Running the AWS CLI Commands in an AWS Lambda Function
Last updated: June 14, 2019
The AWS Command Line Interface (CLI) is not pre-installed in the AWS Lambda execution environment.
Compared to the AWS SDK, the AWS CLI simplifies the usage of some AWS services. Depending on your use case, you may want to use the AWS CLI in your Lambda function.
This blog post describes how to include the AWS CLI into the deployment package of your Lambda function and how to run the AWS CLI commands from this Lambda function.
- If you want to keep the deployment package of your Lambda function small, you can include the AWS CLI in an AWS Lambda layer and attach this layer to the execution environment of your Lambda function.
How to Include the AWS CLI into the Deployment Package of a Lambda Function
- This procedure applies to all AWS Lambda runtimes except the Node.js 10.x runtime.
The Node.js 10.x runtime runs onAmazon Linux release 2 (Karoo)
and does not have Python pre-installed.
The AWS CLI requires Python 2.6.5 or higher.
Python 3.6 is pre-installed in Python 3.6 runtime.
Python 3.7 is pre-installed in Python 3.7 runtime.
Python 2.7 is pre-installed in the AWS Lambda execution environment in all runtimes except the Node.js 10.x runtime. That means you can run the AWS CLI commands from your Lambda function authored in any runtime except the Node.js 10.x runtime. All you need is to include the AWS CLI into the deployment package of this Lambda function.
For additional information about the AWS Lambda supported runtimes, see Exploring the AWS Lambda Execution Environment.
In the following procedure, you create an isolated Python environment using virtualenv
tool. Then, you install the AWS CLI in this environment, and, finally, include all necessary libraries and dependencies from the virtual environment into the deployment package of your Lambda function.
- Ensure that the latest version of
virtualenv
tool is installed on your system. - Create a new isolated Python environment in your current working directory.
- If your Lambda function is authored in Python 3.6 or Python 3.7, execute the following command:
virtualenv --python=python3 virtualenv-awscli
- If your Lambda function is not authored in Python 3.6 or Python 3.7, then Python 2.7 will be available in the AWS Lambda execution environment of this Lambda function. In this case, execute the following command:
A new directory tree is created.virtualenv --python=python2.7 virtualenv-awscli
- If your Lambda function is authored in Python 3.6 or Python 3.7, execute the following command:
- Activate the virtual environment.
The name of the activated virtual environment (source virtualenv-awscli/bin/activate
virtualenv-awscli
) appears on the left side of the command prompt. - Install the AWS CLI and its dependencies in the Python virtual environment.
pip install awscli
- Adjust the first (shebang) line of
aws
script located in thebin
directory of your virtual environment to use the system-wide Python interpreter. Then, add the adjusted script to the deployment package~/lambda.zip
of your Lambda function.cd $VIRTUAL_ENV/bin sed -i '1 s/^.*$/#!\/usr\/bin\/env python/' aws zip ~/lambda.zip aws
- Add the contents of
lib
andlib64
site-packages
anddist-packages
directories to the deployment package of your Lambda function.for d in 'lib' 'lib64'; do for p in 'site-packages' 'dist-packages'; do cd $VIRTUAL_ENV/$d/python*/$p 2>/dev/null && zip -r -g ~/lambda.zip .; done; done
- Deactivate the Python virtual environment.
deactivate
- Add your code and other dependencies to the deployment package
~/lambda.zip
of your Lambda function. - In the IAM role of your Lambda function, grant permissions for the actions that you want to perform using the AWS CLI.
Appendix A, How to Run the AWS CLI Commands in a Lambda Function (Python)
The following code snippet shows how, for example, you can get your AWS Account ID in your Lambda function using the AWS CLI. To use this code snippet, you must include the AWS CLI into the deployment package of your Lambda function.
# CloudBriefly.com
from __future__ import print_function
import subprocess
def lambda_handler(event, context):
print(subprocess.check_output(
'/var/task/aws sts get-caller-identity --output text --query Account',
stderr=subprocess.STDOUT,
shell=True))