2

I'm pretty sure I know the answer, but I thought I'd ask anyways. Is there a way to invoke a Lambda function in another region but utilize data in the invoked region. I am able to invoke a Lambda function from one region in another, but the invoked function runs against the region that it's in. What I'm attempting to do is have the invoked function make the changes in the region it was invoke from.

For example, the lambda function, which checks for certain ec2 configurations and makes changes if necessary, is in region 1, and I want to invoke the lambda function in region 2. But when I invoke the function in region 2, it runs against ec2s in region 1 and not the ec2 instances in region 2. Is there a way I can get the lambda function in region 1 to run against the ec2 instances in region 2 or do I just have to deploy the lambda function in each region.

What I'm trying to avoid is making changes to a lambda function and have to deploy it in all regions; instead of just deploying it to a single region and have all regions invoke that updated function.

Currently, my invoked lambda looks like this,

client = boto3.client('lambda', region_name='region 1')
 
def lambda_handler(event,context):
 
    response = client.invoke(
        FunctionName = 'Lambda_function_name',
        InvocationType = 'RequestResponse',
        Payload = json.dumps(event)
    )
helpo11
  • 47
  • 5

1 Answers1

2

In general, with the Python boto3 api, when you create a client you specify the region for that client. https://stackoverflow.com/a/40377889/230055 is a useful reference. So in your code, you would need to make it so the value given for region_name when you create the client is something you pass to the lambda. You want to declare your client inside the lambda handler (or some function the lambda handler calls) so that you can pass a variable. Perhaps something like

def lambda_handler(event, context):
    client = boto3.client('ec2', region_name=event['region_to_use'])

Then as part of the payload you are sending when you invoke the lambda, you would need to pass the region_to_use key and specify which region you want the invoked lambda to work with.

You can also create a client that targets a different region and even a different account by assuming a role via STS. So you can make your lambdas use clients in whatever region/account you choose if you use this approach. The approach depends on STS and assuming roles.

This answer to a different question shows the general process for assuming a role that creates a client targeting a different region. So as long as you pass the lambda you are invoking enough info that it knows the region for which it needs to create a client, and assuming you have the roles set up to allow for STS, then you can do what you desire.

If you think about it, any time you use the boto3 api you are creating a client for a specific region. If you use it locally, it is probably using the default region specified in your credentials file. But it is targeting a region every time you make a client. So if you can make a client in Lambda, you can target a different region in Lambda.

BTW, I have done exactly what you are asking to do--having a lambda in one region that does work on things in other regions. So it definitely works and is possible.

Shawn
  • 8,374
  • 5
  • 37
  • 60