You can find the relevant set of steps for accessing your Amazon Aurora instance using Lambda in the following documentation:
[+] Tutorial: Configuring a Lambda Function to Access Amazon RDS in an Amazon VPC – https://docs.aws.amazon.com/lambda/latest/dg/vpc-rds.html
I also carried out a test for connecting to my Aurora instance from Lambda. Following are the steps taken by me in order to achieve the same:
Create an Aurora Cluster and connect to the Writer instance using cluster endpoint. Create sample database and table. (Make sure you have correct set of source IP address given in the Security group of the instance for allowing successful connection. )
Now coming to creating a Lambda function to access the Aurora instance:
Creating Role
To start with, we first need to create an execution role that gives your lambda function permission to access AWS resources.
Please follow the to create an execution role:
1. Open the roles page in the IAM console: https://console.aws.amazon.com/iam/home#/role
2. Choose Roles from the left dashboard and select Create role.
3. Under the tab “Choose the service that will use this role” select Lambda and then Next:Permissions
4. Search for “AWSLambdaVPCAccessExecutionRole”. Select this and then Next:Tags
5. Provide a Tag and then a Role Name (ex. lambda-vpc-role) and then Create Role.
The AWSLambdaVPCAccessExecutionRole has the permissions that the function needs to manage network connections to a VPC.
Creating Lambda Function
Please follow the below steps to create a Lambda function:
1. Open the Lambda Management Console : https://console.aws.amazon.com/lambda
2. Choose Create a function
3. Choose In Author from scratch, and then do the following:
* In Name*, specify your Lambda function name.
* In Runtime*, choose Python 2.7.
* In Execution Role*, choose “Use an existing role”.
* In Role name*, enter a name for your role which was previously created “lambda-vpc-role”.
4. Choose create function.
5. Once you have created the lambda function, navigate to the function page .
6. In the function page, Under Networks Section do the following.
* In VPC, choose default VPC
* In Subnets*, choose any two subnets
* In Security Groups*, choose the default security group
7. Click on Save
Setting up Lambda Deployment Environment
Next you will need to set up a deployment environment to deploy a python code that connects to the RDS database.
To connect to a Aurora using Python you will need to import pymysql module. Hence we need to install dependencies with Pip and create a deployment package. In your local console please execute these commands in your local environment.
1. Creating a local directory which will be the deployment package:
$ mkdir rds_lambda;
$ cd rds_lambda/
$ pwd
/Users/user/rds_lambda
2. Install pymysql module
$ pip install pymysql -t /Users/user/rds_lambda
By executing the above command you will install the pymysql module in your current directory
3. Next create a python file which contain the code to connect to the RDS instance:
$sudo nano connectdb.py
I have attached the file “connectdb.py” which has the Python code to connect to the RDS instance.
4. Next we need to zip current directory and upload it to the lambda function.
$ zip -r rds_lambda.zip `ls`
The above command creates a zip file “rds_lambda.zip” which we will need to upload to the lambda function.
Navigate to the newly created lambda function Console page :
1. In the Function Code section -> Code Entry Type -> From the drop down select upload a zip file
2. Browse the zip file from the local directory
3. Next you in the Function Code Section you will have to change the Handler to pythonfilename.function (ex. connectdb.main).
4. Click Save.
5. Next you will need to Add the security group of the Lambda Function in your RDS Security group.
6. After that test the connection, by creating a test event.
If you see that the execution successful then the connection has been made.
You may also go through the below video link which will give a detailed explanation on how to connect to an RDS instance using a lambda function
[+]https://www.youtube.com/watch?v=-CoL5oN1RzQ&vl=en
Followed by successfully establishing the connection, you can modify the python file to query databases inside the Aurora instance.
——————————————————————————————————————————
I put a lot of thoughts into these blogs, so I could share the information in a clear and useful way. If you have any comments, thoughts, questions, or you need someone to consult with, feel free to contact me: