Can you create Schema on RDS created with Cloudformation Using Lambda?

Question

We have a cloudfrormation script that creates our MS SQL Server DB.

We have a lambda function we run to load the schema from S3 and run it against our newly created DB.

We do have to update the Lambda function with the new DB security group/VPCs before we run it. We are running it manually right now using "test" mode.

Is it possible to run the Lambda function automatically from the cloudformation script?

Seems like the biggest issue would be adding the security groups/VPC to the Lambda function, but maybe we could create the Lambda function in the cloudformation script and assign the security at the same time.

Answer 1

Yes, it's possible to automatically invoke a Lambda function from a CloudFormation template. The best way to accomplish this would be to create a Custom Resource which executes your Lambda function when the Custom Resource is created/updated/deleted. (Add a conditional to your Lambda function to only execute your desired logic when event.RequestType == 'Create').

If you create your Lambda function using the AWS::Lambda::Function Resource, you can specify the VpcConfig property to configure the SecurityGroupIds and SubnetIds associated with the Lambda function to access your DB.

Note also the additional considerations necessary for Configuring a Lambda function for Amazon VPC Access. Using a Custom Resource will also require either outbound Internet Access for Lambda Functions, or a VPC Endpoint allowing the Lambda function to send callback responses to the cloudformation-custom-resource-response-[region] S3 bucket.