1. Using aws lambda with acm

    TypeScript

    AWS Lambda is a serverless compute service that allows you to run code in response to events without provisioning or managing servers. AWS Certificate Manager (ACM) is a service that lets you easily provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services and your internal connected resources.

    To use an AWS Lambda function with ACM, typically there are a few steps you might need to take:

    1. Create an ACM certificate for a domain that you own.
    2. Validate the certificate so that it can be used with AWS services.
    3. Create a Lambda function that your application will use.
    4. If you're exposing your Lambda via an HTTPS endpoint, either through API Gateway or another service, you need to configure that service to use your ACM certificate.

    Below is a Pulumi TypeScript program that demonstrates how to:

    • Create an ACM certificate for a specified domain name.
    • Automatically validate the certificate using DNS.
    • Create a simple AWS Lambda function.
    import * as aws from "@pulumi/aws"; // Create an ACM certificate for your domain const cert = new aws.acm.Certificate("my-cert", { domainName: "my.example.com", validationMethod: "DNS", }); // This is the structure that a DNS-record validation will expect, but the actual // records and the way to create them will depend on where your DNS is hosted. const certValidationDomain = new aws.route53.Record("my-cert-validation", { // Zone ID for the hosted zone that you are creating this record in zoneId: "Z2FDTNDATAQYW2", // This will depend on the domain specified in the cert name: cert.domainValidationOptions.apply(options => options[0].resourceRecordName), type: cert.domainValidationOptions.apply(options => options[0].resourceRecordType), // The AWS Certificate Manager certificate to which you want to add the tag records: [cert.domainValidationOptions.apply(options => options[0].resourceRecordValue)], // The TTL of the record to add ttl: 60, }); // Create a certificate validation resource to wait for validation to complete const certValidation = new aws.acm.CertificateValidation("my-cert-validation", { certificateArn: cert.arn, validationRecordFqdns: [certValidationDomain.fqdn], }); // Define the IAM role and policy that grants the Lambda function permissions to access services/resources const lambdaRole = new aws.iam.Role("my-lambda-role", { assumeRolePolicy: `{ "Version": "2012-10-17", "Statement": [{ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } }] }`, }); // Create an AWS Lambda function; the code can be specified inline or as a deployment package const myLambda = new aws.lambda.Function("my-lambda", { code: new pulumi.asset.AssetArchive({ // Replace with actual path to Lambda code ".": new pulumi.asset.FileArchive("./path-to-lambda-deployment-package"), }), role: lambdaRole.arn, handler: "index.handler", // Replace with the actual handler path runtime: "nodejs14.x", // Replace with the runtime you are using }); // Export the ARN of the certificate and the Lambda function export const certificateArn = certValidation.certificateArn; export const lambdaFunctionArn = myLambda.arn;

    In this example, we are creating an ACM certificate and a Lambda function. We then validate the ACM certificate with DNS by creating a required DNS record in AWS Route 53 - this assumes that your domain's DNS is managed by Route 53; if it's managed elsewhere, you'll need to create the record in your DNS system.

    The Lambda function in this example is defined to be packaged and uploaded from a local path. You would replace the "./path-to-lambda-deployment-package" with the actual path to your Lambda deployment package.

    Note that for the Lambda function to interact with other AWS services, you would need to attach the appropriate permissions to lambdaRole. The Lambda's handler and runtime should also be specified according to your specific Lambda function's configuration.

    Remember, after running this Pulumi program, your Lambda function and ACM certificate are ready for use, but further integration (such as setting up an API Gateway to invoke your Lambda function via HTTPS) would require additional resources and configuration.