AWS Lambda Event Source Mapping

This page shows how to write Terraform and CloudFormation for Lambda Event Source Mapping and write them securely.

aws_lambda_event_source_mapping (Terraform)

The Event Source Mapping in Lambda can be configured in Terraform with the resource name aws_lambda_event_source_mapping. The following sections describe 2 examples of how to use the resource and its parameters.

Example Usage from GitHub

lambda.tf#L13
resource "aws_lambda_event_source_mapping" "consumer-sqs" {
  event_source_arn = aws_sqs_queue.test-sqs.arn
  enabled          = true
  function_name    = aws_lambda_function.consumer-sqs.arn
  batch_size       = 1
}
main.tf#L80
resource "aws_lambda_event_source_mapping" "dog_processor_trigger" {
  event_source_arn              = aws_kinesis_stream.caught_dogs_stream.arn
  function_name                 = "dogProcessor"
  batch_size                    = 1
  starting_position             = "LATEST"
  enabled                       = true

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Provides a Lambda event source mapping. This allows Lambda functions to get events from Kinesis, DynamoDB, SQS, Amazon MQ and Managed Streaming for Apache Kafka (MSK). For information about Lambda and how to use it, see [What is AWS Lambda?][1]. For information about event source mappings, see [CreateEventSourceMapping][2] in the API docs.

Tips: Best Practices for The Other AWS Lambda Resources

In addition to the aws_lambda_permission, AWS Lambda has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_lambda_permission

Ensure to limit your Lambda function permission as much as possible

It is better for limiting the Lambda function permission to set `source_arn` if the ARN can be specified to grant permissions.

Review your AWS Lambda settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::Lambda::EventSourceMapping (CloudFormation)

The EventSourceMapping in Lambda can be configured in CloudFormation with the resource name AWS::Lambda::EventSourceMapping. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

serverless.yml#L65
      Type: AWS::Lambda::EventSourceMapping
      Properties:
        StartingPosition: LATEST
        EventSourceArn: !GetAtt StatsTable.StreamArn
        FunctionName: !GetAtt TableStreamConsumerLambdaFunction.Arn
        MaximumRetryAttempts: 1
cis-streams-and-vault.yml#L58
    Type: "AWS::Lambda::EventSourceMapping"
    Properties:
      BatchSize: 10
      Enabled: True
      EventSourceArn:
        Fn::Join:
CSD-DYNAMODB-TABLE.yml#L230
    Type: AWS::Lambda::EventSourceMapping
    Properties:
      BatchSize: 100
      Enabled: True
      EventSourceArn: !GetAtt CsdRoute.StreamArn
      FunctionName:
CSD-DYNAMODB-TABLE.yml#L230
    Type: AWS::Lambda::EventSourceMapping
    Properties:
      BatchSize: 100
      Enabled: True
      EventSourceArn: !GetAtt CsdRoute.StreamArn
      FunctionName:
cf-dev-gamechanger-v2-env.yml#L159
    Type: AWS::Lambda::EventSourceMapping
    Properties:
      BatchSize: 10
      Enabled: true
      EventSourceArn: !GetAtt SQSPaymentResponseToTwitch.Arn
      FunctionName: !GetAtt LFPaymentResponseToTwitch.Arn
aws_lambda.json#L33
    "path": "/ResourceTypes/AWS::Lambda::EventSourceMapping/Properties/BatchSize/Value",
    "value": {
      "ValueType": "AWS::Lambda::EventSourceMapping.BatchSize"
    }
  },
  {
userMutationLog-cloudformation-template.json#L303
      "Type": "AWS::Lambda::EventSourceMapping",
      "DependsOn": [
        "LambdaTriggerPolicyUser",
        "LambdaExecutionRole"
      ],
      "Properties": {
function_with_batch_window.json#L12
      "Type": "AWS::Lambda::EventSourceMapping",
      "Properties": {
        "MaximumBatchingWindowInSeconds": 20,
        "EventSourceArn": {
          "Fn::GetAtt": [
            "KinesisStream",
function_with_batch_window.json#L12
      "Type": "AWS::Lambda::EventSourceMapping",
      "Properties": {
        "MaximumBatchingWindowInSeconds": 20,
        "EventSourceArn": {
          "Fn::GetAtt": [
            "KinesisStream",
function_with_batch_window.json#L12
      "Type": "AWS::Lambda::EventSourceMapping",
      "Properties": {
        "MaximumBatchingWindowInSeconds": 20,
        "EventSourceArn": {
          "Fn::GetAtt": [
            "KinesisStream",

Parameters

Explanation in CloudFormation Registry

The AWS::Lambda::EventSourceMapping resource creates a mapping between an event source and an AWS Lambda function. Lambda reads items from the event source and triggers the function.

For details about each event source type, see the following topics. In particular, each of the topics describes the required and optional parameters for the specific event source.

Frequently asked questions

What is AWS Lambda Event Source Mapping?

AWS Lambda Event Source Mapping is a resource for Lambda of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Lambda Event Source Mapping?

For Terraform, the tochukaso/terraform and rodrigogregorioneri/localstack_terraform source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the broswen/StatsStream, mozilla-iam/cis_functions and mmanoj880/DevOps source code examples are useful. See the CloudFormation Example section for further details.