Home > Software design >  Invoke Lambda in another region and make changes in the invoked region
Invoke Lambda in another region and make changes in the invoked region

Time:09-28

I'm pretty sure I know the answer, but I thought I'd ask anyways. Is there a way to invoke a Lambda function in another region but utilize data in the invoked region. I am able to invoke a Lambda function from one region in another, but the invoked function runs against the region that it's in. What I'm attempting to do is have the invoked function make the changes in the region it was invoke from.

For example, the lambda function, which checks for certain ec2 configurations and makes changes if necessary, is in region 1, and I want to invoke the lambda function in region 2. But when I invoke the function in region 2, it runs against ec2s in region 1 and not the ec2 instances in region 2. Is there a way I can get the lambda function in region 1 to run against the ec2 instances in region 2 or do I just have to deploy the lambda function in each region.

What I'm trying to avoid is making changes to a lambda function and have to deploy it in all regions; instead of just deploying it to a single region and have all regions invoke that updated function.

Currently, my invoked lambda looks like this,

client = boto3.client('lambda', region_name='region 1')
 
def lambda_handler(event,context):
 
    response = client.invoke(
        FunctionName = 'Lambda_function_name',
        InvocationType = 'RequestResponse',
        Payload = json.dumps(event)
    )

CodePudding user response:

In general, with the Python boto3 api, you can create a client that targets a different region by assuming a role via STS. So you can make your lambdas use clients in whatever region you choose if you use this approach. The approach depends on STS and assuming roles.

This answer to a different question shows the general process for assuming a role that creates a client targeting a different region. So as long as you pass the lambda you are invoking enough info that it knows the region for which it needs to create a client, and assuming you have the roles set up to allow for STS, then you can do what you desire.

If you think about it, any time you use the boto3 api you are creating a client for a specific region. If you use it locally, it is probably using the default region specified in your credentials file. But it is targeting a region every time you make a client. So if you can make a client in Lambda, you can target a different region in Lambda.

BTW, I have done exactly what you are asking to do--having a lambda in one region that does work on things in other regions. So it definitely works and is possible.

CodePudding user response:

AWS Lambda is a regional service (excluding Lambda@Edge). This means that the functions themselves run in a selected region and can access data and resources in the region in which they are deployed.

In order to run the a function in another region, we have to deploy it in that region as well. Or we can migrate a function to another region.

  • Related