Step 1: Create and configure Lambda functions Step 2: Create an IAM role to give App Studio access to Lambda resources Step 3: Create Lambda connector

Connect to AWS Lambda

To connect App Studio with Lambda to enable builders to access and use Lambda resources in applications, you must perform the following steps:

Step 1: Create and configure Lambda functions
Step 2: Create an IAM role to give App Studio access to Lambda resources
Step 3: Create Lambda connector

Step 1: Create and configure Lambda functions

If you don't have existing Lambda functions, you must first create them. To learn more about creating Lambda functions, see the AWS Lambda Developer Guide.

Step 2: Create an IAM role to give App Studio access to Lambda resources

To use Lambda resources with App Studio, administrators must create an IAM role to give App Studio permissions to access the resources. The IAM role controls the scope of data that builders can use and what operations can be called against that data, such as Create, Read, Update, or Delete.

We recommend creating at least one IAM role per service and policy. For example, if builders are creating two applications backed by the same tables in Lambda, one that only requires read access, and one that requires read, create, update and delete; an administrator should create two IAM roles, one using read only permissions, and one with full CRUD permissions to the applicable tables in Lambda.

To create an IAM role to give App Studio access to Lambda resources

Sign in to the IAM console with a user that has permissions to create IAM roles. We recommend using the administrative user created in Create an administrative user for managing AWS resources.
In the navigation pane of the console, choose Roles and then choose Create role.
In Trusted entity type, choose Custom trust policy.

Replace the default policy with the following policy to allow App Studio applications to assume this role in your account.

You must replace the following placeholders in the policy. The values to be used can be found in App Studio, in the Account settings page.

Replace 111122223333 with the AWS account number of the account used to set up the App Studio instance, listed as AWS Account Id in the account settings.
Replace 11111111-2222-3333-4444-555555555555 with your App Studio team ID, listed as Team Id in the account settings in your App Studio instance.


{ 
    "Version": "2012-10-17",
    "Statement": [
        { 
            "Effect": "Allow",
            "Principal": { 
                "AWS": "arn:aws:iam::111122223333:root"
            }, 
            "Action": "sts:AssumeRole",
            "Condition": {
                "StringEquals": {
                        "aws:PrincipalTag/IsAppStudioAccessRole": "true",
                        "sts:ExternalId": "11111111-2222-3333-4444-555555555555"
                }
            }
        } 
    ]
}

Choose Next.

In Add permissions, search for and select the policies that grant the appropriate permissions for the role. Choosing the + next to a policy will expand the policy to show the permissions granted by it and choosing the checkbox selects the policy. For Lambda, you may consider adding the AWSLambdaRole policy, which grants permissions to invoke Lambda functions.

For more information about using IAM policies with Lambda, including a list of managed policies and their descriptions, see Identity and Access Management for AWS Lambda in the AWS Lambda Developer Guide.

Choose Next.
On the Name, review, and create page, provide a Role name and Description.
In Step 3: Add tags, choose Add new tag to add the following tag to provide App Studio access:
- Key: IsAppStudioDataAccessRole
- Value: true
Choose Create role and make note of the generated Amazon Resource Name (ARN), you will need it when creating the Lambda connector in App Studio.

Step 3: Create Lambda connector

Now that you have your Lambda resources and IAM policy and role configured, use that information to create the connector in App Studio that builders can use to connect their apps to Lambda.

Note

You must have the Admin role in App Studio to create connectors.

To create a connector for Lambda

Navigate to App Studio.
In the left-side navigation pane, choose Connectors in the Manage section. You will be taken to a page displaying a list of existing connectors with some details about each.
Choose + Create connector.
Choose AWS Services from the list of connector types.
Configure your connector by filling out the following fields:
- Name: Enter a name for your Lambda connector.
- Description: Enter a description for your Lambda connector.
- IAM role: Enter the Amazon Resource Name (ARN) from the IAM role created in Step 2: Create an IAM role to give App Studio access to Lambda resources. For more information about IAM, see the IAM User Guide.
- Service: Choose Lambda.
- Region: Choose the AWS Region where your Lambda resources are located.
Choose Create.
The newly created connector will appear in the Connectors list.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Connect to Amazon DynamoDB

Connect to Amazon Simple Storage Service (Amazon S3)