diff --git a/_data-prepper/pipelines/configuration/processors/aws-lambda.md b/_data-prepper/pipelines/configuration/processors/aws-lambda.md index bd167996a1..cf2c9e8c8d 100644 --- a/_data-prepper/pipelines/configuration/processors/aws-lambda.md +++ b/_data-prepper/pipelines/configuration/processors/aws-lambda.md @@ -6,33 +6,13 @@ grand_parent: Pipelines nav_order: 10 --- -# aws_lambda integration for Data Prepper +# aws_lambda -The [AWS Lambda](https://aws.amazon.com/lambda/) integration allows developers to use serverless computing capabilities within their Data Prepper pipelines for flexible event processing and data routing. +You can use the `aws_lambda` processor to invoke AWS Lambda functions synchronously or asynchronously to process events in your Data Prepper pipeline. The [AWS Lambda](https://aws.amazon.com/lambda/) integration allows developers to use serverless computing capabilities within their Data Prepper pipelines for flexible event processing and data routing. -## AWS Lambda processor configuration +## Processor configuration -The `aws_lambda` processor enables invocation of an AWS Lambda function within your Data Prepper pipeline in order to process events. It supports both synchronous and asynchronous invocations based on your use case. - -## Configuration fields - -You can configure the processor using the following configuration options. - -Field | Type | Required | Description --------------------- | ------- | -------- | ---------------------------------------------------------------------------- -`function_name` | String | Required | The name of the AWS Lambda function to invoke. -`invocation_type` | String | Required | Specifies the invocation type, either `request-response` or `event`. Default is `request-response`. -`aws.region` | String | Required | The AWS Region in which the Lambda function is located. -`aws.sts_role_arn` | String | Optional | The Amazon Resource Name (ARN) of the role to assume before invoking the Lambda function. -`max_retries` | Integer | Optional | The maximum number of retries for failed invocations. Default is `3`. -`batch` | Object | Optional | The batch settings for the Lambda invocations. Default is `key_name = "events"`. Default threshold is `event_count=100`, `maximum_size="5mb"`, and `event_collect_timeout = 10s`. -`lambda_when` | String | Optional | A conditional expression that determines when to invoke the Lambda processor. -`response_codec` | Object | Optional | A codec configuration for parsing Lambda responses. Default is `json`. -`tags_on_match_failure` | List | Optional | A list of tags to add to events when Lambda matching fails or encounters an unexpected error. -`sdk_timeout` | Duration| Optional | Configures the SDK's client connection timeout period. Default is `60s`. -`response_events_match` | Boolean | Optional | Specifies how Data Prepper interprets and processes Lambda function responses. Default is `false`. - -#### Example configuration +The following example configuration show a typical AWS Lambda processor configuration in Data Prepper, including the key configuration fields and their usage: ``` processors: @@ -43,40 +23,106 @@ processors: aws: region: "us-east-1" sts_role_arn: "arn:aws:iam::123456789012:role/my-lambda-role" - max_retries: 3 + client: + max_retries: 3 batch: key_name: "events" threshold: event_count: 100 maximum_size: "5mb" event_collect_timeout: PT10S - lambda_when: "event['status'] == 'process'" + lambda_when: "/loglevel == 'INFO'" + tags_on_failure: ["lambda_error", "processing_failed"] ``` {% include copy-curl.html %} -## Usage +## Configuring the processor + +Using the batch configuration options, the `aws_lambda` processor can group multiple events into a single request. Events are collected until eaching defined thresholds for event count, size limit, or timeout, then sent as one payload to the Lambda function. + +### Configuration fields + +You can configure the processor using the following configuration options. + +| Field | Type | Required | Default | Description | +|-------------------|----------|----------|---------|-------------| +| `function_name` | String | Required | - | The name of the AWS Lambda function to invoke. Must be between 3 and 500 characters. | +| `aws` | Object | Required | - | AWS authentication settings. | +| `invocation_type` | String | Optional | `request-response` | Specifies the invocation type. Choose either `request-response` or `EVENT`. | +| `client` | Object | Optional | - | The AWS SDK client configuration. | +| `batch` | Object | Optional | - | Optional batch settings for Lambda invocations. | +| `response_codec` | Object | Optional | - | The Lambda response parsing configuration. | +| `response_events_match` | Boolean | Optional | `false` | The Lambda response handling behavior | +| `lambda_when` | String | Optional | - | A conditional expression that determines when to invoke the processor. | +| `tags_on_failure` | List | Optional | `[]` | The tags applied on Lambda execution failures. | + +### AWS authentication options + +You can configure the processor using the following AWS authentication options. + +| Field | Type | Required | Description | +|----------|--------|----------|-------------| +| `region` | String | Required | The AWS region where the Lambda function is deployed. | +| `sts_role_arn`| String | Optional | The Amazon Resource Number (ARN) of the role to assume before invoking the Lambda function. | +| `sts_external_id` | String | Optional | The external ID to use when assuming the role. | +| `sts_header_overrides` | Map | Optional | The map of headers to override in the STS request. Maximum of five headers allowed. | -The processor supports the following invocation types: +### Client options -- `request-response`: The processor waits for Lambda function completion before proceeding. -- `event`: The function is triggered asynchronously without waiting for a response. -- `batch`: When enabled, events are aggregated and sent in bulk to optimize Lambda invocations. Batch thresholds control the event count, size limit, and timeout. -- `codec`: JSON is used for both request and response codecs. Lambda must return JSON array outputs. -- `tags_on_match_failure`: Custom tags can be applied to events when Lambda processing fails or encounters unexpected issues. +You can configure the processor using the following client options. -## Behavior +| Field | Type | Default | Description | +|--------------------|----------|---------|---------------------------------------------------| +| `max_retries` | Integer | 3 | Maximum number of retries for failed requests. | +| `api_call_timeout` | Duration | 60s | Timeout for API calls. | +| `connection_timeout`| Duration | 60s | Timeout for establishing a connection. | +| `max_concurrency` | Integer | 200 | Maximum number of concurrent connections. | +| `base_delay` | Duration | 100ms | Base delay for exponential backoff. | +| `max_backoff` | Duration | 20s | Maximum backoff time for exponential backoff. | -When configured for batching, the AWS Lambda processor groups multiple events into a single request. This grouping is governed by batch thresholds, which can be based on the event count, size limit, or timeout. The processor then sends the entire batch to the Lambda function as a single payload. +### Batch options + +You can configure the processor using the following batch options. + +| Field | Type | Default | Description | +|-----------|--------|---------|-------------------------------------------| +| `key_name` | String | `events` | Key name for the batch of events. | +| threshold | Object | - | Threshold options for batching. | + +### Threshold options + +You can configure the processor using the following threshold options. + +| Field | Type | Default | Description | +|----------------------|----------|---------|------------------------------------------------| +| event_count | Integer | 100 | Maximum number of events in a batch. | +| maximum_size | String | 5mb | Maximum size of a batch. | +| event_collect_timeout| Duration | 10s | Timeout for collecting events for a batch. | ## Lambda response handling -The `response_events_match` setting defines how Data Prepper handles the relationship between batch events sent to Lambda and the response received: +The `response_events_match` parameter controls how Data Prepper processes Lambda function responses: -- `true`: Lambda returns a JSON array with results for each batched event. Data Prepper maps this array back to its corresponding original event, ensuring that each event in the batch gets the corresponding part of the response from the array. -- `false`: Lambda returns one or more events for the entire batch. Response events are not correlated with the original events. Original event metadata is not preserved in the response events. For example, when `response_events_match` is set to `true`, the Lambda function is expected to return the same number of response events as the number of original requests, maintaining the original order. +- `true`: The Lambda function returns a JSON array with results for each batched event. Data Prepper maintains event correlation by mapping each element of the response array to its matching source event in the original batch sequence. +- `false`: The Lambda function returns one or more events for the entire batch. Response events are processed independently when `response_events_match` is `false`, discarding the original event context and metadata. Conversely, setting it to `true` requires the Lambda function to return a matching array of responses that preserves the order and count of input events. -## Limitations +#### Example Lambda function + +``` +import json + +def lambda_handler(event, context): + output = [] + for input in input_arr = event['']: + input["transformed"] = "true"; + output.append(input) + + return output +``` +{% include copy-curl.html %} + +### Limitations Note the following limitations: @@ -90,5 +136,4 @@ Integration tests for this plugin are executed separately from the main Data Pre ``` ./gradlew :data-prepper-plugins:aws-lambda:integrationTest -Dtests.processor.lambda.region="us-east-1" -Dtests.processor.lambda.functionName="lambda_test_function" -Dtests.processor.lambda.sts_role_arn="arn:aws:iam::123456789012:role/dataprepper-role ``` - {% include copy-curl.html %} diff --git a/_data-prepper/pipelines/configuration/sinks/aws_lamda b/_data-prepper/pipelines/configuration/sinks/aws_lamda new file mode 100644 index 0000000000..168c0538c2 --- /dev/null +++ b/_data-prepper/pipelines/configuration/sinks/aws_lamda @@ -0,0 +1,104 @@ + +## AWS Lambda sink + +You can configure the sink using the following configuration options. + +| Field | Type | Required | Default | Description | +|-----------------|---------|----------|---------|-----------------------------------------------------------------------------| +| function_name | String | Yes | - | The name of the AWS Lambda function to invoke. | +| invocation_type | String | No | event | Specifies the invocation type: either EVENT or REQUEST_RESPONSE. | +| aws | Object | Yes | - | AWS authentication options. | +| client | Object | No | - | Client options for AWS SDK. | +| batch | Object | No | - | Batch options for Lambda invocations. | +| lambda_when | String | No | - | Conditional expression to determine when to invoke the Lambda function. | +| dlq | Object | No | - | Dead-letter queue (DLQ) configuration for failed invocations. | + + +### AWS Authentication Options + +| Field | Type | Required | Description | +|----------------------|--------|----------|--------------------------------------------------------------------------------| +| region | String | Yes | The AWS region where the Lambda function is located. | +| sts_role_arn | String | No | ARN of the role to assume before invoking the Lambda function. | +| sts_external_id | String | No | External ID to use when assuming the role. | +| sts_header_overrides | Map | No | Map of headers to override in the STS request. Maximum of 5 headers allowed. | + +### Client Options + +| Field | Type | Default | Description | +|--------------------|----------|------------------------|-----------------------------------------------------------------------| +| max_retries | Integer | 3 | Maximum number of retries for failed requests. | +| api_call_timeout | Duration | 60s | Timeout for API calls. | +| connection_timeout | Duration | 60s | Timeout for establishing a connection. | +| max_concurrency | Integer | 200 | Maximum number of concurrent connections. | +| base_delay | Duration | 100ms | Base delay for exponential backoff. | +| max_backoff | Duration | 20s | Maximum backoff time for exponential backoff. | + +### Batch Options + +| Field | Type | Default | Description | +|-----------|--------|---------|-------------------------------------------| +| key_name | String | events | Key name for the batch of events. | +| threshold | Object | - | Threshold options for batching. | + +### Threshold Options + +| Field | Type | Default | Description | +|----------------------|----------|---------|------------------------------------------------| +| event_count | Integer | 100 | Maximum number of events in a batch. | +| maximum_size | String | 5mb | Maximum size of a batch. | +| event_collect_timeout| Duration | 10s | Timeout for collecting events for a batch. | + + +#### Example configuration + +``` +sink: + - aws_lambda: + function_name: "my-lambda-sink" + invocation_type: "event" + aws: + region: "us-west-2" + sts_role_arn: "arn:aws:iam::123456789012:role/my-lambda-sink-role" + client: + max_retries: 3 + batch: + key_name: "events" + threshold: + event_count: 50 + maximum_size: "3mb" + event_collect_timeout: PT5S + lambda_when: "/loglevel == 'INFO'" + dlq: + region: "us-east-1" + sts_role_arn: "arn:aws:iam::123456789012:role/my-sqs-role" + bucket: "<>" +``` +{% include copy-curl.html %} + +## Usage + +The sink supports the following invocation types: + +- `event`: The function is triggered asynchronously without waiting for a response. +- `request-response`: Not supported for sink operations. +- `Batching`: When enabled, events are aggregated and sent in bulk to optimize Lambda invocations. Default is `enabled`. +- `DLQ`: A setup available for routing and processing events that persistently fail Lambda invocations after multiple retry attempts. + +## Advanced configurations + +The AWS Lambda processor and sink provide the following advanced options for security and performance optimization: + +- AWS Identity and Access Management (IAM) role assumption: The processor and sink support assuming the specified IAM role `aws.sts_role_arn` before Lambda invocation. This enhances secure handling by providing access control to AWS resources. +- Concurrency management: When using the `event` invocation type, consider Lambda concurrency limits to avoid throttling. + +For more information about AWS Lambda integration with Data Prepper, see the [AWS Lambda documentation](https://docs.aws.amazon.com/lambda). + +## Integration testing + +Integration tests for this plugin are executed separately from the main Data Prepper build process. Use the following Gradle command to run these tests: + +``` +./gradlew :data-prepper-plugins:aws-lambda:integrationTest -Dtests.sink.lambda.region="us-east-1" -Dtests.sink.lambda.functionName="lambda_test_function" -Dtests.sink.lambda.sts_role_arn="arn:aws:iam::123456789012:role/dataprepper-role +``` +{% include copy-curl.html %} \ No newline at end of file