Update to use published package & refer to docs

Sushisource · Sushisource · commit d92e572429c5 · 2026-05-04T09:31:25.000-07:00
diff --git a/lambda_worker/README.md b/lambda_worker/README.md
@@ -35,13 +35,30 @@ any Workflow/Activity definitions.
 
 ## Setup
 
-### 1. Configure Temporal connection
+The instructions here are a slimmed down version of the more complete getting started guide which
+you can find [here](https://docs.temporal.io/production-deployment/worker-deployments/serverless-workers/aws-lambda).
+
+### 1. Create a lambda function for your Python worker
+
+Use either the AWS web UI or CLI to create a Python runtime Lambda function. Ex:
+
+```bash
+aws lambda create-function \
+  --function-name my-temporal-worker \
+  --runtime python3.13 \
+  --handler lambda_function.lambda_handler \
+  --role arn:aws:iam::<YOUR_ACCOUNT_ID>:role/my-temporal-worker-execution \
+  --timeout 600 \
+  --memory-size 256
+```
+
+### 2. Configure Temporal connection
 
 Edit `temporal.toml` with your Temporal Cloud namespace address and credentials. In production,
 we'd recommend reading your credentials from a secret store, but to keep this example simple
 the toml file defaults to reading them from keys bundled along with the Lambda code.
 
-### 2. Create the IAM role
+### 3. Create the IAM role
 
 This creates the IAM role that Temporal Cloud assumes to invoke your Lambda function:
 
@@ -52,7 +69,7 @@ This creates the IAM role that Temporal Cloud assumes to invoke your Lambda func
 The External ID is provided by Temporal Cloud in your namespace's serverless worker
 configuration.
 
-### 3. (Optional) Enable OpenTelemetry
+### 4. (Optional) Enable OpenTelemetry
 
 If you want traces, metrics, and logs, you'll have to attach the ADOT layet to your Lambda function.
 You will need to add the appropriate layer for your runtime and region. See [this page
@@ -67,7 +84,7 @@ Then run the extra setup to grant the Lambda role the necessary permissions:
 
 Update `otel-collector-config.yaml` with your function name and region as needed.
 
-### 4. Deploy the Lambda function
+### 5. Deploy the Lambda function
 
 ```bash
 ./deploy-lambda.sh <function-name>
@@ -76,7 +93,11 @@ Update `otel-collector-config.yaml` with your function name and region as needed
 This installs Python dependencies, bundles them with your code and configuration files,
 and uploads to AWS Lambda.
 
-### 5. Start a Workflow
+### 6. Configure Temporal to be able to invoke your lambda function
+
+Refer to the docs [here](https://docs.temporal.io/production-deployment/worker-deployments/serverless-workers/aws-lambda#create-worker-deployment-version).
+
+### 7. Start a Workflow
 
 Use the starter program to execute a Workflow on the Lambda worker, using
 the same config file the Lambda uses for connecting to the server:
diff --git a/lambda_worker/deploy-lambda.sh b/lambda_worker/deploy-lambda.sh
@@ -3,21 +3,11 @@ set -euo pipefail
 
 FUNCTION_NAME="${1:?Usage: deploy-lambda.sh <function-name>}"
 SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
-SDK_DIR="$SCRIPT_DIR/../../sdk-python"
 
-# Install the published temporalio package (Linux wheels) and OTel dependencies
-# TODO: Remove explicit OTel deps once lambda-worker-otel extra is published
-uv pip install --target "$SCRIPT_DIR/package" --python-platform x86_64-unknown-linux-gnu --no-build \
-    temporalio \
-    "opentelemetry-api>=1.11.1,<2" \
-    "opentelemetry-sdk>=1.11.1,<2" \
-    "opentelemetry-exporter-otlp-proto-grpc>=1.11.1,<2" \
-    "opentelemetry-semantic-conventions>=0.40b0,<1" \
-    "opentelemetry-sdk-extension-aws>=2.0.0,<3"
-
-# Overlay the local SDK's pure-Python source (for unpublished contrib code)
-# TODO: Remove this step once the contrib package is published
-cp -r "$SDK_DIR/temporalio/contrib" "$SCRIPT_DIR/package/temporalio"
+# Install the published temporalio package (Linux wheels) with the OTel extras
+# needed by the lambda_worker contrib module
+uv pip install --target "$SCRIPT_DIR/package" --python-platform x86_64-unknown-linux-gnu \
+    --only-binary=:all: "temporalio[lambda-worker-otel]"
 
 # Copy application code into the package directory (all at zip root)
 cp "$SCRIPT_DIR/lambda_function.py" "$SCRIPT_DIR/workflows.py" \
diff --git a/lambda_worker/iam-role-for-temporal-lambda-invoke-test.yaml b/lambda_worker/iam-role-for-temporal-lambda-invoke-test.yaml
@@ -1,6 +1,6 @@
 # CloudFormation template for creating an IAM role that Temporal Cloud can assume to invoke Lambda functions.
 AWSTemplateFormatVersion: "2010-09-09"
-Description: Creates an IAM role that Temporal Cloud can assume to invoke Lambda functions for Serverless Workers.
+Description: Creates an IAM role that Temporal Cloud can assume to invoke multiple Lambda functions for Serverless Workers.
 
 Parameters:
   AssumeRoleExternalId:
@@ -10,11 +10,15 @@ Parameters:
     MinLength: 5
     MaxLength: 45
 
-  LambdaFunctionARN:
-    Type: String
+  LambdaFunctionARNs:
+    Type: CommaDelimitedList
     Description: >-
-      The ARN of the Lambda function to invoke
-      (e.g., arn:aws:lambda:us-west-2:123456789012:function:worker-1)
+      Comma-separated list of Lambda function ARNs to invoke (e.g.,
+      arn:aws:lambda:us-west-2:123456789012:function:worker-1,arn:aws:lambda:us-west-2:123456789012:function:worker-2)
+
+  RoleName:
+    Type: String
+    Default: "Temporal-Cloud-Serverless-Worker"
 
 Metadata:
   AWS::CloudFormation::Interface:
@@ -26,26 +30,34 @@ Metadata:
       - Label:
           default: "Lambda Configuration"
         Parameters:
-          - LambdaFunctionARN
+          - LambdaFunctionARNs
+          - RoleName
     ParameterLabels:
       AssumeRoleExternalId:
         default: "External ID (provided by Temporal Cloud)"
-      LambdaFunctionARN:
-        default: "Lambda Function ARN"
+      LambdaFunctionARNs:
+        default: "Lambda Function ARNs (comma-separated list)"
+      RoleName:
+        default: "IAM Role Name"
 
 Resources:
   TemporalCloudServerlessWorker:
     Type: AWS::IAM::Role
     Properties:
-      RoleName: !Sub
-        - "Temporal-Cloud-Serverless-Worker-${LambdaName}"
-        - LambdaName: !Select [6, !Split [":", !Ref LambdaFunctionARN]]
+      RoleName: !Sub "${RoleName}-${AWS::StackName}"
       AssumeRolePolicyDocument:
         Version: "2012-10-17"
         Statement:
           - Effect: Allow
             Principal:
-              AWS: [arn:aws:iam::031568301006:role/wci-lambda-invoke]
+              AWS:
+                [
+                  arn:aws:iam::902542641901:role/wci-lambda-invoke,
+                  arn:aws:iam::160190466495:role/wci-lambda-invoke,
+                  arn:aws:iam::819232936619:role/wci-lambda-invoke,
+                  arn:aws:iam::829909441867:role/wci-lambda-invoke,
+                  arn:aws:iam::354116250941:role/wci-lambda-invoke,
+                ]
             Action: sts:AssumeRole
             Condition:
               StringEquals:
@@ -65,9 +77,9 @@ Resources:
             Action:
               - lambda:InvokeFunction
               - lambda:GetFunction
-            Resource: [!Ref LambdaFunctionARN]
+            Resource: !Ref LambdaFunctionARNs
       Roles:
-        - !Ref TemporalCloudServerlessWorker
+        - !Sub "${RoleName}-${AWS::StackName}"
 
 Outputs:
   RoleARN:
@@ -78,8 +90,8 @@ Outputs:
 
   RoleName:
     Description: The name of the IAM role
-    Value: !Ref TemporalCloudServerlessWorker
+    Value: !Ref RoleName
 
-  LambdaFunctionARN:
-    Description: The Lambda function ARN that can be invoked
-    Value: !Ref LambdaFunctionARN
+  LambdaFunctionARNs:
+    Description: The Lambda function ARNs that can be invoked
+    Value: !Join [", ", !Ref LambdaFunctionARNs]
diff --git a/lambda_worker/mk-iam-role.sh b/lambda_worker/mk-iam-role.sh
@@ -13,5 +13,5 @@ aws cloudformation create-stack \
   --template-body file://iam-role-for-temporal-lambda-invoke-test.yaml \
   --parameters \
     ParameterKey=AssumeRoleExternalId,ParameterValue="$EXTERNAL_ID" \
-    ParameterKey=LambdaFunctionARN,ParameterValue="$LAMBDA_ARN" \
+    ParameterKey=LambdaFunctionARNs,ParameterValue="$LAMBDA_ARN" \
   --capabilities CAPABILITY_NAMED_IAM
