Introduction
In this tutorial, we will walk you through the steps to create an AWS Lambda function that runs a Go binary using a custom runtime.
Table of contents
Open Table of contents
Write Your Go Code
First, create a Go application. Below is an example of a Go function that handles a simple request:
package main
import (
"context"
"fmt"
"github.com/aws/aws-lambda-go/lambda"
)
type MyEvent struct {
Name string `json:"name"`
}
func HandleRequest(ctx context.Context, event MyEvent) (string, error) {
return fmt.Sprintf("Hello, %s!", event.Name), nil
}
func main() {
lambda.Start(HandleRequest)
}Build the Go Binary
Build a statically linked binary for Linux to make sure it’s compatible with AWS Lambda:
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o main main.goCreate a Custom Runtime for Lambda
Create an executable script named bootstrap to serve as the entry point for your Lambda function:
#!/bin/sh
set -e
# Execute the Go binary
./mainMake the bootstrap file executable:
chmod +x bootstrapCreate Deployment Package
Create a deployment package (ZIP file) that includes your Go binary and the bootstrap file:
zip function.zip main bootstrapCreate an IAM Role
You need an IAM role with the necessary permissions for your Lambda function. Follow these steps to create one:
Using the AWS Management Console
Open the IAM Console: Navigate to the IAM console at https://console.aws.amazon.com/iam/.
Create a New Role:
- Choose Roles from the navigation pane.
- Click Create role.
Select Trusted Entity:
- Choose AWS service.
- Select Lambda.
- Click Next.
Attach Permissions Policies:
- Search for and select
AWSLambdaBasicExecutionRole. - Optionally, add other necessary policies (e.g., S3 access).
- Click Next.
Add Tags (Optional):
- Add any tags for easier management (optional).
- Click Next.
Name and Review Your Role:
- Enter a name (e.g.,
LambdaBasicExecutionRole). - Review and click Create role.
Using the AWS CLI
Alternatively, you can create the IAM role using the AWS CLI:
Create a trust policy file named trust-policy.json:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}Create the role and attach the policy to that role:
aws iam create-role --role-name LambdaBasicExecutionRole --assume-role-policy-document file://trust-policy.json
aws iam attach-role-policy --role-name LambdaBasicExecutionRole --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRoleCreate the Lambda Function
Create the Lambda function using the provided.al2 runtime:
aws lambda create-function --function-name MyGoLambdaFunction \
--zip-file fileb://function.zip --handler bootstrap \
--runtime provided.al2 --role arn:aws:iam::YOUR_ACCOUNT_ID:role/LambdaBasicExecutionRoleReplace YOUR_ACCOUNT_ID with your AWS account ID.
Invoke the Lambda Function
Test the function using the AWS CLI:
aws lambda invoke --function-name MyGoLambdaFunction --payload eyJuYW1lIjogIldvcmxkIn0K response.json
cat response.jsonNote: Payload is Base64 encoded.
Summary
In this tutorial, we covered the steps to create an AWS Lambda function that runs a Go binary using a custom runtime. First, we wrote a simple Go application and then built a statically linked binary for Linux. Next, we created a custom runtime using a bootstrap shell script to run our binary. We then packaged the binary and bootstrap script into a ZIP file for deployment.
To ensure our Lambda function had the necessary permissions, we created an IAM role. We showed how to do this in the AWS Management Console and the AWS CLI. After establishing the role, we created the Lambda function using the provided.al2 runtime and deployed our package. Finally, we tested the Lambda function by invoking it with a sample payload using the AWS CLI.