How do I migrate a Lambda function to another AWS account or Region using an AWS SAM file?

Last updated: 2021-02-03

I need to move an AWS Lambda function from one AWS account (or AWS Region) to another. How can I do that using an AWS Serverless Application Model (AWS SAM) file?

Short description

To migrate a Lambda function to another AWS account or Region using an AWS SAM file, do the following:

1.    Download the AWS SAM file for the Lambda function along with its deployment package.

2.     Upload the Lambda function’s deployment package to an Amazon Simple Storage Service (Amazon S3) bucket in the AWS Region that you’re migrating the function to.

3.    Use the AWS SAM file and AWS CloudFormation to deploy and manage a new Lambda function in another AWS account or Region.

For more information, see Deploying a Hello World application.

Note: You can also migrate a Lambda function using the Lambda console or the AWS Command Line Interface (AWS CLI).

Resolution

Download the Lambda function AWS SAM file and its deployment package

1.    In the Lambda console, choose Functions on the left panel.

2.    Choose the name of the Lambda function that you want to migrate.

3.    In the Lambda function window, choose Actions, and then select Export Function.

4.    In the Export function window, choose Download AWS SAM file.

5.    After the AWS SAM file is downloaded, return to the Export function window and choose Download deployment package to download the deployment package.

Upload the Lambda function’s deployment package to an Amazon S3 bucket located in the AWS Region that you’re migrating the function to

1.    Sign in to the Amazon S3 console using the AWS account you want to migrate the Lambda function to.

2.    In the Buckets list, choose the name of the S3 bucket that you want to upload your files to.

3.    Choose Upload.

4.    On the Upload page, choose Add files.

5.    Choose the Lambda function’s deployment package that you downloaded. Then, choose Open.

6.    Choose Upload.

7.    Choose Files and folders, and then select the deployment package file name to open it.

8.    In the Object Overview section of the file, note the S3 URI value, which is the S3 path location for the deployment package. Save the value for use in the next step.

Use the AWS SAM file and AWS CloudFormation to deploy and manage a new Lambda function in another AWS account or Region

1.    Open the Lambda function AWS SAM file that you downloaded.

Example Lambda function AWS SAM file code

AWSTemplateFormatVersion: '2010-09-09'
Transform: 'AWS::Serverless-2016-10-31'
Description: An AWS Serverless Specification template describing your function.
Resources:
  MyLambdaFunction:
    Type: 'AWS::Serverless::Function'
    Properties:
      Handler: lambda_function.lambda_handler
      Runtime: python3.6
      CodeUri: .                #S3 bucket Link
      Description: ''
      MemorySize: 128
      Timeout: 6
      Role: 'arn:aws:iam::733097455070:role/service-role/FirstLambdaPolicy'    #Replace
      Environment:
        Variables:
          homelocation: .tmp
      Tags:
        sampleTag: test
      Tracing: Active

2.    After CodeUri, replace the dot (.) with the S3 path location of the Lambda deployment package that you retrieved in the previous step.

Important: Make sure that the IAM user that creates the CloudFormation stack has 's3:GetObject' permission for this S3 object.

3.    For migrating a function to another AWS account, do the following:
For the Role: value, delete the existing IAM role ARN. Then, replace the value with the IAM role ARN in the second AWS account.
For functions with layers, add a permission in the layer for the second AWS account that allows that layer to use the first account's layer. Or, replace the Lambda layer ARN in the AWS SAM file with the Lambda layer ARN in the second AWS account.

-or-

For migrating a function to another AWS Region, do the following:
For the Role: value, continue using the existing IAM role ARN.
For functions with layers, replace the Lambda layer ARN with the Lambda layer ARN in the second AWS Region.

Important: For functions in a virtual private cloud (VPC), replace the values for SecurityGroupdIds and SubnetIds with the resources in the second AWS account or Region.

4.    For functions with event sources, remove the code for recreating the event sources in the second AWS account or Region from the AWS SAM file. Then, replace the values after Events: with the event sources in the second AWS account or Region.

5.    Use the edited AWS SAM file to create an AWS CloudFormation stack in the second AWS account or Region you want to migrate the function to.

Note: After you create the AWS CloudFormation stack, the migrated Lambda function appears in your Lambda console.


Did this article help?


Do you need billing or technical support?