Prerequisites for Protecting Lambda Functions in Appranix
Appranix requires storage buckets for storing your Lambda backups in both the primary and recovery regions.
Create a Storage Bucket Through CLI Using Appranix Custom Script
- Open the following URL in your web browser (http://tools.appranix.net/scripts/ars/lambda/lambda-s3-protection-setup.sh)
- Copy the code provided and save it as a .sh file on your local system
- Connect to your AWS account using either the local CLI or through AWS portal CMD prompt
- In your CLI, navigate to the path where the .sh file is located
- Ensure that the .sh file has executable permissions (Use chmod +x file-name.sh command for setting the executable permissions )
- Run the script using the following command (sh file-name.sh)
- Enter your source region where the Lambda function is located. The value should be a region code (e.g., us-east-1), not a region name (e.g., N. Virginia)
- Provide a globally unique bucket name
- Enter the number of replication regions
- Enter your replication region. The value should be a region code (e.g., us-east-1), not a region name (e.g., N. Virginia)
- Provide a globally unique bucket name for replication
- Enter the Role ARN that you have created for Appranix to discover this account
- Press Enter to execute the script
Manually Create a Storage Bucket in AWS portal.**
- Log in to the AWS console and search for "S3 bucket"
- Click on "Create bucket"
- In the create bucket wizard, enter a globally unique bucket name
- Choose your primary region as the bucket region
- Enable the bucket versioning option
- Leave all other settings as default and proceed to create the bucket
- After the creation is complete, navigate to the "Permissions" tab in the bucket
- Scroll down to the "Bucket Policy" section and click "Edit"
-
Paste the following bucket permission JSON,
* Replace "arn:aws:iam::95XXXXXXXX40:role/ax-role-e1XXXXXXf3" with the Role ARN created for Appranix in your AWS account * Replace "bucket-a-us-east-1" with your actual bucket name * Save the changes * Repeat the above steps to create a storage bucket for the recovery region. Choose the recovery region as the bucket region{ "Version": "2012-10-17", "Statement": [ { "Sid": "AppranixObjectPermission", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::95XXXXXXXX40:role/ax-role-e1XXXXXXf3" }, "Action": [ "s3:DeleteObjectTagging", "s3:PutObject", "s3:GetObject", "s3:DeleteObjectVersion", "s3:PutObjectTagging", "s3:DeleteObject", "s3:GetObjectVersion", "s3:PutObjectVersionTagging" ], "Resource": "arn:aws:s3:::bucket-a-us-east-1/*" } ] }
Note
After completing the S3 bucket creation, trigger a Cloud Connection discovery sync. Once all the created buckets are discovered, proceed with Cloud Assembly creation.