GitHub Actions can be used to do something whenever something happens in one of your GitHub repositories.
For example, let's say you have a repository named "lambda" that contains an Amazon Web Services (AWS) Lambda Function, perhaps something a simple as this.
import json
def lambda_handler(event, context):
return {
'statusCode': 200,
'body': json.dumps({
"greeting": "Hello World"
})
}
You can create a GitHub Action that will update the Lambda Function when a change is made to the Lambda Function in your GitHub repository. If you are not familiar with GitHub Actions, check out my article Getting Started with GitHub Actions.
For example, your GitHub Action YAML could have something like this. Notice in this example that OpenID Connect (OIDC) is being used to authenticate to Amazon Web Services. If you are not familair with this, check out my article Authenticate to Amazon Web Services (AWS) in GitHub Action.
name: GitHub Action - SendGrid repository
run-name: ${{ github.workflow }} run by ${{ github.actor }}
on:
push:
branches:
- main
permissions:
id-token: write
contents: read
jobs:
github-action-update-lambda:
runs-on: ubuntu-latest
steps:
- name: Checking out the repository code
uses: actions/checkout@v4
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::123456789012:role/GitHubAction-AssumeRoleWithAction
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: us-east-1
- run: zip -j lambda.zip ./lambda_function.py
- run: aws lambda update-function-code --function-name foo --zip-file=fileb://lambda.zip
- run: echo "job.status -> ${{ job.status }}"
You will also need to ensure that your Amazon Web Services IAM role allows Lambda Update. The aws iam attach-role-policy command can be used to attach the AWSLambda_FullAccess policy to your GitHub Actions role.
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AWSLambda_FullAccess --role-name GitHubAction-AssumeRoleWithAction
Did you find this article helpful?
If so, consider buying me a coffee over at