1. Using aws lambda with ebs

    TypeScript

    AWS Lambda is designed as a stateless compute service, which means it does not natively support attaching persistent storage like EBS (Elastic Block Store) volumes that are typically associated with EC2 instances. Instead, Lambda functions can access other storage services like Amazon S3 for persistent object storage, DynamoDB for NoSQL database services, EFS (Elastic File System) for file storage, or can integrate with RDS databases.

    Here's an example of how you could use AWS Lambda to interact with EFS, which is a Lambda-compatible persistent file storage solution. In this example, we will create a Lambda function that has access to an EFS file system for persistent storage. For this purpose, we will:

    1. Create an EFS file system.
    2. Create an Access Point within that file system which Lambda will use to mount the file system.
    3. Configure Lambda to mount the EFS to a local path in the Lambda execution environment.

    Below is the basic Pulumi program in TypeScript to set up an AWS Lambda function with an attached EFS file system:

    import * as aws from "@pulumi/aws"; // Create an EFS File System const fileSystem = new aws.efs.FileSystem("myFileSystem", {}); // EFS access point setup const accessPoint = new aws.efs.AccessPoint("myAccessPoint", { fileSystemId: fileSystem.id, // Define root directory and POSIX user so Lambda function has the right permissions. posixUser: { gid: 1000, // Change to a suitable GID for your scenario. uid: 1000, // Change to a suitable UID for your scenario. }, rootDirectory: { // When the Lambda function connects, this directory will be created if not exists. creationInfo: { ownerGid: 1000, // Change to a suitable GID for your scenario. ownerUid: 1000, // Change to a suitable UID for your scenario. permissions: "777", }, path: "/lambda", // The path (within EFS) where Lambda will mount the file system }, }); // Create the Lambda function and provide the necessary permissions. const lambdaRole = new aws.iam.Role("lambdaRole", { assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: "lambda.amazonaws.com" }), }); // AWS states that Lambda functions should have a policy that at least grants permission to write logs to CloudWatch and access the EFS file system. new aws.iam.RolePolicyAttachment("lambdaEfsPolicy", { policyArn: "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientReadWriteAccess", role: lambdaRole, }); new aws.iam.RolePolicyAttachment("lambdaLogsPolicy", { policyArn: "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", role: lambdaRole, }); // Define the Lambda function, including the EFS configuration. const lambdaFunction = new aws.lambda.Function("myLambdaFunction", { handler: "index.handler", role: lambdaRole.arn, runtime: aws.lambda.NodeJS12dXRuntime, code: new pulumi.asset.AssetArchive({ // Assume index.js is in the 'lambda' folder, and handler is the exported function that Lambda will execute. ".": new pulumi.asset.FileArchive("./lambda"), }), filesystemConfig: { // Points lambda at our specific access point for the given EFS. arn: accessPoint.arn, localMountPath: "/mnt/efs", // The local path in Lambda where the EFS will be mounted. }, }); // Export the name of the bucket export const lambdaFunctionName = lambdaFunction.name;

    Understanding the Program:

    1. We declare an EFS file system with aws.efs.FileSystem. This file system serves as persistent storage that can be mounted to a Lambda function.
    2. We create an access point using aws.efs.AccessPoint, which Lambda uses to mount the file system at the designated directory path.
    3. A new IAM role is created for the Lambda function with aws.iam.Role, with a trust relationship that allows the Lambda service to assume this role.
    4. Attach necessary IAM policies to the role allowing Lambda to write logs to CloudWatch and interact with EFS.
    5. We define the Lambda function with aws.lambda.Function and specify our EFS configuration under filesystemConfig. This includes the ARN of the access point and the local mount path.
    6. We use the AWS Node.js 12.x runtime (aws.lambda.NodeJS12dXRuntime) for the example, but you can select a runtime that matches your code requirements.
    7. The code property assumes you have a deployment package in a local directory named lambda.

    Remember, since EBS is not supported with Lambda, we are using EFS as an alternative approach to add persistent file storage to Lambda functions. This is a common pattern when you need a file system for your serverless applications.