GraphCMDB - Demo the integration of AWS Config with Amazon Neptune

This project assumes you have:

1. An AWS account with a VPC and subnets created
2. A Neptune instance configured to reside in that VPC and those subnets
3. AWS Config enabled within the console, recording all configuration changes
4. An EC2 instance provisioned as a bastion host in your VPC's public subnet

.
├── README.md                   <-- This instructions file
├── graphcmdb                   
│   ├── __init__.py
│   ├── app.py                  <-- Lambda Python code
│   └── requirements.txt        <-- Python modules required by function
├── template.yaml               <-- SAM Template
├── testevent.json              <-- Example invokingEvent event
└── testeventbody.json          <-- Extracted AWS Config payload sample

Requirements

• AWS CLI already configured with Administrator permission
• Python 3 installed
• Docker installed

Setup process

Local development

Note: I find it better if you work with an IDE such as PyCharm and leverage the AWS Toolkit, it just makes things so much easier!

Invoking function locally using a local sample payload

sam local invoke GraphCMDBFunction --event testevent.json

SAM CLI is used to emulate the Lambda locally and uses our template.yaml to understand how to bootstrap this environment (runtime, where the source code is, etc.) - The following excerpt is what the CLI will read in order to initialize an API and its routes:

Packaging and deployment

AWS Lambda Python runtime requires a flat folder with all dependencies including the application. SAM will use CodeUri property to know where to look up for both application and dependencies:

...
    GraphCMDBFunction:
        Type: AWS::Serverless::Function
        Properties:
            CodeUri: graphcmdb/
            ...

Firstly, we need a S3 bucket where we can upload our Lambda functions packaged as ZIP before we deploy anything - If you don't have a S3 bucket to store code artifacts then this is a good time to create one:

aws s3 mb s3://BUCKET_NAME

Next, run the following command to package our Lambda function to S3:

sam package \
    --output-template-file packaged.yaml \
    --s3-bucket REPLACE_THIS_WITH_YOUR_S3_BUCKET_NAME

Next, the following command will create a CloudFormation stack and deploy your SAM resources:

sam deploy \
    --template-file packaged.yaml \
    --stack-name aws \
    --capabilities CAPABILITY_IAM

See Serverless Application Model (SAM) HOWTO Guide for more details in how to get started.

Fetch, tail, and filter Lambda function logs

To simplify troubleshooting, SAM CLI has a command called sam logs. sam logs lets you fetch logs generated by your Lambda function from the command line. In addition to printing the logs on the terminal, this command has several nifty features to help you quickly find the bug.

NOTE: This command works for all AWS Lambda functions; not just the ones you deploy using SAM.

sam logs -n GraphCMDBFunction --stack-name aws --tail

You can find more information and examples about filtering Lambda function logs in the SAM CLI Documentation.

Cleanup

In order to delete our serverless application recently deployed you can use the following AWS CLI Command:

aws cloudformation delete-stack --stack-name aws