Skip to content
This repository has been archived by the owner on Nov 16, 2022. It is now read-only.

AWS lambda executor setup

Jump to bottom
Nattharat Kondanna Wiriyakulnan edited this page Sep 14, 2020 · 16 revisions

AWS lambda executor setup

Setting Up Yoda with Lambda Executor

Yoda uses an external executor to resolve requests to data sources. Currently, it supports AWS Lambda (through REST interface). In future releases, yoda will support more executors and allow you to specify multiple executors to add redundancy.

Creating Lambda Function

In your AWS account, go to AWS Lambda Page and click Create function.

Follow the following steps:

  • Select Author from Scratch
  • Choose your Function name It will be your endpoint route.
  • Set Runtime to Python 3.7
  • For permission, if you don't have an existing role, create a new one.

Click Create function. Once everything is complete, You will see this page.

Scroll down to Function code panel and click Actions -> Upload a .zip file. You will need to upload (the runtime zip)[TODO: update url].

Scroll down to Environment variables section and add 2 environment variables: MAX_EXECUTABLE to 8192 (8 MB) and MAX_DATA_SIZE to 256.

Scroll further to Basic Settings and update the runtime configurations. We recommend using 512MB RAM and 12 seconds timeout.

We will use API Gateway for receiving a request from our Yoda program. Let’s create a new trigger by clicking + Add trigger -> API Gateway and follow the setup wizard to create a new API endpoint connecting to your Lambda function.

Once completed, you will see the API endpoint that will be used as the endpoint URL to test your Lambda function.

You can now test the endpoint using curl

curl --location --request POST '<your_api_endpoint>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "executable": "IyEvdXNyL2Jpbi9lbnYgcHl0aG9uMwoKaW1wb3J0IHN5cwoKZGVmIG1haW4oZGF0YSk6CiAgICByZXR1cm4gZGF0YQoKCmlmIF9fbmFtZV9fID09ICJfX21haW5fXyI6CiAgICB0cnk6CiAgICAgICAgcHJpbnQobWFpbigqc3lzLmFyZ3ZbMTpdKSkKICAgIGV4Y2VwdCBFeGNlcHRpb24gYXMgZToKICAgICAgICBwcmludChzdHIoZSksIGZpbGU9c3lzLnN0ZGVycikKICAgICAgICBzeXMuZXhpdCgxKQo=",
    "calldata": "\"Hello lambda\"",
    "timeout": 3000
}'

The expected result should be:

{
    "returncode": 0,
    "stdout": "Hello lambda\n",
    "stderr": "",
    "error": "",
    "version": "lambda:1.3.0"
}
```T

If all goes well, you can configure the endpoint as `yoda`’s executor.

```shell
yoda config executor "rest:<your_aws_lambda_endpoint>?timeout=7s"

A Lambda Authorizer (optional)

NOTE: If you skip this section, Yoda still works.

This section will introduce how to improve API Gateway security by attaching an authorizer.

A Lambda authorizer (formerly known as a custom authorizer) is an API Gateway feature that uses a Lambda function to control access to your API.

Creating Authorizer Function

In your AWS account, go to AWS Lambda Page and click Create function.

Follow the following steps:

  • Select Author from Scratch
  • Fill your Function name It will be your endpoint route.
  • Select Runtime to Python 3.7
  • For permission if you don't have an existing role, create a new one.

Click Create function. Once everything is complete, You will see this page.

Scroll down to Function code panel and click Actions -> Upload a .zip file. You will need to upload (the runtime zip)[TODO: add link].

Scroll down to "Environment variables" section and add an environment variable: JWT_SECRET_KEY to <YOUR_JWT_SECRET>

Attaching Your Authorizer

In your AWS account, go to API Gateway page and click your API Gateway.

Click Authorization on API Gateway left sidebar

Click Manage authorizers and Create authorizer

We will use the Lambda as the authorizer type and choose Lambda function to Lambda authorizer that we set up on Creating Lambda Function section

Aftter that's done, go back the to Attach authorizers to routes menu. Click ANY, choose your authorizer, then click Attach authorizer

Once complete, you will see a Lambda badge

Setting Up Yoda Config

First, We add the secret key to Yoda.

$ yoda config jwt-secret-key <YOUR_JWT_SECRET>

You can test it with cURL.

$ curl --location --request POST <YOUR_API_ENDPOINT> \
    --header 'Content-Type: application/json' \
    --header 'Authorization: '"$(yoda auth signed-token)"'' \
    --data-raw '{
    "executable": "IyEvdXNyL2Jpbi9lbnYgcHl0aG9uMwoKaW1wb3J0IHN5cwoKZGVmIG1haW4oZGF0YSk6CiAgICByZXR1cm4gZGF0YQoKCmlmIF9fbmFtZV9fID09ICJfX21haW5fXyI6CiAgICB0cnk6CiAgICAgICAgcHJpbnQobWFpbigqc3lzLmFyZ3ZbMTpdKSkKICAgIGV4Y2VwdCBFeGNlcHRpb24gYXMgZToKICAgICAgICBwcmludChzdHIoZSksIGZpbGU9c3lzLnN0ZGVycikKICAgICAgICBzeXMuZXhpdCgxKQo=",
    "calldata": "\"Hello lambda\"",
    "timeout": 3000
    }'

The expected result should be:

{
    "returncode": 0,
    "stdout": "Hello lambda\n",
    "stderr": "",
    "error": "",
    "version": "lambda:1.3.0"
}

Whitepaper

Technical Specifications

Guide

Clone this wiki locally