aws-lambda-kendra - AWS Solutions Constructs
OverviewPattern Construct PropsPattern PropertiesDefault settingsArchitectureGithub

aws-lambda-kendra

Stability:Experimental

Reference Documentation: https://docs.aws.amazon.com/solutions/latest/constructs/
Language Package

Python Logo Python

aws_solutions_constructs.aws_lambda_kendra

Typescript Logo Typescript

@aws-solutions-constructs/aws-lambda-kendra

Java Logo Java

software.amazon.awsconstructs.services.lambdakendra

Overview

This AWS Solutions Construct implements an AWS Lambda function and Amazon Kendra index with the least privileged permissions.

Here is a minimal deployable pattern definition:

Example
Typescript
import { Construct } from 'constructs';
import { Stack, StackProps, Aws } from 'aws-cdk-lib';
import { LambdaToKendra } from '@aws-solutions-constructs/aws-lambda-kendra';
import * as lambda from "aws-cdk-lib/aws-lambda";
import * as s3 from "aws-cdk-lib/aws-s3";

const lambdaProps: lambda.FunctionProps = {
  code: lambda.Code.fromAsset(`lambda`),
  runtime: lambda.Runtime.NODEJS_22_X,
  handler: 'index.handler'
};

new LambdaToKendra(this, 'sample', {
  lambdaFunctionProps: lambdaProps,
  kendraIndexProps: {},
  kendraDataSourceProps: [{
    type: 'S3',
    dataSourceConfiguration: {
      s3Configuration: {
        bucketName: 'your-bucket-name',
      }
    }
  ],
});
Python
TBD
Java
TBD

Pattern Construct Props

Name Type Description

existingLambdaObj?

lambda.Function

Optional - instance of an existing Lambda Function object, providing both this and lambdaFunctionProps will cause an error.

lambdaFunctionProps?

lambda.FunctionProps

Optional - user provided props to override the default props for the Lambda function. Providing both this and existingLambdaObj causes an error.

kendraIndexProps?

kendra.CfnIndexProps

Optional user provided props to override the default props for the Kendra index. Providing both these and existingKendraIndexObj is an error.

kendraDataSourcesProps

CfnDataSourceProps[]

A list of data sources that will provide data to the Kendra index. At least 1 must be specified. We will do majority of processing for some data sources (S3 crawler initially), but for others the props must be complete (e.g. proper roleArn, etc.)

indexPermissions?

string[]

Optional - index permissions to grant to the Lambda function. One or more of the following may be specified: Read, SubmitFeedback and Write. Default is ["Read", "SubmitFeedback"]. Read is all the operations IAM defines as Read and List. SubmitFeedback is only the SubmitFeedback action. Write is all the operations IAM defines as Write and Tag. This functionality may be overridden by providing a specific role arn in lambdaFunctionProps

existingKendraIndexObj?

kendra.cfnIndex

An existing Kendra index to which the Lambda function will be granted access. Supplying along with kendraIndexProps or kendraDataSourceProps will throw an error.

existingVpc?

ec2.IVpc

An optional, existing VPC into which this pattern should be deployed. When deployed in a VPC, the Lambda function will use ENIs in the VPC to access network resources. If an existing VPC is provided, the deployVpc property cannot be true. This uses ec2.IVpc to allow clients to supply VPCs that exist outside the stack using the ec2.Vpc.fromLookup() method.

vpcProps?

ec2.VpcProps

Optional user provided properties to override the default properties for the new VPC. enableDnsHostnames, enableDnsSupport, natGateways and subnetConfiguration are set by the pattern, so any values for those properties supplied here will be overridden. If deployVpc is not true then this property will be ignored.

deployVpc?

boolean

Whether to create a new VPC based on vpcProps into which to deploy this pattern. Setting this to true will deploy the minimal, most private VPC to run the pattern, consisting of (1) one isolated subnet in each Availability Zone used by the CDK program; and (2) enableDnsHostnames and enableDnsSupport both being set to true. If this property is true then existingVpc cannot be specified. Defaults to false.

Pattern Properties

Name Type Description

lambdaFunction

lambda.Function

Returns an instance of lambda.Function managed by the construct

kendraIndex

kendra.cfnIndex

Returns an instance of kendra.cfnIndex managed by the construct

kendraDataSources

DataSourceProperties[] (this interface is defined by Solutions Constructs and described below)

A list of data sources created for this construct/index, each in an object that includes the role for that data source.

lambdaRole

iam.Role

The role assumed by the Lambda function

vpc?

ec2.IVpc

Returns an interface on the VPC used by the pattern (if any). This may be a VPC created by the pattern or the VPC supplied to the pattern constructor.

interface DataSourceProperties { role?: iam.Role, source: | CfnDataSource } ## Lambda Function

This pattern requires a lambda function that can access a Kendra index.

Default settings

Out of the box implementation of the Construct without any overrides will set the following defaults:

AWS Lambda Function

  • Configure limited privilege access IAM role for Lambda function

  • Enable reusing connections with Keep-Alive for Node.js Lambda function

  • Enable X-Ray Tracing

  • Set Environment Variables

    • (default) KENDRA_INDEX_ID

    • AWS_NODEJS_CONNECTION_REUSE_ENABLED

Amazon Kendra Index

  • Creates Amazon Kendra endpoint in VPC if appropriate

  • Defaults to DEVELOPER_EDITION

Amazon Kendra DataSources

  • Sets up correct IAM roles to access data for:

    • S3 data sources

    • Which others should we support in MLP? https://docs.aws.amazon.com/kendra/latest/dg/iam-roles.html

  • Adds each data source to Kendra index

Architecture

Diagram showing the Lambda function, Kendra index, CloudWatch log group and IAM roles created by the construct

Github

Go to the Github repo for this pattern to view the code, read/create issues and pull requests and more.