AWS Lambda invoke action reference

Allows you to execute a Lambda function as an action in your pipeline. Using the event object that is an input to this function, the function has access to the action configuration, input artifact locations, output artifact locations, and other information required to access the artifacts. For an example event passed to a Lambda invoke function, see Example JSON event. As part of the implementation of the Lambda function, there must be a call to either the PutJobSuccessResult API or PutJobFailureResult API. Otherwise, the execution of this action hangs until the action times out. If you specify output artifacts for the action, they must be uploaded to the S3 bucket as part of the function implementation.

Important

Do not log the JSON event that CodePipeline sends to Lambda because this can result in user credentials being logged in CloudWatch Logs. The CodePipeline role uses a JSON event to pass temporary credentials to Lambda in the artifactCredentials field. For an example event, see Example JSON event.

Action type

• Category: Invoke

• Owner: AWS

• Provider: Lambda

• Version: 1

Configuration parameters

FunctionName

Required: Yes

FunctionName is the name of the function created in Lambda.

UserParameters

Required: No

A string that can be processed as input by the Lambda function.

Input artifacts

• Number of Artifacts: 0 to 5

• Description: The set of artifacts to be made available to the Lambda function.

Output artifacts

• Number of Artifacts: 0 to 5

• Description: The set of artifacts produced as output by the Lambda function.

Output variables

This action will produce as variables all key-value pairs that are included in the outputVariables section of the PutJobSuccessResult API request.

For more information about variables in CodePipeline, see Variables reference.

Example action configuration

YAML

Name: Lambda
Actions:
  - Name: Lambda
    ActionTypeId:
      Category: Invoke
      Owner: AWS
      Provider: Lambda
      Version: '1'
    RunOrder: 1
    Configuration:
      FunctionName: myLambdaFunction
      UserParameters: 'http://192.0.2.4'
    OutputArtifacts: []
    InputArtifacts: []
    Region: us-west-2

JSON

{
    "Name": "Lambda",
    "Actions": [
        {
            "Name": "Lambda",
            "ActionTypeId": {
                "Category": "Invoke",
                "Owner": "AWS",
                "Provider": "Lambda",
                "Version": "1"
            },
            "RunOrder": 1,
            "Configuration": {
                "FunctionName": "myLambdaFunction",
                "UserParameters": "http://192.0.2.4"
            },
            "OutputArtifacts": [],
            "InputArtifacts": [],
            "Region": "us-west-2"
        }
    ]
},

Example JSON event

The Lambda action sends a JSON event that contains the job ID, the pipeline action configuration, input and output artifact locations, and any encryption information for the artifacts. The job worker accesses these details to complete the Lambda action. For more information, see job details. The following is an example event.

{
    "CodePipeline.job": {
        "id": "11111111-abcd-1111-abcd-111111abcdef",
        "accountId": "111111111111",
        "data": {
            "actionConfiguration": {
                "configuration": {
                    "FunctionName": "MyLambdaFunction",
                    "UserParameters": "input_parameter"
                }
            },
            "inputArtifacts": [
                {
                    "location": {
                        "s3Location": {
                            "bucketName": "bucket_name",
                            "objectKey": "filename"
                        },
                        "type": "S3"
                    },
                    "revision": null,
                    "name": "ArtifactName"
                }
            ],
            "outputArtifacts": [],
            "artifactCredentials": {
                "secretAccessKey": "secret_key",
                "sessionToken": "session_token",
                "accessKeyId": "access_key_ID"
            },
            "continuationToken": "token_ID",
            "encryptionKey": { 
              "id": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
              "type": "KMS"
            }
        }
    }
}

The JSON event provides the following job details for the Lambda action in CodePipeline:

• id: The unique system-generated ID of the job.

• accountId: The AWS account ID associated with the job.

• data: Other information required for a job worker to complete the job.

  • actionConfiguration: The action parameters for the Lambda action. For definitions, see Configuration parameters .

  • inputArtifacts: The artifact supplied to the action.

    • location: The artifact store location.

      • s3Location: The input artifact location information for the action.

        • bucketName: The name of the pipeline artifact store for the action (for example, an Amazon S3 bucket named codepipeline-us-east-2-1234567890).

        • objectKey: The name of the application (for example, CodePipelineDemoApplication.zip).

      • type: The type of artifact in the location. Currently, S3 is the only valid artifact type.

    • revision: The artifact's revision ID. Depending on the type of object, this can be a commit ID (GitHub) or a revision ID (Amazon Simple Storage Service). For more information, see ArtifactRevision.

    • name: The name of the artifact to be worked on, such as MyApp.

  • outputArtifacts: The output of the action.

    • location: The artifact store location.

      • s3Location: The output artifact location information for the action.

        • bucketName: The name of the pipeline artifact store for the action (for example, an Amazon S3 bucket named codepipeline-us-east-2-1234567890).

        • objectKey: The name of the application (for example, CodePipelineDemoApplication.zip).

      • type: The type of artifact in the location. Currently, S3 is the only valid artifact type.

    • revision: The artifact's revision ID. Depending on the type of object, this can be a commit ID (GitHub) or a revision ID (Amazon Simple Storage Service). For more information, see ArtifactRevision.

    • name: The name of the output of an artifact, such as MyApp.

  • artifactCredentials: The AWS session credentials used to access input and output artifacts in the Amazon S3 bucket. These credentials are temporary credentials that are issued by AWS Security Token Service (AWS STS).

    • secretAccessKey: The secret access key for the session.

    • sessionToken: The token for the session.

    • accessKeyId: The secret access key for the session.

  • continuationToken: A token generated by the action. Future actions use this token to identify the running instance of the action. When the action is complete, no continuation token should be supplied.

  • encryptionKey: The encryption key used to encrypt the data in the artifact store, such as an AWS KMS key. If this is undefined, the default key for Amazon Simple Storage Service is used.

    • id: The ID used to identify the key. For an AWS KMS key, you can use the key ID, the key ARN, or the alias ARN.

    • type: The type of encryption key, such as an AWS KMS key.

See also

The following related resources can help you as you work with this action.

• AWS CloudFormation User Guide – For more information about Lambda actions and AWS CloudFormation artifacts for pipelines, see Using Parameter Override Functions with CodePipeline Pipelines, Automating Deployment of Lambda-based Applications, and AWS CloudFormation Artifacts.

• Invoke an AWS Lambda function in a pipeline in CodePipeline – This procedure provides a sample Lambda function and shows you how to use the console to create a pipeline with a Lambda invoke action.