In this blog post I describe how to build and deploy a very simple Python Lambda function at Amazon Web Services. I'll describe how I use my local workstation to develop the functionality and how to configure the AWS Identity and Access Management roles to configure the Lambda function's authorized access.

In an earlier blog post I discussed DynamoDB and the fact it does not seem to be particularly well suited for storing time–based data. In part one of this series I discussed the overall architecture of applications based on micro–services and the functionality I am trying to build. I considered using a very small mySQL based RDS instance, which would translate directly from the existing code, but I felt that using a database would possibly more expensive than simply using S3.

AWS provides a tutorial on how to access MySQL databases from a python Lambda function. Though it is thorough, I found there were a few things that could use a little extra documentation. This blog post addresses that and provides fully working code, including scripts for some of the steps described in their tutorial. I'll follow the same order of the instructions AWS provides.

In part 1 of this series I described the functionality of an aspect of the facilities and real estate services web site, part of the energy management aspect of the sustainability program. Since this functionality depends on the ability to gather data from an FTP server, that's the first functionality I implemented.

In a prior blog post I described how I was looking into DynamoDB for storing time based data, which did not work as expected. This work was part of a larger effort to investigate 'micro-services' such as AWS Lambda. Such services allow applications to be built up from small parts, each of which designed for specific aspect of the application, with a defined interface (many times using JSON).

At my current job, I have a need to be access multiple AWS accounts. Generally we follow the AWS best practices for security and set up IAM accounts with restricted functionality that can access only the resources that are appropriate for the completion of the task at hand. At this point we've looked at federation technologies (such as SAML), but haven't yet implemented this.