Configure Services

Create S3 Bucket

Create a single S3 bucket that will contain the journey files for all workloads in that account.

  1. Log into the console via SSO, go to the S3 service page

  2. Click Create bucket

  3. Enter a Bucket name starting with cost (we have used cost-wa-reports, you will need to use a unique bucket name) and click Create bucket: Images/s3_bucketcreate.png

  4. Upload the following object into the bucket. Code/cost_journey.csv

You can edit this CSV file to customize your journey for your organization. The definitions used within this file are at the end of this lab in the tear down step.

You have now setup the S3 bucket which contains your organizations journey configuration, all the journeys for the workloads.

Create the Lambda Function

  1. Go to the Lambda Console

  2. Click Create function

  3. Select Author from scratch

  4. Enter a function name of Cost_W-A_Journey

  5. Select a runtime of Python 3.6, this is a specifically required version

  6. Under Permissions:

  • Execution role: Create a new role from AWS policy templates
  • Role name: extract-wa-reports_role
  1. Click Create function: Images/lambda_create.png

  2. Select the and paste the following code:

    Lambda function code
  3. Above the code click Configuration, select Environment variables Images/lambda_config.png

  4. Click Edit and add the following variables, then click Save

  • Image_XSize - 1440
  • Image_YSize - 900
  • S3_BUCKET - (the name of your bucket created previously)
  • S3_KEY - WorkloadReports Images/lambda_envvariables.png
  1. Select General configuration, click Edit, change the timeout to 1min, click Save

You have now created the lambda function, however we need to add permissions before its run

Create the IAM Role

Modify the IAM role that is used by the Lambda function, to allow access to your S3 bucket and your Well-Architected reviews.

  1. Go to the IAM Console

  2. Go to Roles and select the extract-wa-reports_role role

  3. Add an inline policy

  4. Modify the policy below replacing <S3_BUCKET_NAME>, and paste it into the json:

         "Version": "2012-10-17",
         "Statement": [
                 "Action": [
                 "Resource": "arn:aws:s3:::<S3_BUCKET_NAME>*",
                 "Effect": "Allow"
  5. Click Review policy, enter a name of WAReportAccess click Create policy

  6. Click Attach policies, and attach the WellArchitectedConsoleReadOnlyAccess


You have now added the required permissions and all configuration is complete.