Creating the Lambda function
The Lambda function is created with the deployment package generated in Preparing the deployment package. This package is uploaded directly to this Lambda function. The Lambda function has five configurable environment variables for severity, AWS region, DynamoDB table name, and IP block list file entry point.
- Create a function that authors from scratch.
- Give the function a unique name.
- For its Runtime, select Node.js 6.10.
- For Role, select Choose an existing role. Select the role created in Setting up the IAM role and policies.
- Set up the function code.
- For code entry type, select Upload a .ZIP file. The Function package field appears.
- For Function package, click Upload to upload the deployment package .zip file generated in Preparing the deployment package.
- For Handler, enter index.handler.
- Set up the environment variables. Note values for key fields are case-sensitive and should all be in upper case.
- Add a key MIN_SEVERITY and input a value of 3.
- Add a key S3_BUCKET and paste the name of the S3 bucket created in Setting up the S3 bucket. In this example, the S3 bucket name is my-aws-lambda-guardduty.
- Add a key S3_BLOCKLIST_KEY and input a value of ip_blocklist or a different name as desired.
- Add a key REGION and input the AWS region where your Lambda function and DynamoDB table are situated. For example, the region of US East (N. Virginia) is us-east-1. For information about AWS Regions, see AWS Regions and Endpoints.
- Add a key DDB_TABLE_NAME and input the name of the DynamoDB table created in Setting up the DynamoDB table. In this example, the DynamoDB table name is my-aws-lambda-guardduty-db.
- Save the Lambda function.