Lambda functions on their own are pretty useless. Lambda’s need someone — or something — to initiate them. An important (and fun) trigger for Lambda is the CloudWatch event. With CloudWatch events we can trigger Lambda’s on recurring schedules that we define.
Scheduled Lambda’s are useful for executing tasks like backups, or running security scanning. Today we’re going to go through what you need to do in order to Terraform Lambda Scheduled Event’s.
I’ll cover everything you need to know about CloudWatch Events, CloudWatch Event Targets and Lambda permissions.
By the end of this article you’ll know how to execute a Lambda on a scheduled CloudWatch event (and write it all in Terraform).
Before we jump in to the detail of our Terraform Lambda scheduled event setup let’s just take a look at the three high level steps we’ll need to take.
- CloudWatch Event Rule — The way that we’ll setup our scheduling.
- Cloudwatch Target — How we’ll tell our scheduler to call our Lambda.
- Lambda Permission — We’ll allow the Lambda to be invoked by the CloudWatch Event.
Note: The following steps assume that you already have a lambda setup with the correct permissions to be invoked.
The Quick Solution
If you’re in a rush (for whatever reason) I’ll spoil the ending. You’ll need these three following resource blocks in order to setup your Terraform Lambda Scheduled Event. But if you’re not in a rush and would like to know more about the steps, I’ll break down each step you need to take and explain why.
So that covers the end result, let’s break it down. For each step we’ll re-cap our Terraform configuration and then we’ll break down the what and why.
1. Setup your CloudWatch Event Rule
The first thing we need to setup is a CloudWatch Event Rule. How CloudWatch Events fit into the picture of triggering Lambda’s can be a confusing at first. But, once you understand what CloudWatch events are I think the whole thing becomes a little clearer.
CloudWatch Events allow us to listen to different changes (“events”) in our AWS environment and respond to these changes in certain ways. For instance, you may want to run a verification process following an EC2 backup, or you may want to receive an email following an S3 bucket update.
You can see CloudWatch Events in action below in the following screenshot. Notice how you can choose the different service name inputs and the event types that you want to listen to.
At this point, though, you’re likely thinking: We’re not listening to an event though? Aren’t we listening to a schedule? And if you were thinking that, you’d be right! Lucky for us (as you can see in the above screenshot) AWS has the concept of a CloudWatch event triggered on a custom schedule.
A custom schedule event has the same functionality, but instead it’s triggered on a time basis, not on an action taken in the AWS environment. Once we’ve created our event in CloudWatch it should look something like this…
Awesome — that’s our first step down. But our schedule is pointless if it doesn’t do anything. Let’s go ahead and make it do something interesting.
2. Set Your Lambda CloudWatch Event Target
Now that you’ve got your CloudWatch event, you’ve essentially got a scheduler. But in order to do anything with it we need to give it a target. A target is an invocation or an action that is taken following a CloudWatch event.
In our case we’re going to trigger a Lambda. You can also put your event onto a queue (SQS) or perform direct actions such as taking EC2 snapshots. And once we’ve added our target it should look something like this…
Sweet! That’s all we need to setup in CloudWatch (not so scary, right?). But there is one last piece, which is easily forgotten and that’s updating your Lambda permissions. So let’s go ahead and see what that’s about.
3. Set Your AWS Lambda Permissions
When you’ve opened up a Lambda in the console you might be familiar with the following graphic: the Lambda “designer”. The designer simply shows you what inputs you’ve got to your Lambda i.e what can initiate the Lambda and also your outputs i.e. what happens if it fails or succeeds.
In order to get our CloudWatch scheduled event to work we need to also add a Lambda permission. The permission simply tells our Lambda that it is allowed to be invoked by a given event source. In our case, CloudWatch events. It should look something like this…
And voila! That should be everything you need! If you view the logs of your Lambda you should now see your event initiating your Lambda on the schedule you defined. In our case, that’s every minute. Here’s an example log entry…
Terraform Lambda Scheduled Event’s!
And that covers everything you need to get a lambda scheduled with Terraform. CloudWatch events are a great way to schedule your Lambda functions on a recurring basis. There are many different ways you can leverage this scheduling functionality for different purposes.
Before you go, if you’re new to Terraform, be sure to check out my article: My (Highly!) Recommended Books / Courses To Learn Terraform for the best books and courses that you can take to learn Terraform.
For more on infrastructure as code, check out: Infrastructure As Code: An Ultimate Guide, and Serverless: Serverless: An Ultimate Guide.
Speak soon Cloud Native friend!
- 2023 Summary: Data Driven Stories About The Cloud - December 31, 2023
- 2022 Summary: The Open Up The Cloud System - January 1, 2023
- Open Up The Cloud Newsletter #30 (January Recap 2022) - March 1, 2022