC_ARN
. It uses this Amazon SNS topic to publish all messages to. Lookup your Amazon SNS topic name in the Amazon SNS console and add this variable. Click the Save button in the top right corner to save the change.
Open your AWS Lambda console and select Functions in the left navigation. Select the function with the name wild-rydes-async-msg-2-SubmitRideCompletionFunctio-… (assuming your have chosen wild-rydes-async-msg-2
as your stack name). Scroll a bit down to the section Function code. Add the definition of the sns client directly after the dynamodb client:
After the put item DynamoDB statement and before we are sending the response back to the caller, add the code to publish a message to Amazon SNS:
Using AWS Lambda Layers
If you are wondering why the uploaded AWS Lambda function archive is less then 1 kB, but it requires boto3 to run, here comes the answer. We are using a custom AWS Lambda layer with Python 3.6 and boto3 1.9.248. To create this layer, we only run the script below in our ‘lambda-layers’ sub-folder. In our AWS SAM template, we make use of this zip file to create the layer. Stay curious and have a look into the file ‘wild-rydes-async-messaging/lab-1/template.yaml’.
pipenv --python 3.6
pipenv shell
pipenv install boto3
PY_DIR='build/python/lib/python3.6/site-packages'
mkdir -p $PY_DIR
pipenv lock -r > requirements.txt
pip install -r requirements.txt --no-deps -t $PY_DIR
cd build
zip -r ../python_layer_with_boto3.zip .
cd ..
rm -r build
In your Cloud9 IDE for this workshop, open the SAM template file wild-rydes-async-messaging/lab-2/template.yaml
. In the Resources section, look for the SubmitRideCompletionFunction definition. It already contains one policies entry called DynamoDBCrudPolicy. Directly below, add a policy entry which grants Amazon SNS publish message permission. You can look up the supported policies here.
In your Cloud9 IDE for this workshop, open the SAM template file wild-rydes-async-messaging/lab-2/template.yaml
. In the Resources section, look for the SubmitRideCompletionFunction definition. It already contains one environment variables entry called TABLE_NAME. Directly below, add an additional variable with the key TOPIC_ARN and the corresponding value.
In your Cloud9 IDE, open the Python based AWS Lambda function wild-rydes-async-messaging/lab-2/unicorn-management-service/app.py
.
Add the definition of the sns client directly after the dynamodb client:
After the put item DynamoDB statement and before we are sending the response back to the caller, add the code to publish a message to Amazon SNS:
Run the following command to build the lab again, after we have added the additional policy:
cd ~/environment/wild-rydes-async-messaging/lab-2
sam build
Now we are ready to update the application, by running the following command to deploy the change:
sam deploy \
--guided \
--stack-name wild-rydes-async-msg-2 \
--capabilities CAPABILITY_IAM
In the meantime while your waiting, you may want to have a look at the AWS SAM template to make yourself familiar with the stack we launched. Just click on the template.yaml attachment below to see the content.
Because AWS SAM will only deploy/update/delete resources which are changed, it only takes a couple of seconds to deploy the new version.