Create a an AWS Lambda function to scan a DynamoDB table using DocumentClient

Tomasz Łakomy
InstructorTomasz Łakomy
Share this video with your friends

Social Share Links

Send Tweet

AWS Console is really useful but in vast majority of cases - we want to interact with our database programatically.

In this lesson we're going to learn how to create a brand new AWS Lambda function in which we'll perform a scan operation on a DynamoDB table.

There are quite a few topics that we'll cover:

  • creating a new AWS Lambda function
  • creating a brand new IAM Role with required permissions for Lambda function to read data from a DynamoDB table
  • creating an environment variable within the AWS Lambda Console to store the name of the DynamoDB table
  • using AWS.DynamoDB.DocumentClient API in order to call a scan operation on a DynamoDB table

Instructor: [00:00] Scan operation wouldn't be terrible useful if we could only perform it via the console. Luckily, we can use code, for instance a Lambda function, to scan our table.

[00:08] In order to do that, we're going to go to Services and Lambda, and we're going to create a brand-new Lambda function in order to scan our table. I'm going to call it scanaDynamoDBTable and we are going to use no [inaudible] . Before we move on, we have to ensure that our function has the required permissions.

[00:25] By default, a Lambda function gets a basic Lambda permissions, which do not give it access to read data from a DynamoDB table. We're going to create a new customer role in order for us to be able to read the data from a table. To do that, go to Identity and Access Management console and we're going to create a brand-new role that we are also going to use in the future lessons.

[00:43] I have to create our role for the Lambda function, so I'm going to click over here. Next click on Permissions. There are two types of permissions that I need to attach to this role. First up, I need to attach basic Lambda permissions. I'm going to search for Lambda, and it is going to be over here, AWSLambdaBasicExecutionRole.

[00:59] Afterwards, I need to also attach DynamoDBReadOnlyAccess, because I would like this function to be able to only read the data from a DynamoDB table. Remember, AWS follows the principle of this privilege. The idea is that the resources have only the access to the things that they need.

[01:15] As an example, in this case, we are not going to give this function a DynamoDB full-access permissions, which are over here, because I don't want this function to be able to, for instance, delete a DynamoDB table or write data to it. I just want it to be able to read something.

[01:28] Next up, I'm going to click on Tags. For the time being, I'm not going to add any, so click on Review. We can see those two policies that we've just attached, so AWSLambdaBasicExecutionRole and AmazonDynamoDBReadOnlyAccess. I'm going to call this role DynamoDBReadOnlyLambda. This is going to allow Lambda function to read data from DynamoDB table. Now we are able to go ahead and create the role.

[01:53] Now we can see that our role has been successfully created. Let's go back to the Lambda function. Over here, instead of creating a new role with basic Lambda permissions, instead I'm going to use an existing role that we've just created. I'm going to search for DynamoDBReadOnlyLambda role. Next up, click on Create Function. Now our function has been successfully created.

[02:10] Let's go down a bit in order to implement it. In order to interact with DynamoDB from Node.js, we're going to use a DynamoDB DocumentClient, which is a high-level API that allows us to interact with DynamoDB API, without going in too deeply into different quirks of DynamoDB, so with accent for create, read, update, and delete operations.

[02:27] First up, we're going to import the AWS SDK, so const aws = require('aws-sdk'). Afterwards, I'm going to create a new DocumentClient, so const dynamo = new AWS.DynamoDB.DocumentClient, like this.

[02:43] Next, we're going to create a new function, which is going to be called, getAllLessons. This is going to be an async function and it's going to scan the entire table, so const scanResult = await dynamo.scan. Scan takes an object as an argument. Basically, we need to provide only the table name. I'm going to provide a table name, which is called my_egghead_lessons.

[03:08] Actually, a better approach would be not to hard code this table name inside of this Lambda function, and instead scrolling down a bit and using the environment variables to do that. I'm going to quickly create a new environment variable, which I'm going to call it tablename, and I'm going to pass in the value of my_egghead_lessons. Let me save that.

[03:24] Now, instead of using this hard-coded value, I'm going to do, process.env tablename. Using await requires a promise, so we have to call that promise at the end of this scan call. Afterwards, I'm going to return the scanResult.

[03:38] Let me go ahead and call this function over here. I'm going to do const data = await getAllLessons. I'm going to return this data as a response from this Lambda function. Instead of this hard-coded "Hello from Lambda" string, I'm going to simply JSON.stringify data.

[03:54] Let me go ahead and save this function, and let's test if it works. Click on Test in order to create a test event. Right now, we don't really care about what's inside of this test event, because we are not using any of it. I'm just going to clear this out, and I'm going to call it myTestEvent, scroll down and click on Create.

[04:09] One thing, there's a typo in this code. Both D and B in DynamoDB are upper case, so let me go ahead and fix that. Click on Save and let's test this function. Click on Test, and we can see the response over here. The response contains in the body all the items that we have in our database.

[04:25] To recap, in order to use a Lambda function in order to get data from DynamoDB table, first up, we need to attach a proper execution role to this function, so that it has access to a DynamoDB table resources in the first place.

[04:36] Next, we can use the DynamoDB DocumentClient API, which allows us to call different functions on a DynamoDB table, such as scan, that we see in this lesson, in order to get data from a DynamoDB table.