Prerequisite for Protecting Lambda Functions in Appranix

Appranix requires storage buckets for storing your Lambda backups in both the primary and recovery regions.

Follow the below steps for creating the storage bucket through CLI using Appranix custom script,

• Open the following URL in your web browser (http://tools.appranix.net/scripts/ars/lambda/lambda-s3-protection-setup.sh)
• Copy the code provided and save it as a .sh file on your local system
• Connect to your AWS account using either the local CLI or through AWS portal CMD prompt
• In your CLI, navigate to the path where the .sh file is located
• Ensure that the .sh file has executable permissions (Use chmod +x file-name.sh command for setting the executable permissions )
• Run the script using the following command (sh file-name.sh)
• Enter your source region where the Lambda function is located. The value should be a region code (e.g., us-east-1), not a region name (e.g., N. Virginia)
• Provide a globally unique bucket name
• Enter the number of replication regions
• Enter your replication region. The value should be a region code (e.g., us-east-1), not a region name (e.g., N. Virginia)
• Provide a globally unique bucket name for replication
• Enter the Role ARN that you have created for Appranix to discover this account
• Press Enter to execute the script

Follow the below steps for creating the storage bucket manually through AWS portal.

• Log in to the AWS console and search for "S3 bucket"
• Click on "Create bucket"
• In the create bucket wizard, enter a globally unique bucket name
• Choose your primary region as the bucket region
• Enable the bucket versioning option
• Leave all other settings as default and proceed to create the bucket
• After the creation is complete, navigate to the "Permissions" tab in the bucket
• Scroll down to the "Bucket Policy" section and click "Edit"
• Paste the following bucket permission JSON,

       {
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Sid": "AppranixObjectPermission",
                    "Effect": "Allow",
                    "Principal": {
                        "AWS": "arn:aws:iam::95XXXXXXXX40:role/ax-role-e1XXXXXXf3"
                    },
                    "Action": [
                        "s3:DeleteObjectTagging",
                        "s3:PutObject",
                        "s3:GetObject",
                        "s3:DeleteObjectVersion",
                        "s3:PutObjectTagging",
                        "s3:DeleteObject",
                        "s3:GetObjectVersion",
             "s3:PutObjectVersionTagging"
                    ],
                    "Resource": "arn:aws:s3:::bucket-a-us-east-1/*"
                }
            ]
       }

• Replace "arn:aws:iam::95XXXXXXXX40:role/ax-role-e1XXXXXXf3" with the Role ARN created for Appranix in your AWS account
• Replace "bucket-a-us-east-1" with your actual bucket name
• Save the changes
• Repeat the above steps to create a storage bucket for the recovery region. Choose the recovery region as the bucket region

Note: After completing the S3 bucket creation, trigger a Cloud Connection discovery sync. Once all the created buckets are discovered, proceed with Cloud Assembly creation