AWS Lambda Setup Guide
Prerequisites
To connect AWS Lambda functions to Fivetran, you need:
- An AWS Lambda function
- The ability to grant Fivetran role to invoke the Lambda function
Setup instructions
Begin Fivetran configuration
-
In the connector setup form, enter the Destination schema name of your choice.
-
Make a note of the External ID. You will need it to configure AWS to connect with Fivetran.
Create an IAM Policy
-
Open the Amazon IAM console.
-
Go to Access management > Policies.
-
Click Create policy.
-
In the Create policy window, go to the JSON tab.
-
Copy the following policy and paste it in the JSON tab, and then click Review policy.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "InvokePermission", "Effect": "Allow", "Action": [ "lambda:InvokeFunction" ], "Resource": "*" } ] } -
In the Review policy window, enter the policy name and add a description. For example, 'Fivetran-Lambda-Invoke'.
-
Click Create policy.
Create an IAM role
-
Go to Access management > Roles, and then select Create role.
-
In the Create role window, select Another AWS account, and then in the Account ID field, enter Fivetran's account ID,
834469178297.
-
In Options, check the Require external ID checkbox.
-
In the External ID field, enter the External ID you got from Step 1.
-
Click Next: Permissions.
-
Select the 'Fivetran-Lambda-Invoke' policy that you created in Step 2.
-
Click Next: Tags. Entering tags is optional, but you must click through the step.
-
Click Next: Review.
-
Name your new role 'Fivetran' and then click Create role.
-
Select the Fivetran role that you just created.
-
In the Summary section, make a note of the Role ARN value. You will need to enter this value in Step 5.
Create a Lambda function
-
Open AWS Lambda console.
-
Click Create function.
-
Select Blueprints if you want to create the function using an existing template, or select Author from scratch and enter the following information:
- Name
- Runtime (C#, Go, Java, Node.js, Python)
- Role
Note: If your created role is not appearing in the Existing role dropdown menu, you'll need to edit the trust relationship through the AWS IAM portal. The following steps will add Lambda services to your trusted relationships in addition to the Fivetran entity:
a. Select the designated Fivetran role.
b. In the Summary section, click the Trust Relationships tab, and then click Edit trust relationships.
c. On the next page, add the following snippet to your JSON code:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::834469178297:root" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "your_fivetran_externalID" } } }, { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }Your JSON policy document should like the one illustrated below.
d. Make sure that the External ID field has your External ID from Step 1. Click Update Trust Policy.
-
Add your code for the Lambda function. You can upload the code or write the code in the editor.
-
Click Save.
-
Click Configure test events to add new tests.
-
Select the Event template and the Event name.
-
Configure a test event. In the "api-key" field, enter the API key that you want the function to connect to.
-
Click Create.
-
Click Test to verify the Lambda function response.
Finish Fivetran configuration
-
In the connector setup form, enter the Role ARN you created in Step 3.
-
Enter the name of your Lambda function from Step 4.
-
Select your region.
-
Enter your secrets.
-
Click Save & Test. Fivetran will take it from here and sync your data from your AWS Lambda account.