DevOps

Deploying an AWS Lambda Function with Dependencies, Environment Variables, and a Refresh Token (via AWS Console)

Posted on by Fernando Tamez
22
May

1. Create the Function in AWS Lambda

Step 1: Access the Lambda Console

  1. Log in to your AWS Console.
  2. In the search bar, type “Lambda” and select AWS Lambda.
  3. Click on Create function.

Step 2: Configure the Function

  1. Select “Author from scratch”.
  2. Fill in the following fields:
    • Function name: assign_badges_lambda
    • Runtime: Python 3.11
    • Architecture: x86_64
    • Execution role:
      • Select “Create a new role with basic Lambda permissions”.
  3. Click on Create function.

2. Create the Code and Dependencies

We need a deployment package (ZIP file) with our code in lambda_function.py and the required libraries (e.g., requests).

Step 1: Prepare the Package Locally

  1. Create a folder, for example: su-lambda.
  2. Inside su-lambda, create lambda_function.py with example code that uses a refresh token if the access token has expired. Assume your API has an endpoint /auth/login/refresh/ that receives {"refresh": "<REFRESH_TOKEN>"} and returns a new access token.
... (same code, no translation needed) ...
  1. Compress everything into a ZIP: zip -r deployment_package.zip .

Notes:

  • refresh_access_token handles the flow to request a new access token.
  • It assumes the API returns a JSON object with the "access" key if successful.
  • If your API uses cookies/CSRF, you’ll need to extend the code to retrieve and attach a csrftoken in each request.

3.- From the su-lambda folder, install the dependencies (e.g. requests):

pip3 install requests -t .

4.- Compress everything into a ZIP:

zip -r deployment_package.zip .

Step 2: Upload the ZIP to AWS Lambda

  1. Go back to the AWS Lambda console and select your assign_badges_lambda function.
  2. Go to the Code tab and click on “Upload from” → “.zip file”.
  3. Select deployment_package.zip and confirm.
  4. Click on Deploy.

3. Set the Environment Variables

Go to the Configuration tab → Environment variables to specify your API URL, access token, refresh token, etc.

For example:

  • Key: DJANGO_API_URL
    Value: https://api.example.com/assign-badges/
  • Key: DJANGO_REFRESH_URL
    Value: https://api.example.com/auth/login/refresh/
  • Key: DJANGO_API_ACCESS_TOKEN
    Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... (initial token)
  • Key: DJANGO_API_REFRESH_TOKEN
    Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... (refresh token)

Tip:
If you’re handling real credentials (user/password, tokens, etc.), it’s safer to use AWS Secrets Manager or AWS Systems Manager Parameter Store with encryption and rotation.

4. Schedule Execution with AWS EventBridge

To make your Lambda run automatically (e.g., daily):

  1. Go to EventBridge in the AWS console.
  2. Click RulesCreate rule.
  3. Assign a name, e.g., DailyAssignBadges.
  4. Select Schedule and use a cron expression. For example, for midnight daily: cron(0 0 * * ? *)
  5. In Select target, choose Lambda function and select assign_badges_lambda.
  6. Click Create.

5. Monitoring with CloudWatch

  1. In the AWS console, open CloudWatch.
  2. Select LogsLog groups.
  3. Search for /aws/lambda/assign_badges_lambda.
  4. Click to view the logs, where you’ll find info and errors (logger.info, logger.error).

6. Testing and Verification

  1. In Lambda, go to the Test tab.
  2. Create a test event (a simple JSON, e.g., {"test": "run"}).
  3. Run the test and check if the invocation is SUCCESS or ERROR.
  4. Open CloudWatch to view logs and diagnose issues.

Notes on Cookies and CSRF

  • If your API uses cookies for session management and requires a csrftoken, you’ll need to:
    1. Make an initial GET request to obtain the cookie.
    2. Read the csrftoken and send it in the X-CSRFToken header.
    3. Include the cookie in each POST (using session.cookies or the Cookie: ... header).
  • If your API does not exempt JWT endpoints from CSRF, update Django or DRF settings (e.g. @csrf_exempt) to avoid blocking headless token requests.

Conclusion

With this flow:

  1. You deployed a Lambda function using requests.
  2. You handled a refresh token to obtain a new access token when needed.
  3. You configured environment variables (or Secrets Manager) to avoid exposing credentials in code.
  4. You scheduled the function using EventBridge and monitor it with CloudWatch.

This way, your Lambda can interact with secure APIs (JWT + refresh tokens) without manual credential input, executing badge assignment (or any other logic) automatically.

Fernando Tamez

Lo que busco profesionalmente para todos, es lo que dice la frase: "Cloud done the right way, the best practices way." Trabajo para que TODOS utilicemos la nube de una manera segura y eficiente, para el beneficio de la humanidad. Somos una empresa de consultoría y capacitación tecnológica, enfocada en la comunicación digital, automatización y seguridad de la información.