AWS App Studio is in preview and is subject to change.
Connect to AWS Lambda
To connect App Studio with Lambda to enable builders to access and use Lambda resources in applications, you must perform the following steps:
Create and configure Lambda functions
If you don't have existing Lambda functions, you must first create them. To learn more about creating Lambda functions, see the AWS Lambda Developer Guide.
Create an IAM role to give App Studio access to Lambda resources
To use Lambda resources with App Studio, administrators must create an IAM role to give App Studio permissions to access the resources. The IAM role controls the scope of data that builders can use and what operations can be called against that data, such as Create, Read, Update, or Delete.
We recommend creating at least one IAM role per service and policy. For example, if builders are creating two applications backed by the same tables in Lambda, one that only requires read access, and one that requires read, create, update and delete; an administrator should create two IAM roles, one using read only permissions, and one with full CRUD permissions to the applicable tables in Lambda.
To create an IAM role to give App Studio access to Lambda resources
-
Sign in to the IAM console
with a user that has permissions to create IAM roles. We recommend using the administrative user created in Create an administrative user for managing AWS resources. -
In the navigation pane of the console, choose Roles and then choose Create role.
-
In Trusted entity type, choose Custom trust policy.
-
Replace the default policy with the following policy to allow App Studio applications to assume this role in your account.
You must replace
111122223333with the AWS account number of the account used to set up the App Studio instance.{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:root" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:PrincipalTag/IsAppStudioAccessRole": "true" } } } ] }Choose Next.
-
In Add permissions, search for and select the policies that grant the appropriate permissions for the role. Choosing the + next to a policy will expand the policy to show the permissions granted by it and choosing the checkbox selects the policy. For Lambda, you may consider adding the
AWSLambdaRolepolicy, which grants permissions to invoke Lambda functions.For more information about using IAM policies with Lambda, including a list of managed policies and their descriptions, see Identity and Access Management for AWS Lambda in the AWS Lambda Developer Guide.
Choose Next.
-
In Role details, provide a name and description.
In Step 3: Add tags, choose Add new tag to add the following tag to provide App Studio access:
Key:
IsAppStudioDataAccessRoleValue:
true
-
Choose Create role and make note of the generated Amazon Resource Name (ARN), you will need it when creating the Lambda connector in App Studio.
Create Lambda connector
To create a connector for Lambda
-
Navigate to App Studio.
-
In the left-side navigation pane, choose Connectors in the Manage section. You will be taken to a page displaying a list of existing connectors with some details about each.
-
Choose + Create connector.
-
Choose AWS Services from the list of connector types.
-
Configure your connector by filling out the following fields:
Name: Enter a name for your Lambda connector.
Description: Enter a description for your Lambda connector.
IAM role: Enter the Amazon Resource Name (ARN) from the IAM role created in Create an IAM role to give App Studio access to Lambda resources. For more information about IAM, see the IAM User Guide.
Service: Choose Lambda.
Region: Choose the AWS Region where your Lambda resources are located.
-
Choose Create.
-
The newly created connector will appear in the Connectors list.
