Lambda

AWS Lambda lets you run code without managing servers. The steps below show how to package your code, upload it to S3 (optional), and create Lambda functions using the AWS CLI.

Method 1 – Deploy from a local zip file

# Package your function
zip deploy_package.zip lambda_function.py

# Create the Lambda function
aws lambda create-function \
  --function-name my_function \
  --runtime python3.12 \
  --role arn:aws:iam::ACCOUNT_ID:role/LambdaBasicExecutionRole \
  --zip-file fileb://deploy_package.zip \
  --handler lambda_function.lambda_handler \
  --region us-east-1

Method 2 – Deploy from an S3 bucket

# Upload the zip to S3 first
aws s3 cp deploy_package.zip s3://my-lambda-bucket/ \
  --profile myprofile --region us-east-1

# Create the function referencing S3
aws lambda create-function \
  --function-name doc_processor \
  --runtime python3.12 \
  --role arn:aws:iam::ACCOUNT_ID:role/LambdaBasicExecutionRole \
  --code S3Bucket=my-lambda-bucket,S3Key=deploy_package.zip \
  --handler lambda_function.lambda_handler \
  --region us-east-1

Update an existing function's code

aws lambda update-function-code \
  --function-name my_function \
  --zip-file fileb://deploy_package.zip \
  --region us-east-1

Invoke and test

# Invoke and capture the response
aws lambda invoke \
  --function-name my_function \
  --payload '{"key": "value"}' \
  --cli-binary-format raw-in-base64-out \
  response.json

cat response.json

View logs

# Follow live logs (requires CloudWatch Logs permissions)
aws logs tail /aws/lambda/my_function --follow --region us-east-1

IAM role requirements

The Lambda execution role must have at minimum the AWSLambdaBasicExecutionRole policy (allows writing logs to CloudWatch). Add additional policies for any AWS services your function accesses.