Writing PowerShell Core AWS Lambda Functions – Part V


In this fifth and final blog, we’re going to package and publish our recently completed PowerShell Lambda function. We’ll configure an IAM role to allowing publishing, reconfigure our Lex ‘bot to point to the Lambda, and give it a spin from Messenger on a couple of devices. 🙂

NOTE: All of the code over the five blogs is available at my github repository.

The Story So Far…

At this point, we have in place connectivity between our Facebook app and Lex, have written our PowerShell Lambda function, and tested it locally.


It’s important to bear in mind that processing of both AWS Tools for PowerShell and AWS Lambda PS Core cmdlets requires a set of AWS credentials (unless the command explicitly does not access AWS resources). These are used to sign the associated request, validating the authenticity of the source. Several methods exist for passing of credentials in requests. These vary from per command to as-default and may be assumed or specified.

The following steps will require one of these methods mentioned to be in place. For reference information on getting credentials setup for use with PowerShell, consult the Using AWS Credentials section of the AWS Tools for PowerShell documentation.

Publish the Package

Navigate to your project’s directory, and enter the following, choosing values for -Name and -ScriptPath that match your requirements.

In my case, the package will be called Get-Synopsis, and the source script file, GetSynopsis.ps1 is located within the GetSynopsis sub-directory.

Publish-AWSPowerShellLambda -Name Get-Synopsis -ScriptPath ./GetSynopsis/GetSynopsis.ps1

Shortly after, when the .zip file has been created of the package, you will be prompted to choose an IAM role for the Lambda function. Note that it is possible to specify the role via one of the cmdlet parameters, but we’re doing this manually to get a feel for what is being done.

  • Choose ### Create new IAM Role ###
  • At the Enter name of the new IAM Role prompt, enter aws-lambda-lex

Then you’ll be asked to chose an IAM Policy that will be attached to the new role.

Select the option that corresponds to AWSLambdaBasicExecutionRole (Provides write permissions to CloudWatch Logs.)

The process will then continue and soon after display a message confirming that the Lambda function has been created.

Verify IAM

Let’s check and see what’s been created in IAM.

  • Go to the main AWS console screen
  • Click Services
  • Click IAM
  • Click Roles

You should see a new role, called aws-lambda-lex. Click on it.

It will have the policy we specified, AWSLambdaBasicExecutionRole, assigned to it.

Check the Lambda

Let’s check the Lambda console section to validate that our package is setup.

  • Go to the main AWS console screen
  • Click Services
  • Click Lambda
  • Check the list on the right hand side for Get-Synopsis

Click Get-Synopsis to have a look at the configuration

Configure Lex

Now, we need to change the Lex configuration so that it triggers the Lambda function.

  • Click Services
  • Click Amazon Lex
  • Click MyPowerShellHelpBot
  • Go to the Fulfillment section
  • For Lambda function, select Get-Synopsis
  • For Version or alias, ensure it is set to Latest

If you are prompted to give permission to allow Lex to invoke Get-Synopsis, click OK

  • Click Save Intent
  • Click Build
  • After confirmation that the bot has built, the test window will open
  • Enter I want help with Get-EC2Host and press return.

  • Looks good! Click Publish
  • Select Prod from the drop down list
  • Click Publish
  • Click Close once the publishing is complete

Test from Messenger

Let’s test this both from our system and also phone.

  • If you need the link to the Messenger page, do the following:
    • Go to https://developers.facebook.com/
    • Click My Apps
    • Click AWS PowerShell Help
    • Under Products click Messenger
    • Click Settings
    • Scroll down to App Review for Messenger and click Page Settings at the bottom of it
    • In the Your Messenger Link, click Copy Link
  • Go to your web browser, and type/paste into the address bar the URL for the Messenger page.
  • Enter the same text as above, I want help with Get-EC2Host
  • You should see output similar to below:

  • Now go to your mobile device
  • Access Messenger, using either the link from above, or the client itself. If using the latter, you will also need to create a new message and enter the page name in the To: section.
  • Enter I want help with Get-S3Object
  • You should see output similar to the following (note that you’ll also see the request you have just done on the other system):


Congratulations! You’ve reached the end of this blog series on writing PowerShell Core Lambda functions and now have an interactive, cross platform, mobile help facility for the AWS PowerShell cmdlets available.

Keep an eye out for forthcoming blogs about PowerShell Core Lambda functions.

Thanks for reading! Feedback welcome!


Leave a Reply

Your email address will not be published. Required fields are marked *