1. Using aws lambda with rds

    TypeScript

    In this Pulumi program, we are going to create an AWS Lambda function that interacts with an Amazon RDS (Relational Database Service) instance. The AWS Lambda service allows you to run code without provisioning or managing servers, and RDS provides a managed relational database service with various database engines.

    We will perform the following steps:

    1. Set up an Amazon RDS instance.
    2. Create an IAM role and policy that grants the necessary permissions for the Lambda function to access the RDS instance.
    3. Create a Lambda function and attach the IAM role to it.
    4. Set up networking by placing our RDS instance and Lambda function in a VPC, and assign the appropriate security groups to allow network traffic between them.

    Here's the Pulumi program:

    import * as aws from "@pulumi/aws"; import * as pulumi from "@pulumi/pulumi"; // Create a new VPC for our RDS and Lambda to communicate const vpc = new aws.ec2.Vpc("myVpc", { cidrBlock: "10.0.0.0/16", }); // Create subnet groups for the RDS instance const subnetGroup = new aws.rds.SubnetGroup("mySubnetGroup", { subnetIds: vpc.publicSubnetIds, }); // Create an RDS instance const db = new aws.rds.Instance("myDb", { instanceClass: "db.t2.micro", engine: "mysql", username: "admin", password: "mySecretPassword", dbSubnetGroupName: subnetGroup.name, skipFinalSnapshot: true, }); // Create an IAM role and policy that will be used by Lambda function const lambdaExecutionRole = new aws.iam.Role("lambdaExecutionRole", { assumeRolePolicy: { Version: "2012-10-17", Statement: [{ Action: "sts:AssumeRole", Effect: "Allow", Principal: { Service: "lambda.amazonaws.com", }, }], }, }); // Attach the AWS managed policy which allows the Lambda function to execute const rolePolicyAttachment = new aws.iam.RolePolicyAttachment("lambdaRolePolicy", { role: lambdaExecutionRole, policyArn: aws.iam.ManagedPolicies.AWSLambdaVPCAccessExecutionRole, }); // Create a new Lambda function, it will use the role created above const lambdaFunction = new aws.lambda.Function("myFunction", { runtime: aws.lambda.NodeJS12dXRuntime, code: new pulumi.asset.AssetArchive({ // Use a dummy handler for demonstration purposes (you would replace this with your own code package) "index.js": new pulumi.asset.StringAsset(` exports.handler = async function(event) { console.log("Event: ", event); // Here you would write your logic to interact with RDS instance return { statusCode: 200, body: JSON.stringify({ message: "Hello World" }), }; }; `), }), handler: "index.handler", role: lambdaExecutionRole.arn, vpcConfig: { // Ensure the Lambda function can access the VPC subnetIds: vpc.publicSubnetIds, securityGroupIds: [db.vpcSecurityGroupId], }, }); // Export the DNS name of the RDS instance and the name of the Lambda function export const dbEndpoint = db.endpoint; export const lambdaFunctionName = lambdaFunction.name;

    In this program, we're starting by setting up a new VPC (myVpc) that provides a network where our Lambda function and RDS instance can privately communicate. We then create a subnet group required for the RDS instance to be associated with subnets in our VPC.

    The RDS database (myDb) is configured with MySQL as the database engine. We're skipping the final snapshot on deletion for simplification in this demonstration, but in a production scenario, you would likely want to set this to false to capture a final backup of your database.

    The IAM Role (lambdaExecutionRole) and the attachment (rolePolicyAttachment) will allow the Lambda function to assume a role that has the necessary permissions for execution, including VPC access.

    Finally, we define the Lambda function (myFunction) with a sample handler that logs the event it receives, demonstrating where you would interact with the RDS database.

    We export the DNS endpoint of the RDS instance and the name of the Lambda function as outputs of our program, allowing you to connect to the database or invoke your Lambda accordingly.