This is a sample repository for a Lambda function that runs when an object is uploaded to a specific S3 bucket (source bucket) and copies it to another one (target bucket). After copying the file, it also writes into a DynamoDB table the following metadata: the name of the file, timestamp when the file was uploaded, file size in MBs and finally whether the filename contains specific words or not.

The structure of this project is the following:

• s3_to_s3_copy - Code for the application's Lambda function.
• events - Invocation events that you can use to invoke the function.
• template.yaml - A template that defines the application's AWS resources.

The following resources will be created when you deploy the application:

• VPC
• Private Subnet
• No Ingress security group
• Route table
• DynamoDB table
• Lambda function
• An IAM role for the lambda function
• S3 source bucket
• S3 target bucket
• A gateway VPC endpoint for S3
• A gateway VPC endpoint for DynamoDB

CAUTION: most of these resources are included in the AWS Free Tier but be careful and delete these resources once you test the project if you do not want to get charged.

To use the SAM CLI, you need the following tools. If you wish to use the --use-container option you must additionally install Docker on your computer.

• SAM CLI - Install the SAM CLI
• Python 3 installed

To build and deploy your application for the first time, run the following in your shell:

sam build
sam deploy --guided

IMPORTANT: You may override the default parameters defined in the template.yaml file after running the deploy command. If you choose to save the deployment configuration during this process, you may simply run sam deploy for subsequent deployments after building the code.

The first command will build the source of your application. The second command will package and deploy your application to AWS, with a series of prompts:

• Stack Name: The name of the stack to deploy to CloudFormation. This should be unique to your account and region, and a good starting point would be something matching your project name.
• AWS Region: The AWS region you want to deploy your app to.
• Confirm changes before deploy: If set to yes, any change sets will be shown to you before execution for manual review. If set to no, the AWS SAM CLI will automatically deploy application changes.
• Allow SAM CLI IAM role creation: Many AWS SAM templates, including this example, create AWS IAM roles required for the AWS Lambda function(s) included to access AWS services. By default, these are scoped down to minimum required permissions. To deploy an AWS CloudFormation stack which creates or modifies IAM roles, the CAPABILITY_IAM value for capabilities must be provided. If permission isn't provided through this prompt, to deploy this example you must explicitly pass --capabilities CAPABILITY_IAM to the sam deploy command.
• Save arguments to samconfig.toml: If set to yes, your choices will be saved to a configuration file inside the project, so that in the future you can just re-run sam deploy without parameters to deploy changes to your application.

You may use these sample responses to the y/n questions if you are not familiar with AWS or SAM CLI:

  Confirm changes before deploy [y/N]: y
  Allow SAM CLI IAM role creation [Y/n]: y
  Disable rollback [y/N]: n
  Save arguments to configuration file [Y/n]: y
  SAM configuration file [samconfig.toml]:
  SAM configuration environment [default]:

A basic pipeline has been created for this project using the sam pipeline init --bootstrap command which builds and deploys the new stack to AWS when code is pushed to the repository. If you wish to clone this repo you would either remove the .github folder and run the aforementioned command with your own choices and add the credential secrets to your repository's secrets or create an entirely new pipeline.

The template provided by AWS included two stages one for a dev environment and one for production however since this repository is a sample, pipeline code related to the production environment has been commented out.

CAUTION: using sam pipelines creates a secret in Secrets Manager which is not included in Free tier. As a challenge, you can investigate the generated IAM roles and create a user with the necessary privileges without using this command.

To simplify troubleshooting, SAM CLI has a command called sam logs. sam logs lets you fetch logs generated by your deployed Lambda function from the command line.

sam logs -n AWSS3FileUpload --stack-name <stack_name> --tail

To delete the sample application that you created, use the AWS CLI. Assuming you used your project name for the stack name, you can run the following:

IMPORTANT: Your S3 buckets should not have any objects before running one of the following commands. You may use aws s3 rm s3://bucket-name --recursive to empty your source and target buckets before deleting the project.

aws cloudformation delete-stack --stack-name <stack_name>

or

sam delete