AWS Lambda Setup Guide

---

Prerequisites

To connect AWS Lambda functions to Fivetran, you need:

• An AWS Lambda function
• The ability to grant Fivetran role to invoke the Lambda function

---

In AWS

Create an IAM Policy

This step allows Fivetran to access your Lambda function.

1. Open the Amazon IAM console.

2. Click "Policies", then "Create policy":

   

3. Click the "JSON" tab. Copy the below policy into the JSON tab, then click "Review policy":

   

   {
       "Version": "2012-10-17",
       "Statement": [
           {
               "Sid": "InvokePermission",
               "Effect": "Allow",
               "Action": [
                   "lambda:InvokeFunction"
               ],
               "Resource": "*"
           }
       ]
   }
   

4. On the Review policy page, add a name and description for the policy, e.g. Fivetran-Lambda-Invoke and click on Create policy.

   

Create an IAM role

1. Click "Roles" from the sidebar menu, then "Create role":

   

2. Select type of trusted entity "Another AWS account" and enter Fivetran's account ID 834469178297

   

3. Click options, "Require external ID" and enter External ID (which you will find in the setup wizard)

   

4. Click "Next: Permissions"

   

5. Find and select the policy name that you created earlier, then click "Next: Review”

   

6. Name the role (preferably "Fivetran") and click "Create Role":

   

7. Click the role you just created (may take a few seconds to populate) and get the "Role ARN" and copy it as it will be used in the wizard.

   

Create a Lambda function

1. Open AWS Lambda console

2. Click "Create function"

   

3. Select "Blueprints" if you want to create code using some existing Lambda function, otherwise select "Author from scratch" and enter the following information.

   • Name
   • Runtime (C#, Go, Java, Node.js, Python)
   • Role
   

   Note: If your created role is not appearing under "Existing Roles," you'll need to edit the trust relationship through the AWS IAM portal. This step will add Lambda services to your trusted relationships in addition to the Fivetran entity. Select your designated Fivetran Role and it will bring you to this page:

   

   Click the "Trust Relationships" tab and then click "Edit Trust Relationships." In the next page, add this snippet to your JSON code so that your JSON policy document looks like this one below. Make sure that the External ID field has your ExternalID from the set up page in the UI.

   {
     "Version": "2012-10-17",
     "Statement": [
       {
         "Effect": "Allow",
         "Principal": {
           "AWS": "arn:aws:iam::834469178297:root"
         },
         "Action": "sts:AssumeRole",
         "Condition": {
           "StringEquals": {
             "sts:ExternalId": "your_fivetran_externalID"
           }
         }
       },
       {
         "Effect": "Allow",
         "Principal": {
           "Service": "lambda.amazonaws.com"
         },
         "Action": "sts:AssumeRole"
       }
     ]
   }
   

   

   Click "Update Trust Policy"

4. Add your code for the Lambda function. You can upload the code or write the code in the editor provided.

   

5. Click "Save"

   

6. Click "Configure test events" for adding new tests.

   

7. Select "Event Template", "Event Name".

8. Configure a test event. In the "api-key" field, enter the API key that you want the function to connect to. Click "Create."

   

9. Click "Test" to verify Lambda function response

   

---

In Fivetran

1. In the top right corner of your Fivetran Dashboard, click on + Connector.

2. Select the AWS Lambda connector to launch the setup form.

3. In the setup form, enter your Destination schema name.

4. Enter your Role ARN, Lambda function, region, and secrets.

5. Click Save & Test. Fivetran will take it from here and sync your data from your AWS Lambda account.