AWS Lambda

An example integration where a Data Connector forwards events to an AWS Lambda Function.

Overview

This example uses a Data Connector to forward the events of all devices in a project to an AWS Lambda Function. When receiving the HTTPS POST request, our function will verify both the origin and content of the request using a Signature Secret, then decode the data.

Prerequisites

We will create, configure, and deploy our Lambda function using the AWS Console, but the deployment package that contains the code and related runtime must be built locally on your machine. You must therefore have a working development environment.

The following points are assumed.

Create a Local Deployment Package

AWS Lambda Functions can be created and deployed using either a Docker Image or a .zip archive. Both will achieve the same result, but we will here use a .zip archive in the interest of simplicity.

Source Code

Create and enter a new root directory in which your function will be developed.

mkdir my-lambda-function
cd my-lambda-function

In your directory root, create a new file lambda_function.py with the following content. The implementation is explained in detail on the Data Connector Advanced Configurations page.

import os
import json
import hashlib
import jwt

# Fetch secret environment variable.
SIGNATURE_SECRET = os.environ.get('DT_SIGNATURE_SECRET')


def verify_request(body, token):
    # Decode the token using signature secret.
    payload = jwt.decode(token, SIGNATURE_SECRET, algorithms=["HS256"])

    # Verify the request body checksum.
    m = hashlib.sha1()
    m.update(body.encode('ascii'))
    checksum = m.digest().hex()
    if payload["checksum"] != checksum:
        raise ValueError('Checksum Mismatch')


def lambda_handler(event, context):
    # Extract necessary request information.
    body = event['body']
    token = event['headers']['X-Dt-Signature']

    # Validate request origin and content integrity.
    try:
        verify_request(body, token)
    except Exception as e:
        return {
            'statusCode': 400,
            'body': json.dumps(str(e)),
        }

    #
    # Further processing here.
    #

    return {
        'statusCode': 200,
        'body': json.dumps('Success'),
    }

Dependencies and Compilation

From inside your function root directory, install the following dependencies.

pip install --target . pyjwt==2.7.0

Your directory tree should now look something like this.

.
├── lambda_function.py/
├── jwt/
└── PyJWT-2.7.0.dist-info

Create a .zip Archive

The following steps create the deployment package .zip archive.

From your directory root, create the deployment package with the following command.

zip -r deployment-package.zip .

Create a New Lambda Function

We are now ready to create our new Lambda function. In the AWS web Console, find the Lambda service and click Create function and set the following parameters.

Select Author from scratch and set the following Basic Information.

  • Function name: As desired.

  • Runtime: Python 3.10

Click Create function to move onward to configuration.

Configure Lambda Function

Anything not mentioned here can be left default or changed as desired.

New Trigger

Under the Configuration tab, click Triggers and then Add trigger. Choose the API Gateway source with the following parameters.

  • Intent: Create a new API

  • API type: HTTP API

  • Security: Open

Click Save and note the URL. We will need it later.

Environment Variables

Under the Configuration tab, click Environment variables and then Edit. Add a signature secret.

  • Name: DT_SIGNATURE_SECRET

  • Value: A unique password. We will need it later, so write it down.

Leaving Encryption configuration default will let AWS handle encryption at rest, but you can choose to handle the master key if you so desire.

Create a New Data Connector

To continuously forward the data to our newly created Lambda Function, a Data Connector with almost all default settings is sufficient. If you are unfamiliar with how Data Connectors can be created, refer to our Creating a Data Connector guide. The following configurations should be set.

  • Endpoint URL: The API endpoint URL found in the previous step.

  • Signature Secret: The value of DT_SIGNATURE_SECRET parameter set earlier.

Depending on your integration, it can also be smart to disable the event types you are not interested in. For instance, the NetworkStatusEvent is sent every Periodic Heartbeat and will by default be forwarded by the Data Connector if not explicitly unticked.

Test the Integration

If the integration was correctly implemented, the Success counter for your Data Connector should increment for each new event forwarded. This happens each Periodic Heartbeat or by touching a sensor to force a new event.

If instead the Error counter increments, a response containing a non-200 status code is returned.

  • Verify that the Data Connector endpoint URL is correct.

  • AWS provides a host of tools that can be used to monitor Lambda Functions. Check the logs for any tracebacks that could explain why an error is returned.

Next steps

Your sensor data is now in the AWS environment, and you can start using it in their various services. Fortunately, AWS has some well-documented guides to get you started.

PostgreSQL Database

A database should be tailored to each specific use case. However, if you're uncertain, PostgreSQL (Postgres) is a good place to get started. The following guides will show you how to create a new Postgres database, then connect your Lambda Function to execute queries.

Last updated