How Do I Use AWS CloudShell and AWS CLI With Python in Pulumi?

Introduction

In this guide, we will demonstrate how to use AWS CloudShell and AWS CLI with Python in Pulumi. AWS CloudShell is a browser-based shell that makes it easy to manage, interact with, and automate AWS services. AWS CLI is a unified tool to manage AWS services. We will write a Pulumi program in TypeScript that provisions an AWS Lambda function which uses Python to interact with AWS services using the AWS CLI.

Key Points

1. AWS CloudShell: A browser-based shell to interact with AWS services.
2. AWS CLI: A command-line tool to manage AWS services.
3. Pulumi: An infrastructure as code tool to provision cloud resources.
4. Python: The scripting language used in the AWS Lambda function.

Pulumi Program

Below is the Pulumi program written in TypeScript. This program provisions an AWS Lambda function that uses Python to execute AWS CLI commands.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create an IAM role for the Lambda function
const role = new aws.iam.Role("lambdaRole", {
    assumeRolePolicy: {
        Version: "2012-10-17",
        Statement: [{
            Action: "sts:AssumeRole",
            Principal: {
                Service: "lambda.amazonaws.com",
            },
            Effect: "Allow",
            Sid: "",
        }],
    },
});

// Attach the AWSLambdaBasicExecutionRole policy to the role
const rolePolicyAttachment = new aws.iam.RolePolicyAttachment("lambdaRolePolicy", {
    role: role,
    policyArn: aws.iam.ManagedPolicies.AWSLambdaBasicExecutionRole,
});

// Define the Lambda function code
const lambdaCode = `
import json
import subprocess

def lambda_handler(event, context):
    # Example AWS CLI command using subprocess
    result = subprocess.run(["aws", "s3", "ls"], capture_output=True, text=True)
    return {
        'statusCode': 200,
        'body': json.dumps(result.stdout)
    }
`;

// Create the Lambda function
const lambdaFunction = new aws.lambda.Function("myLambdaFunction", {
    runtime: aws.lambda.Python3d8Runtime,
    role: role.arn,
    handler: "index.lambda_handler",
    code: new pulumi.asset.AssetArchive({
        "index.py": new pulumi.asset.StringAsset(lambdaCode),
    }),
});

// Export the Lambda function name
export const lambdaFunctionName = lambdaFunction.name;

Step-by-Step Explanation

1. IAM Role Creation: We begin by creating an IAM role that allows the Lambda function to assume the necessary permissions to interact with AWS services. This is achieved by defining an assume role policy.

2. Policy Attachment: Next, we attach the AWSLambdaBasicExecutionRole policy to the IAM role. This policy grants the Lambda function basic execution permissions.

3. Lambda Function Code: The function code is written in Python. It executes AWS CLI commands using the subprocess module to list S3 buckets.

4. Lambda Function Creation: We then create the Lambda function using the defined IAM role and Python code. The function is set up with the necessary runtime and handler configurations.

5. Exporting Function Name: Finally, we export the name of the Lambda function for reference in other parts of the Pulumi program or external integrations.

Summary

In this guide, we created a Pulumi program that provisions an AWS Lambda function using Python to execute AWS CLI commands. We utilized AWS CloudShell for browser-based interaction with AWS services and AWS CLI for command-line management. The Lambda function was created with the necessary IAM role and policy to execute AWS CLI commands within the Lambda environment. This setup allows for automated and scalable interactions with AWS services using Python scripts.