AWS Lambda is a serverless compute service that lets you seamlessly run any application code or service without managing or provisioning servers.
RudderStack supports AWS Lambda as a destination where you can send your event data seamlessly.
Getting started
Before configuring AWS Lambda as a destination in RudderStack, verify if the source platform is supported by AWS Lambda by referring to the table below:
| Connection Mode | Web | Mobile | Server |
|---|---|---|---|
| Device mode | - | - | - |
| Cloud mode | Supported | Supported | Supported |
Once you have confirmed that the source platform supports sending events to AWS Lambda, follow these steps:
- From your RudderStack dashboard, add the source. Then, from the list of destinations, select AWS Lambda.
- Assign a name to the destination and click Continue.
Connection settings
To successfully configure AWS Lambda as a destination, you need to configure the following settings:
- Region: Enter the region associated with your AWS Lambda service.
- Role-based Authentication: Enable this setting to use the RudderStack IAM role for authentication. For more information on creating an AWS IAM role for RudderStack, refer to this guide.
- IAM Role ARN: Enter the ARN of the IAM role.
- If Role-based Authentication is disabled, you need to enter the AWS Access Key ID and AWS Secret Access Key to authorize RudderStack.
- Lambda: Enter the name of the Lambda function to be invoked. RudderStack supports the following formats:
| Name format | Example |
|---|---|
| Function name |
|
| Function ARN | arn:aws:lambda:us-west-2:123456789012:function:my-function |
| Partial ARN | 123456789012:function:lambda-function |
- Enable Batch Input: Enable this setting if your lambda function expects a batch input (array of events) in the event object.
- Max Batch Size: If Enable Batch Input setting is enabled, use this field to set the maximum size of the event batch.
- Client Context: Use this field to pass up to 3583 bytes of Base64-encoded data about the invoking client to the function in the context object.
Policy permissions
To use the Lambda destination with RudderStack correctly, you must have a Lambda function set up in AWS. Refer to the AWS documentation for more information on setting up your Lambda function.
You also need to create an IAM role and grant the necessary permissions for RudderStack to send data to your lambda function. For more information, refer to this AWS documentation.
The following permission need to be attached to the role while setting up the policy:
"Action": ["lambda:InvokeFunction"]A sample permissions policy that allows a user to send event data into AWS Lambda is shown below:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "CloudWatchEventsInvocationAccess", "Effect": "Allow", "Action": ["lambda:InvokeFunction"], "Resource": "*" } ]}Supported events
You can send your identify, track, page, group, and alias events to your lambda function via RudderStack.
RudderStack leverages the AWS SDK for Go to send the events to the lambda function. It uses the SDK's Invoke method to asynchronously invoke the lambda function.
Viewing error logs
RudderStack does not get any information related to the runtime errors for your lambda function. As a result, you will not be able to view these errors in the Live Events tab of your dashboard.
To view these errors, you can configure the AWS CloudWatch logs for your lambda function.
FAQ
Why am I getting a UnrecognizedClientException/InvalidSignatureException error?
If you're getting a UnrecognizedClientException error with a 403 status code, verify if your AWS credentials (both AWS Access Key ID and Secret Access Key) are valid.
For the InvalidSignatureException error, verify if the provided secret access key is valid.
Contact us
For more information on the topics covered on this page, email us or start a conversation in our Slack community.