1
00:00:00,080 --> 00:00:03,870
‫So we can use CloudFormation to upload Lambda function.

2
00:00:03,870 --> 00:00:05,920
‫And so the way we do it, we have two ways.

3
00:00:05,920 --> 00:00:07,400
‫Number one is inline.

4
00:00:07,400 --> 00:00:09,640
‫And so we would define our Lambda code

5
00:00:09,640 --> 00:00:12,440
‫inline of our CloudFormation templates.

6
00:00:12,440 --> 00:00:14,120
‫So we can see in this screenshots

7
00:00:14,120 --> 00:00:16,150
‫the code of my Lambda function is right here.

8
00:00:16,150 --> 00:00:17,340
‫So that's possible.

9
00:00:17,340 --> 00:00:19,340
‫This is for very simple functions.

10
00:00:19,340 --> 00:00:21,910
‫We use the Code.ZipFile property

11
00:00:21,910 --> 00:00:24,720
‫but the thing is with this inline function

12
00:00:24,720 --> 00:00:26,940
‫we cannot include function dependencies.

13
00:00:26,940 --> 00:00:29,440
‫So this is just for very simple use cases

14
00:00:29,440 --> 00:00:31,290
‫where you want you the Lambda function code,

15
00:00:31,290 --> 00:00:32,780
‫the without dependencies to be

16
00:00:32,780 --> 00:00:34,600
‫in your CloudFormation template.

17
00:00:34,600 --> 00:00:37,500
‫The other way to do it is to use a zip file

18
00:00:37,500 --> 00:00:39,470
‫and do it through S3.

19
00:00:39,470 --> 00:00:41,750
‫So this is what the CloudFormation template would look like.

20
00:00:41,750 --> 00:00:43,600
‫And we'll look at it in the hands-on right now.

21
00:00:43,600 --> 00:00:46,130
‫And so for this, we must store the Lambda function zip

22
00:00:46,130 --> 00:00:49,954
‫in Amazon S3, you must refer the S3 zip location

23
00:00:49,954 --> 00:00:51,850
‫in the CloudFormation code.

24
00:00:51,850 --> 00:00:54,820
‫It could be the S3 bucket attribute the S3 key

25
00:00:54,820 --> 00:00:57,930
‫which represents the full path to your zip in S3.

26
00:00:57,930 --> 00:01:00,550
‫The S3 object version, if you have a versioned bucket

27
00:01:00,550 --> 00:01:03,280
‫and this is recommended in case you overwrite a file.

28
00:01:03,280 --> 00:01:06,120
‫And so if you somehow update the code in S3

29
00:01:06,120 --> 00:01:09,210
‫but you don't update either S3 bucket, S3 Key

30
00:01:09,210 --> 00:01:11,730
‫or S3 object version in your CloudFormation template

31
00:01:11,730 --> 00:01:13,917
‫then CloudFormation will not update your function.

32
00:01:13,917 --> 00:01:16,270
‫And this is why versioning is recommended

33
00:01:16,270 --> 00:01:17,207
‫because if you're enabled versioning

34
00:01:17,207 --> 00:01:18,920
‫and you overwrite the file

35
00:01:18,920 --> 00:01:21,200
‫and you specify a new S3 object version

36
00:01:21,200 --> 00:01:22,990
‫then CloudFormation will pick up the change

37
00:01:22,990 --> 00:01:24,850
‫and update your Lambda function.

38
00:01:24,850 --> 00:01:28,040
‫Finally, if you wanted to deploy a Lambda function

39
00:01:28,040 --> 00:01:30,640
‫through CloudFormation in multiple accounts,

40
00:01:30,640 --> 00:01:33,640
‫say you will have an account which contains

41
00:01:33,640 --> 00:01:36,800
‫an S3 bucket with your Lambda code.

42
00:01:36,800 --> 00:01:38,480
‫Now you want to deploy this Lambda code

43
00:01:38,480 --> 00:01:41,030
‫into Account 2 and Account 3.

44
00:01:41,030 --> 00:01:42,940
‫So how do we do this?

45
00:01:42,940 --> 00:01:45,940
‫Well, first of all, we need to launch CloudFormation

46
00:01:45,940 --> 00:01:47,410
‫in Account 2.

47
00:01:47,410 --> 00:01:50,630
‫And the S3 bucket is going to be referencing is

48
00:01:50,630 --> 00:01:53,020
‫the S3 bucket in Account 1.

49
00:01:53,020 --> 00:01:54,140
‫Now you need to ask yourself,

50
00:01:54,140 --> 00:01:57,040
‫how do we make sure that Account 2 has access

51
00:01:57,040 --> 00:01:59,680
‫to the Lambda code in Account 1?

52
00:01:59,680 --> 00:02:02,840
‫Well, we can use a bucket policy

53
00:02:02,840 --> 00:02:05,120
‫and a bucket policy on the S3 bucket

54
00:02:05,120 --> 00:02:08,770
‫in Account 1 should allow CloudFormation to access the code.

55
00:02:08,770 --> 00:02:11,620
‫But also we can define an execution role

56
00:02:11,620 --> 00:02:16,550
‫on your CloudFormation service for the template itself

57
00:02:16,550 --> 00:02:18,230
‫which will allow to get

58
00:02:18,230 --> 00:02:21,850
‫and list to the S3 bucket in Account 1.

59
00:02:21,850 --> 00:02:24,700
‫And the two things combined is going to allow CloudFormation

60
00:02:24,700 --> 00:02:27,360
‫to retrieve the code from the S3 bucket

61
00:02:27,360 --> 00:02:30,320
‫and therefore create your Lambda function.

62
00:02:30,320 --> 00:02:33,170
‫And similarly, if you have an Account 3

63
00:02:33,170 --> 00:02:35,110
‫with a bucket policy on Account 1

64
00:02:35,110 --> 00:02:37,160
‫and an execution role in Account 3,

65
00:02:37,160 --> 00:02:39,159
‫we are able to read it the code from the Lambda

66
00:02:39,159 --> 00:02:42,780
‫from this bucket and access the code

67
00:02:42,780 --> 00:02:45,510
‫and deploy it on the function in Account 3.

68
00:02:45,510 --> 00:02:48,060
‫So just a bit of security around it do you need to know,

69
00:02:48,060 --> 00:02:49,480
‫but it should all make sense.

70
00:02:49,480 --> 00:02:51,800
‫It's just a matter of putting things together.

71
00:02:51,800 --> 00:02:52,950
‫So that's it for this lecture.

72
00:02:52,950 --> 00:02:53,783
‫I hope you liked it.

73
00:02:53,783 --> 00:02:56,420
‫And I will see you in the next lecture for a hands-on.