How to Create Object Lambda Access Points in S3

The S3 access points allow us to share our bucket data and contents with different consumers or applications. Each consumer has a different set of permissions for the same S3 bucket using a separate policy for each access point. The access points are very helpful in providing security and privacy for our S3 data. Still, we often come across the situation when each application associated with our S3 bucket requires the same dataset but in a different manner or format. Avoid keeping similar copies of the same data for each application. S3 Object Lambda allows us to retrieve the data from an S3 bucket and process it before providing it to the application. This way, we can use the same data set for each consumer requiring a different format. As the name defines, we will need to run a Lambda function associated with each S3 access point. We just need to provide the code to the Lambda function, and it will perform that operation on the data in a serverless manner.

Methods for Object Lambda Creation

There are four different ways you can configure an Object Lambda Access Point in AWS, which are the following:

Using AWS Management Console
Using AWS Command Line Interface (CLI)
Using AWS Cloud Formation
Using AWS Cloud Development Kit (CDK)

For this article, we will look at only the first two methods.

Create a Lambda Function

Before creating an Object Lambda Access Point, we need to have our Lambda function. So, from the AWS management console, search for the Lambda.

If you are new to the Lambda functions, they can be easily created using the AWS-provided blueprints. Simply select a blueprint related to the service you want to manage, which is S3 in this case. Then, you need to provide the function name, role name, policy, and S3 bucket for which you want to create that access point. Finally, the Lambda function is provided in the blueprint, but you can easily customize it.

Creating S3 Bucket

After creating a Lambda function, search for the S3 on the AWS management console.

Create an S3 bucket with default settings. Simply provide the bucket name, select region, and keep other settings as default.

Creating Access Point for S3 Bucket

Next, we need to create an access point for our S3 bucket. Simply select an access point from the left menu in the S3 console and click on create an access point.

For access point creation, you need to provide the access point name. Select the bucket for which you are creating that access point, tell whether you want to allow public internet access or not, and attach an access point policy.

Create Object Lambda Access Point

So far, we have created a Lambda function, S3 bucket, and access point for our S3 bucket. Now, we are going to create our Object Lambda Access Point. From the left side menu, select the Object Lambda Access Points.

Click on create Object Lambda Access Point.

Here, you need to provide the name of your Object Lambda Access Point.

Then, select the S3 access point you want to create an Object Lambda. We don’t have to select the bucket this time as it is already specified with the access point.

Next, we are going to select our Lambda function.

You can also provide an access policy to your Object Lambda Access Point to get high security and privacy of your data stored in your S3 bucket. However, it is optional, and you can leave it unchanged.

So you have configured the settings, just click on create Object Lambda Access Point.

Finally, our Object Lambda has been created.

Creating Object Lambda Access Point Using CLI

This section will use the AWS command-line interface to create the Object Lambda Access Point.

So first, we are going to create an S3 bucket using CLI. You simply need the following command:

$: aws s3api create-bucket --bucket <bucket name> --region <bucket region>

Now, we need to create a simple S3 access point.

$: aws s3control create-access-point --account-id <AWS Account ID> --bucket <Bucket Name> --name <Access Point Name>

Next, we will move over to creating our Object Lambda Access Point, for which the most important thing we need is a JSON file providing all the configuration details about our Object Lambda Access Point.

{
"SupportingAccessPoint" : "",
"TransformationConfigurations": [{
"Actions" : ["GetObject"],
"ContentTransformation" : {
"AwsLambda": {
"FunctionPayload" : "{"compressionType":"gzip"}",
"FunctionArn" : "Lambda Function ARN"
}
}
}]
}

Finally, we can create our Object Lambda Access Point. We are going to use the following command:

$: aws s3control create-access-point-for-object-lambda –account-id <user account ID> --name <name> –configuration file://<file name>

You can also list all your access points for Object Lambda using CLI.

$: aws s3control list-access-points-for-object-lambda --account-id <user account ID>

So, we have seen how to utilize AWS CLI to create an Object Lambda Access Point.

Conclusion:

AWS Object Lambda Access Points allow us to run simple Lambda functions on our S3 bucket’s data to efficiently utilize the exact data for multiple applications using different data formats according to their requirement. AWS Lambda functions are Function as a service (FaaS). It is a serverless offering as you just simply need to provide your code, and everything else will be handled in the background in an automated manner. This is also one of the economical services instead of time-based charges. You have to pay based on the number of requests, i.e., how many times the function is evoked. As Object Lambda Access Points make use of access points, you can also set different privacy policies for each service or application to keep your S3 buckets more secure and easily manageable. We hope you found this article helpful. Check the other Linux Hint articles for more tips and tutorials.