Adding the Amazon AppConfig Agent Lambda extension by using a layer and an ARN

Adding the Amazon AppConfig Agent Lambda extension

To use the Amazon AppConfig Agent Lambda extension, you need to add the extension to your Lambda. This can be done by adding the Amazon AppConfig Agent Lambda extension to your Lambda function as a layer or by enabling the extension on a Lambda function as a container image.

Note

The Amazon AppConfig extension is runtime agnostic and supports all runtimes.

Before you begin

Before you enable the Amazon AppConfig Agent Lambda extension, do the following:

Organize the configurations in your Lambda function so that you can externalize them into Amazon AppConfig.
Create Amazon AppConfig artifacts and configuration data, including feature flags or freeform configuration data. For more information, see Creating feature flags and free form configuration data in Amazon AppConfig.
Add appconfig:StartConfigurationSession and appconfig:GetLatestConfiguration to the Amazon Identity and Access Management (IAM) policy used by the Lambda function execution role. For more information, see Amazon Lambda execution role in the Amazon Lambda Developer Guide. For more information about Amazon AppConfig permissions, see Actions, resources, and condition keys for Amazon AppConfig in the Service Authorization Reference.

Adding the Amazon AppConfig Agent Lambda extension by using a layer and an ARN

To use the Amazon AppConfig Agent Lambda extension, you add the extension to your Lambda function as a layer. For information about how to add a layer to your function, see Configuring extensions in the Amazon Lambda Developer Guide. The name of the extension in the Amazon Lambda console is Amazon-AppConfig-Extension. Also note that when you add the extension as a layer to your Lambda, you must specify an Amazon Resource Name (ARN). Choose an ARN from one of the following lists that corresponds with the platform and Amazon Web Services Region where you created the Lambda.

If you want to test the extension before you add it to your function, you can verify that it works by using the following code example.


import urllib.request
                

def lambda_handler(event, context):
    url = f'http://localhost:2772/applications/application_name/environments/environment_name/configurations/configuration_name'
    config = urllib.request.urlopen(url).read()
    return config

To test it, create a new Lambda function for Python, add the extension, and then run the Lambda function. After you run the Lambda function, the Amazon AppConfig Lambda function returns the configuration you specified for the http://localhost:2772 path. For information about creating a Lambda function, see Create a Lambda function with the console in the Amazon Lambda Developer Guide.

Important

You can view log data for the Amazon AppConfig Agent Lambda extension in the Amazon Lambda logs. Log entries are prefaced with appconfig agent. Here's an example.


[appconfig agent] 2024/05/07 04:19:01 ERROR retrieve failure for 'SourceEventConfig:SourceEventConfigEnvironment:SourceEventConfigProfile': StartConfigurationSession: api error AccessDenied: User: arn:aws:sts::0123456789:assumed-role/us-east-1-LambdaRole/extension1 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::0123456789:role/test1 (retry in 60s)

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Understanding how the Amazon AppConfig Agent Lambda extension works

Configuring the Amazon AppConfig Agent Lambda extension