Whenever you retailer information in Amazon Simple Storage Service (S3), you may simply share it to be used by a number of purposes. Nevertheless, every utility has its personal necessities and may have a unique view of the information. For instance, a dataset created by an e-commerce utility might embody personally identifiable data (PII) that isn’t wanted when the identical information is processed for analytics and ought to be redacted. On the opposite facet, if the identical dataset is used for a advertising marketing campaign, chances are you’ll want to counterpoint the information with extra particulars, corresponding to data from the shopper loyalty database.

To supply totally different views of knowledge to a number of purposes, there are presently two choices. You both create, retailer, and keep extra spinoff copies of the information, so that every utility has its personal customized dataset, otherwise you construct and handle infrastructure as a proxy layer in entrance of S3 to intercept and course of information as it’s requested. Each choices add complexity and prices, so the S3 crew determined to construct a greater answer.

Immediately, I’m very glad to announce the provision of S3 Object Lambda, a brand new functionality that permits you to add your personal code to course of information retrieved from S3 earlier than returning it to an utility. S3 Object Lambda works along with your current purposes and makes use of AWS Lambda features to robotically course of and remodel your information as it’s being retrieved from S3. The Lambda perform is invoked inline with a typical S3 GET request, so that you don’t want to vary your utility code.

On this means, you may simply current a number of views from the identical dataset, and you’ll replace the Lambda features to change these views at any time.

Architecture diagram.

There are a lot of use circumstances that may be simplified by this method, for instance:

  • Redacting personally identifiable data for analytics or non-production environments.
  • Changing throughout information codecs, corresponding to changing XML to JSON.
  • Augmenting information with data from different companies or databases.
  • Compressing or decompressing recordsdata as they’re being downloaded.
  • Resizing and watermarking photographs on the fly utilizing caller-specific particulars, such because the consumer who requested the article.
  • Implementing customized authorization guidelines to entry information.

You can begin utilizing S3 Object Lambda with just a few easy steps:

  1. Create a Lambda Perform to rework information on your use case.
  2. Create an S3 Object Lambda Entry Level from the S3 Management Console.
  3. Choose the Lambda perform that you simply created above.
  4. Present a supporting S3 Access Point to offer S3 Object Lambda entry to the unique object.
  5. Replace your utility configuration to make use of the brand new S3 Object Lambda Entry Level to retrieve information from S3.

To get a greater understanding of how S3 Object Lambda works, let’s put it in observe.

Easy methods to Create a Lambda Perform for S3 Object Lambda
To create the perform, I begin by trying on the syntax of the enter occasion the Lambda perform receives from S3 Object Lambda:

    "xAmzRequestId": "1a5ed718-5f53-471d-b6fe-5cf62d88d02a",
        "inputS3Url": "https://myap-123412341234.s3-accesspoint.us-east-1.amazonaws.com/s3.txt?X-Amz-Safety-Token=...",
        "outputRoute": "io-iad-cell001",
        "outputToken": "..."
        "accessPointArn": "arn:aws:s3-object-lambda:us-east-1:123412341234:accesspoint/myolap",
        "supportingAccessPointArn": "arn:aws:s3:us-east-1:123412341234:accesspoint/myap",
        "payload": "take a look at"
        "url": "/s3.txt",
            "Host": "myolap-123412341234.s3-object-lambda.us-east-1.amazonaws.com",
            "Settle for-Encoding": "id",
            "X-Amz-Content material-SHA256": "e3b0c44297fc1c149afbf4c8995fb92427ae41e4649b934ca495991b7852b855"
        "sort": "IAMUser",
        "principalId": "...",
        "arn": "arn:aws:iam::123412341234:consumer/myuser",
        "accountId": "123412341234",
        "accessKeyId": "..."
    "protocolVersion": "1.00"

The getObjectContext property accommodates a number of the most helpful data for the Lambda perform:

  • The inputS3Url is a presigned URL that the perform can use to obtain the unique object from the supporting Entry Level. On this means, the Lambda perform doesn’t must have S3 learn permissions to retrieve the unique object and might solely entry the article processed by every invocation.
  • The outputRoute and the outputToken are two parameters which might be used to ship again the modified object utilizing the new WriteGetObjectResponse API.

The configuration property accommodates the Amazon Resource Name (ARN) of the Object Lambda Entry Level and of the supporting Entry Level.

The userRequest property offers extra data of the unique request, corresponding to the trail within the URL, and the HTTP headers.

Lastly, the userIdentity part returns the small print of who made the unique request and can be utilized to customise entry to the information.

Now that I do know the syntax of the occasion, I can create the Lambda perform. To maintain issues easy, right here’s a perform written in Python that adjustments all textual content within the authentic object to uppercase:

import boto3
import requests

def lambda_handler(occasion, context):

    object_get_context = occasion["getObjectContext"]
    request_route = object_get_context["outputRoute"]
    request_token = object_get_context["outputToken"]
    s3_url = object_get_context["inputS3Url"]

    # Get object from S3
    response = requests.get(s3_url)
    original_object = response.content material.decode('utf-8')

    # Remodel object
    transformed_object = original_object.higher()

    # Write object again to S3 Object Lambda
    s3 = boto3.consumer('s3')

    return 'status_code': 200

Trying on the code of the perform, there are three major sections:

  • First, I take advantage of the inputS3Url property of the enter occasion to obtain the unique object. For the reason that worth is a presigned URL, the perform doesn’t want permissions to learn from S3.
  • Then, I remodel the textual content to be all uppercase. To customise the conduct of the perform on your use case, that is the half it’s good to change. For instance, to detect and redact personally identifiable data (PII), I can use Amazon Comprehend to locate PII entities with the DetectPiiEntities API and change them with asterisks or an outline of the redacted entity sort.
  • Lastly, I take advantage of the new WriteGetObjectResponse API to ship the results of the transformation again to S3 Object Lambda. On this means, the remodeled object will be a lot bigger than the utmost measurement of the response returned by a Lambda perform. For bigger objects, the WriteGetObjectResponse API helps chunked transfer encoding to implement a streaming information switch. The Lambda perform solely must return the standing code (200 OK on this case), eventual errors, and optionally customise the metadata of the returned object as described within the S3 GetObject API.

I bundle the perform, together with the dependencies, and add it to Lambda. Be aware that the utmost period for a Lambda perform utilized by S3 Object Lambda is 60 seconds, and that the Lambda perform wants AWS Identity and Access Management (IAM) permissions to name the WriteGetObjectResponse API.

Easy methods to Create an S3 Object Lambda Entry Level from the Console
Within the S3 console, I create an S3 Entry Level on certainly one of my S3 buckets:

S3 console screenshot.

Then, I create an S3 Object Lambda Entry Level utilizing the supporting Entry Level I simply created. The Lambda perform goes to make use of the supporting Entry Level to obtain the unique objects.

S3 console screenshot.

Through the configuration of the S3 Object Lambda Entry Level as proven under, I choose the newest model of the Lambda perform I created above. Optionally, I can allow assist for requests utilizing a byte range, or utilizing part numbers. For now, I go away them disabled. To know how to use byte range and part numbers with S3 Object Lambda, please see the documentation.

S3 console screenshot.

When configuring the S3 Object Lambda Entry Level, I can arrange a string as a payload that’s handed to the Lambda perform in all invocations coming from that Entry Level, as you may see within the configuration property of the pattern occasion I described earlier than. On this means, I can configure the identical Lambda perform for a number of S3 Object Lambda Entry Factors, and use the worth of thepayload to customise the conduct for every of them.

S3 console screenshot.

Lastly, I can arrange a coverage, much like what I can do with regular S3 Entry Factors, to supply entry to the objects accessible by this Object Lambda Entry Level. For now, I hold the coverage empty. Then, I go away the default possibility to dam all public entry and create the Object Lambda Entry Level.

Now that the S3 Object Lambda Entry Level is prepared, let’s see how I can use it.

Easy methods to Use the S3 Object Lambda Entry Level
Within the S3 console, I choose the newly created Object Lambda Entry Level. Within the properties, I copy the ARN to have it out there later.

S3 console screenshot.

With the AWS Command Line Interface (CLI), I add a textual content file containing just a few sentences to the S3 bucket behind the S3 Object Lambda Entry Level:

aws cp s3.txt s3://danilop-data/

Utilizing S3 Object Lambda with my current purposes may be very easy. I simply want to switch the S3 bucket with the ARN of the S3 Object Lambda Entry Level and replace the AWS SDKs to just accept the brand new syntax utilizing the S3 Object Lambda ARN.

For instance, it is a Python script that downloads the textual content file I simply uploaded: first, straight from the S3 bucket, after which from the S3 Object Lambda Entry Level. The one distinction between the 2 downloads is the worth of the Bucket parameter.

import boto3

s3 = boto3.consumer('s3')

print('Authentic object from the S3 bucket:')
authentic = s3.get_object(

print('Object processed by S3 Object Lambda:')
remodeled = s3.get_object(

I begin the script on my laptop computer:

python3 read_original_and_transformed_object.py

And that is the end result I get:

Authentic object on S3:
Amazon Easy Storage Service (Amazon S3) is an object storage service that provides industry-leading scalability, information availability, safety, and efficiency. This implies clients of all sizes and industries can use it to retailer and defend any quantity of knowledge for a spread of use circumstances, corresponding to information lakes, web sites, cell purposes, backup and restore, archive, enterprise purposes, IoT units, and massive information analytics.

Object processed by S3 Object Lambda:

The primary output is downloaded straight from the supply bucket, and I see the unique content material as anticipated. The second time, the article is processed by the Lambda perform as it’s being retrieved and, because the end result, all textual content is uppercase!

Extra Use Instances for S3 Object Lambda
When retrieving an object utilizing S3 Object Lambda, there isn’t a want for an object with the identical title to exist within the S3 bucket. The Lambda perform can use data within the title of the file or within the HTTP headers to generate a customized object.

For instance, should you ask to make use of an S3 Object Lambda Entry Level for a picture with title sunset_600x400.jpg, the Lambda perform can search for a picture named sundown.jpg and resize it to suit the utmost width and peak as described within the file title. On this case, the Lambda perform would wish entry permission to learn the unique picture, as a result of the article secret is totally different from what was used within the presigned URL.

One other fascinating use case could be to retrieve JSON or CSV paperwork, corresponding to order.json or gadgets.csv, which might be generated on the fly primarily based on the content material of a database. The metadata within the request HTTP headers can be utilized to cross the orderId to make use of. As standard, I anticipate our clients’ creativity to far exceed the use circumstances I described right here.

Right here’s a brief video describing how S3 Object Lambda works and the way you need to use it:

Availability and Pricing
S3 Object Lambda is on the market as we speak in all AWS Areas apart from the Asia Pacific (Osaka), AWS GovCloud (US-East), AWS GovCloud (US-West), China (Beijing), and China (Ningxia) Areas. You need to use S3 Object Lambda with the AWS Management Console, AWS Command Line Interface (CLI), and AWS SDKs. Presently, the AWS CLI high-level S3 instructions, corresponding to aws s3 cp, don’t assist objects from S3 Object Lambda Entry Factors, however you need to use the low-level S3 API instructions, corresponding to aws s3api get-object.

With S3 Object Lambda, you pay for the AWS Lambda compute and request prices required to course of the information, and for the information S3 Object Lambda returns to your utility. You additionally pay for the S3 requests which might be invoked by your Lambda perform. For extra pricing data, please see the Amazon S3 pricing page.

This new functionality makes it a lot simpler to share and convert information throughout a number of purposes.

Start using S3 Object Lambda to simplify your storage architecture today.


Leave a Reply

Your email address will not be published. Required fields are marked *