In this article:
To configure an AWS Lambda Destination you first need to define the following three items within AWS:
- A Lambda function
- A Lambda Execution Role
- A cross-account IAM Role allowing Myriota to invoke the lambda function
After creating the AWS resources above, you're ready to define a Destination so the Myriota Cloud can directly invoke your function.
Create a Lambda function
The Lambda function defines the code that will be executed to process incoming message data from the Myriota Cloud. The steps used to define a new Lambda function within the AWS console can be found here.
For example, a python function to simply print message data to CloudWatch might look like this:
import json
def handler(event, context):
data = json.loads(event["Data"])
for packet in data.get("Packets", []):
print(packet)
Create a Lambda Execution Role
The Lambda Execution role defines the permissions your lambda function will have when executing, with the exact details dependent on your backend message processing and storage infrastructure. Further details are available within the AWS Lambda documentation. At a minimum, the example code above should include the "AWSLambdaBasicExecutionRole" managed policy.
Create a Cross-Account IAM Role for the Myriota Cloud
A cross-account IAM Role allows the Myriota Cloud to securely invoke your lambda function without the need to provide any keys or credentials. See here for further details.
This role needs to have permissions to invoke the Lambda function, and it can be assumed from Myriota’s AWS Account.
To create this role, following the AWS instructions for Creating Roles, using the following inputs:
- Account ID: 655936322620
- Require external ID: No
- Require MFA: No
- Policy: Create policy
To create a new policy, follow the instructions for Creating Policies with the Visual Editor, an select the following options:
- Service: Lambda
- Actions > Access Level > Write: Enable 'InvokeFunction'
- Resources: Specific
- Resources > Function: add the ARN of your Lambda function
Once the policy has been created, return to the Role console and add the named policy to the execution role.
Once both your lambda function and execution roles have been created, you can copy the Role and Lambda ARNs from AWS and use these to create a new Destination in the Device Manager, or via the Cloud API.
CloudFormation Template Example
A cloudformation template example to create a destination for the tracker application can be found here.