@aws-solutions-constructs/aws-s3-lambda

CDK Constructs for AWS S3 to AWS Lambda integration

Usage no npm install needed!

<script type="module">
  import awsSolutionsConstructsAwsS3Lambda from 'https://cdn.skypack.dev/@aws-solutions-constructs/aws-s3-lambda';
</script>

README

aws-s3-lambda module

Stability: Stable

Reference Documentation: https://docs.aws.amazon.com/solutions/latest/constructs/
Language Package
Python Logo Python aws_solutions_constructs.aws_s3_lambda
Typescript Logo Typescript @aws-solutions-constructs/aws-s3-lambda
Java Logo Java software.amazon.awsconstructs.services.s3lambda

This AWS Solutions Construct implements an Amazon S3 bucket connected to an AWS Lambda function.

Here is a minimal deployable pattern definition in Typescript:

import { S3ToLambdaProps, S3ToLambda } from '@aws-solutions-constructs/aws-s3-lambda';

new S3ToLambda(this, 'test-s3-lambda', {
    lambdaFunctionProps: {
        code: lambda.Code.fromAsset(`${__dirname}/lambda`),
        runtime: lambda.Runtime.NODEJS_14_X,
        handler: 'index.handler'
    },
});

Initializer

new S3ToLambda(scope: Construct, id: string, props: S3ToLambdaProps);

Parameters

Pattern Construct Props

Name Type Description
existingLambdaObj? lambda.Function Existing instance of Lambda Function object, providing both this and lambdaFunctionProps will cause an error.
lambdaFunctionProps? lambda.FunctionProps Optional user provided props to override the default props for the Lambda function.
existingBucketObj? s3.Bucket Existing instance of S3 Bucket object. If this is provided, then also providing bucketProps is an error.
bucketProps? s3.BucketProps Optional user provided props to override the default props for the S3 Bucket.
s3EventSourceProps? S3EventSourceProps Optional user provided props to override the default props for S3EventSourceProps
loggingBucketProps? s3.BucketProps Optional user provided props to override the default props for the S3 Logging Bucket.
logS3AccessLogs? boolean Whether to turn on Access Logging for the S3 bucket. Creates an S3 bucket with associated storage costs for the logs. Enabling Access Logging is a best practice. default - true

Pattern Properties

Name Type Description
lambdaFunction lambda.Function Returns an instance of the lambda.Function created by the construct
s3Bucket? s3.Bucket Returns an instance of the s3.Bucket created by the construct
s3LoggingBucket? s3.Bucket Returns an instance of s3.Bucket created by the construct as the logging bucket for the primary bucket.
s3BucketInterface s3.IBucket Returns an instance of s3.IBucket created by the construct

Default settings

Out of the box implementation of the Construct without any override will set the following defaults:

Amazon S3 Bucket

  • Configure Access logging for S3 Bucket
  • Enable server-side encryption for S3 Bucket using AWS managed KMS Key
  • Enforce encryption of data in transit
  • Turn on the versioning for S3 Bucket
  • Don't allow public access for S3 Bucket
  • Retain the S3 Bucket when deleting the CloudFormation stack
  • Applies Lifecycle rule to move noncurrent object versions to Glacier storage after 90 days

AWS Lambda Function

  • Configure limited privilege access IAM role for Lambda function
  • Enable reusing connections with Keep-Alive for NodeJs Lambda function
  • Enable X-Ray Tracing
  • Set Environment Variables
    • AWS_NODEJS_CONNECTION_REUSE_ENABLED (for Node 10.x and higher functions)

Architecture

Architecture Diagram

© Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.