This is a collection of small AWS Lambda functions I use in my AWS Step Functions.
These functions adopt the unix philosophy of "do one thing and do it well".
AWS Powertools for Lambda is the only external run time dependency. This is included via a Lambda layer. Everything else comes from core Python.
These functions do not require network access. If you have a CloudWatch VPC endpoint, then the functions use it, otherwise HTTPS egress is open to the internet so logging works.
The functions all run on ARM64 using the default terraform configuration.
module "util_fns" {
source = "[email protected]:proactiveops/util-fns.git?ref=main"
cloudwatch_vpce_security_group = "sg-4badf00d"
subnets = "subnet-d34db33f"
tags = var.tags
enabled_functions = [
"ip_to_object",
"jira_match",
"redact"
]
}
Wrapper for Python's core ipaddress
library. The function supports both IPv4 and IPv6 addresses.
Expected payload:
{
"ip": "198.51.100.1"
}
Search for Jira ticket references in a string. Returns unique matches as a list.
Expected payload:
{
"body": "ABC-123 This string contains 2 ticket references ZYX-987"
}
Redact PII entities in a string identified by Amazon Comprehend. Comprehend only supports redaction an asynchronous batch operation. This function performs the redaction on a string in real time. Other sources of redaction rules can be used, so long as they use the Amazon Comprehend PII Entities schema.
Use the optional ignored_entities
property with a list of entities to not redact.
{
"text": "Hello Paul Santos. The latest statement for your credit card account 4111-1111-1111-1111 was mailed to 123 Any Street, Seattle, WA 98109.",
"entities": [
{
"Score": 0.9999669790267944,
"Type": "NAME",
"BeginOffset": 6,
"EndOffset": 18
},
{
"Score": 0.8905550241470337,
"Type": "CREDIT_DEBIT_NUMBER",
"BeginOffset": 69,
"EndOffset": 88
},
{
"Score": 0.9999889731407166,
"Type": "ADDRESS",
"BeginOffset": 103,
"EndOffset": 138
}
],
"ignored_entities": [
"NAME"
]
}
Step Functions intrinsic functions provide some array operations. Unfortunately the States.ArrayContains
function returns a boolean, rather than the position of the item in the list.
The position of the item in the zero based array is returned as an integer. -1 is returned if the item isn't found.
Expected payload:
{
"list": ["apple", "banana", "cherry"],
"item": "banana"
}
Searches for a substring within a string. Whitespace is trimmed from both the string and substring.
The function returns the starting position of the substring within the string. If the substring isn't found -1 is returned.
{
"string": "team",
"substring": "i"
}
The following function are no longer being maintained. Use JSONata in your Step Functions instead.
Converts an ISO 8601 format date time string to a unix timestamp. If the string isn't provided, the current UTC timestamp is returned.
Expected payload:
{
"isoformat": "1985-10-26T08:33:00Z"
}
The function looks up a key in a JSON object (or Python dictionary) and returns the value. If the key isn't found, null is returned.
Empty JSON objects are often converted to empty lists. This function handles this scenario and returns null.
Expected payload:
{
"values": {
"key1": "value",
"key2": "another-value"
},
"key": "key1"
}
Converts a unix timestamp to an ISO 8601 format date time string. If the timestamp isn't provided, the current time UTC is used.
Expected payload:
{
"timestamp": 499163580
}
Name | Version |
---|---|
terraform | ~> 1.0 |
archive | >= 2.0, < 3.0 |
aws | >= 5.0, < 6.0 |
Name | Version |
---|---|
archive | 2.6.0 |
aws | 5.70.0 |
No modules.
Name | Type |
---|---|
aws_cloudwatch_log_group.lambda | resource |
aws_iam_policy.lambda | resource |
aws_iam_role.lambda | resource |
aws_iam_role_policy_attachment.lambda | resource |
aws_lambda_function.lambda | resource |
aws_security_group.this | resource |
aws_vpc_security_group_egress_rule.open | resource |
aws_vpc_security_group_egress_rule.vpc | resource |
archive_file.this | data source |
aws_iam_policy.permission_boundary | data source |
aws_iam_policy_document.lambda | data source |
aws_iam_policy_document.lambda_assume | data source |
aws_region.current | data source |
aws_subnet.this | data source |
aws_vpc.this | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
cloudwatch_vpce_security_group | ID of the security group containing the VPC endpoint for CloudWatch Logs | string |
"" |
no |
enabled_functions | A list of functions to enable | list(string) |
[ |
no |
iam_role_permission_boundary | The ARN of the IAM policy to use as a permission boundary for the IAM role | string |
null |
no |
iam_role_prefix | A prefix to use for the IAM role name | string |
"" |
no |
namespace | The namespace prefix to use for all resources | string |
"util-fns" |
no |
powertools_version | The version of the AWS Lambda Powertools Lambda layer | string |
"5" |
no |
subnets | A list of subnet IDs to use for the VPC | list(string) |
n/a | yes |
tags | A map of tags to apply to all resources | map(string) |
{} |
no |
Name | Description |
---|---|
lambda_functions | A map of the Lambda function names to their ARNs |
lambda_role | The ARN of the IAM role used by the Lambda functions |
security_group | The ID of the security group used by the Lambda functions |