AWS Lambda

In this lab you will experiment the AWS Lambda

This is an introductory (100 level) lab to help you to explore AWS Lambda.


You need:


In this lab you will experiment creating a simple Lambda Function that will consume data from Simple Systems Manager.

This lambda function will consume the configuration for a system, stored on the SSM's Parameter Store. We are considering that all parameters for a certain system will have the form /systems/<systemName>/config, where <systemName> is, obvioulsy, the name of the system to which we want to retrieve the configuration.

Task: Creating the parameters for your hypothetical system

  1. Visit the Systems Manager page on your AWS console.
  2. At the menu on the left, select Parameter Store.
  3. Click on Create parameter.
  4. For Name, input /systems/<prefix>system01/config.
  5. You use Description to provide an informative description about the purpose of this parameter.
  6. For Tier, select Standard. We are willing to run under free tier.
  7. Type is String for our case.
  8. For Value, input the following JSON, as an example:
      "url" : ""
    Your parameter creation window will be similar to the following one:
  9. Click on Create parameter.

Task: Creating your Lambda function

  1. Visit your Lambda page on the AWS Console.
  2. Click on the button Create function.
  3. Select Author from scratch.
  4. Under the section Basic information
    1. For Function Name, input <prefix>SystemConfig
    2. For Runtime, select the latest version for Node.js
    3. For Permissions, we need to give permissions to our Lambda function to access Systems Manager.
      1. Click on Choose or create an execution role. This will unfold a section where we will be able to trigger the creation of the role for this Lambda function.
      2. Leave the option Create a new role with basic Lambda permissions selected. See that below on the page there is a reference about the role that will be created, which starts exactly with the function name. Take note of this role.
    4. Click on Create function. The Lambda Designed and Function code sections will show up.
  5. Edit the code to include the line console.log(event), like below:
  6. exports.handler = async (event) => {
    // The following line records the received event at the function's logs
     console.log(event);   const response = {         statusCode: 200,         body: JSON.stringify('Hello from Lambda!'),     }; return response; };
  7. On the top, right hand side of the page, click on Save.
  8. To check that everything went well, lets do a small test:
    1. Click on the drop down button labeled as Select a test event (It's at the top, at the left hand side of the Test button), and select Configure test events.
    2. Configure the event like shown below
    3. Click on the Create button
    4. On the top, click on Test
    5. If everything went well, at the top of the page a message Execution result: succeeded (logs) will appear.
    6. Click on the link labeled as logs. It will take you to CloudWatch Logs, where you will be able to check that the receiving event was properly registered on the logs.

Task: Adjusting the permissions for your Lambda function

We want to make this Lambda function to consume information from SSM. For that, we need to change the role attached to the Lambda function, and include on it the proper policy.

Let's add an inline policy that will grant our Lambda permissions to consume to Systems Manager.

  1. Go to the IAM Console.
  2. Click on Roles.
  3. Search for the role that was created when we created the Lambda function. The role name starts with<prefix>SystemConfig. You can also check the name of the role at the section Execution role on the Lambda function configuration page.
  4. Click on Add inline policy. The window to create the policy will show up.
  5. For Service, select Systems Manager.
  6. For Actions, choose GetParameter.
  7. For Resources, click on Add ARN.
    1. For region, include the region where you are working on (example: eu-west-2).
    2. For account, input your account Id.You can get your account id by visiting the option My Account at your AWS console.
    3. For Fully qualified parameter name, enter systems/*/config. This means that you will be able to retrieve the configuration for all systems. Suppose we are retrieving the config for a system named "ticketing", then the parameter will be systems/ticketing/config.
    4. Click on Add.
  8. Click on Review Policy.
  9. Give an informative name for the policy, like SystemsManagerPermissions.
  10. Click on Create Policy.

Now our lambda function is able to call SSM. Let's change the code.

Task: Adjusting your Lambda function code - Calling SSM

Replace the code for your Lambda code with the following code

const AWS = require('aws-sdk');
const SSM = new AWS.SSM();

exports.handler = async (event) => {
// logging the received event
    var responseFromSSM = null;
    var result = null;
    if (!event.Name)
// event does not have the proper format
            result = {
                "statusCode" : 400,
                "body" : "Invalid parameter"
        try {
// parameter expected by SSM.getParameter
            var parameter = {
                "Name" : "/systems/"+event.Name+"/config"
            responseFromSSM = await SSM.getParameter(parameter).promise();
            var value = responseFromSSM.Parameter.Value;  
            result = {
                "statusCode" : 200,
                "body" : value
        } catch(err) {
            if (err.StatusCode)
                    result = {
                        "statusCode" : err.StatusCode,
                        "body" : err.code
                    result = {
                        "statusCode" : 500,
                        "body" : err.code
    return result;

Test the code using valid and invalid parameters.

Check the logs.

Finishing the lab

You have finished the lab.

Clear your account by:

  1. Deleting the Lambda function
  2. Deleting the role associated to the Lambda function