AWS Lambda with Pulumi

Introduction

Pulumi provides multi cloud IaC platform using programming languages such as TypeScript, JavaScript, Python, Go, C#, Java, YAML. I will be using Go language runtime to create AWS Lambda function.

On saving the json document on S3 bucket, a lambda function gets triggered to POST the payload to external API api.writeonce.de.

IAM Permission Policies for IaC and Pulumi Login

Pulumi respects the AWS credentials configured in the system. Create a AWS user with policy IAMFullAccess and PowerUserAccess. Configure the AWS credentials in the system, providing a profile is optional. I have configured a profile named writeonce-iac.

pulumi config set aws:profile writeonce-iac

name: writeonce-function-s3
description: A minimal AWS Go Pulumi program
runtime: go
config:
  aws:profile: writeonce-iac
  aws:region: eu-central-1

  pulumi:tags:
    value:
      pulumi:template: aws-go

To manage the state of Pulumi you can create S3 bucket in AWS, I named it as writeonce-pulumi-state. Then login to pulumi by providing the S3 bucket url along with credentials profile.

pulumi login s3://writeonce-pulumi-state?profile=writeonce-iac

Happy coding

Link: writeonce-function

References

• Pulumi aws.lambda.Function