Merge pull request #3075 from NithinChandranR-AWS/NithinChandranR-AWS-feature-lambda-s3-files-cdk

New serverless pattern - lambda-s3-files-cdk

Author: julianwood

lambda-s3-files-cdk/.gitignore

@@ -0,0 +1,6 @@
+node_modules
+cdk.out
+*.js
+!src/**/*.js
+*.d.ts
+package-lock.json

lambda-s3-files-cdk/README.md

@@ -0,0 +1,134 @@
+# AWS Lambda with Amazon S3 Files Mount
+
+This pattern deploys an AWS Lambda function with an Amazon S3 Files file system mounted as a local directory, enabling standard file operations on S3 data without downloading objects.
+
+Learn more about this pattern at Serverless Land Patterns: https://serverlessland.com/patterns/lambda-s3-files-cdk
+
+Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example.
+
+## Requirements
+
+- [Create an AWS account](https://portal.aws.amazon.com/gp/aws/developer/registration/index.html) if you do not already have one and log in. The AWS IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources.
+- [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed and configured
+- [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+- [Node and NPM](https://nodejs.org/en/download/) installed
+- [AWS CDK](https://docs.aws.amazon.com/cdk/latest/guide/cli.html) installed
+
+## Deployment Instructions
+
+1. Create a new directory, navigate to that directory in a terminal and clone the GitHub repository:
+   ```bash
+   git clone https://github.com/aws-samples/serverless-patterns
+   ```
+2. Change directory to the pattern directory:
+   ```bash
+   cd serverless-patterns/lambda-s3-files-cdk
+   ```
+3. Install CDK dependencies:
+   ```bash
+   npm install
+   ```
+4. Deploy the stack:
+   ```bash
+   cdk deploy
+   ```
+
+## How it works
+
+[Amazon S3 Files](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-files.html) provides NFS access to S3 buckets with full POSIX semantics. This pattern mounts an S3 bucket on a Lambda function at `/mnt/s3data`.
+
+### What gets deployed
+
+| Resource | Purpose |
+|---|---|
+| S3 Bucket | Data store backing the file system |
+| VPC (2 AZs) | Network for Lambda and mount targets |
+| S3 Files FileSystem | NFS file system linked to the S3 bucket |
+| S3 Files MountTargets | Network endpoints in each private subnet |
+| S3 Files AccessPoint | Application entry point (UID/GID 1000, root `/lambda`) |
+| Security Group | Allows NFS traffic (port 2049) |
+| Lambda Function | Reads, writes, and lists files via the mount |
+
+### Architecture
+
+```
+┌──────────┐     ┌─────────────────────────────────────────┐
+│ S3 Bucket│◄───►│         S3 Files FileSystem              │
+└──────────┘     │  (auto-sync between S3 and filesystem)  │
+                 └──────────────┬────────────────────────────┘
+                                │ NFS (port 2049)
+                 ┌──────────────┴────────────────────────────┐
+                 │              VPC                           │
+                 │  ┌────────────────┐  ┌────────────────┐   │
+                 │  │  Mount Target  │  │  Mount Target  │   │
+                 │  │    (AZ-1)      │  │    (AZ-2)      │   │
+                 │  └────────────────┘  └────────────────┘   │
+                 │           ▲                                │
+                 │           │                                │
+                 │  ┌────────┴───────┐                        │
+                 │  │ Lambda Function│                        │
+                 │  │ /mnt/s3data    │                        │
+                 │  └────────────────┘                        │
+                 └────────────────────────────────────────────┘
+```
+
+### Key S3 Files concepts
+
+- **FileSystem** — A shared file system linked to your S3 bucket. Changes sync bidirectionally.
+- **MountTarget** — Network endpoint in a specific AZ. Lambda must be in the same VPC/subnet.
+- **AccessPoint** — Application-specific entry point with POSIX user identity and root directory.
+- **High-performance storage** — Actively used data cached locally for sub-millisecond latency.
+
+## Testing
+
+1. After deployment, note the `FunctionName` and `BucketName` outputs.
+
+2. **Write a file** through the Lambda mount:
+   ```bash
+   aws lambda invoke \
+     --function-name <FunctionName> \
+     --payload '{"action": "write", "filename": "hello.txt", "content": "Hello from Lambda via S3 Files!"}' \
+     --cli-binary-format raw-in-base64-out \
+     output.json
+
+   cat output.json
+   ```
+
+3. **Verify the file appeared in S3** (sync takes ~1 minute):
+   ```bash
+   aws s3 ls s3://<BucketName>/lambda/
+   ```
+
+4. **Read the file** back through Lambda:
+   ```bash
+   aws lambda invoke \
+     --function-name <FunctionName> \
+     --payload '{"action": "read", "filename": "hello.txt"}' \
+     --cli-binary-format raw-in-base64-out \
+     output.json
+
+   cat output.json
+   ```
+
+5. **List directory** contents:
+   ```bash
+   aws lambda invoke \
+     --function-name <FunctionName> \
+     --payload '{"action": "list"}' \
+     --cli-binary-format raw-in-base64-out \
+     output.json
+
+   cat output.json
+   ```
+
+## Cleanup
+
+```bash
+cdk destroy
+```
+
+---
+
+Copyright 2026 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+SPDX-License-Identifier: MIT-0

lambda-s3-files-cdk/bin/app.ts

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+import "source-map-support/register";
+import * as cdk from "aws-cdk-lib";
+import { LambdaS3FilesStack } from "../lib/lambda-s3-files-stack";
+
+const app = new cdk.App();
+new LambdaS3FilesStack(app, "LambdaS3FilesStack");

lambda-s3-files-cdk/cdk.json

@@ -0,0 +1,11 @@
+{
+  "app": "npx ts-node --prefer-ts-exts bin/app.ts",
+  "watch": {
+    "include": ["**"],
+    "exclude": ["README.md", "cdk*.json", "**/*.d.ts", "**/*.js", "node_modules", "src"]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true
+  }
+}

lambda-s3-files-cdk/example-pattern.json

@@ -0,0 +1,61 @@
+{
+  "title": "AWS Lambda with Amazon S3 Files Mount",
+  "description": "Mount an Amazon S3 bucket as a local file system on AWS Lambda using Amazon S3 Files, enabling standard file operations (read, write, list) without downloading objects.",
+  "language": "TypeScript",
+  "level": "300",
+  "framework": "AWS CDK",
+  "introBox": {
+    "headline": "How it works",
+    "text": [
+      "This pattern deploys a Lambda function with an Amazon S3 Files file system mounted at /mnt/s3data. The function performs standard file operations (read, write, list) on S3 data using the local filesystem — no S3 API calls needed.",
+      "S3 Files provides NFS access to S3 buckets with sub-millisecond latency on small files and full POSIX semantics. The pattern creates a VPC, S3 Files file system, mount targets, access point, and a Lambda function wired together.",
+      "Multiple Lambda functions can connect to the same S3 Files file system simultaneously, sharing data through a common workspace without custom synchronization logic."
+    ]
+  },
+  "gitHub": {
+    "template": {
+      "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/lambda-s3-files-cdk",
+      "templateURL": "serverless-patterns/lambda-s3-files-cdk",
+      "projectFolder": "lambda-s3-files-cdk",
+      "templateFile": "lib/lambda-s3-files-stack.ts"
+    }
+  },
+  "resources": {
+    "bullets": [
+      {
+        "text": "Amazon S3 Files Documentation",
+        "link": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-files.html"
+      },
+      {
+        "text": "Configuring Amazon S3 Files access for Lambda",
+        "link": "https://docs.aws.amazon.com/lambda/latest/dg/configuration-filesystem-s3files.html"
+      },
+      {
+        "text": "Mounting S3 file systems on Lambda functions",
+        "link": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-files-mounting-lambda.html"
+      }
+    ]
+  },
+  "deploy": {
+    "text": [
+      "cdk deploy"
+    ]
+  },
+  "testing": {
+    "text": [
+      "See the GitHub repo for detailed testing instructions."
+    ]
+  },
+  "cleanup": {
+    "text": [
+      "Delete the stack: <code>cdk destroy</code>."
+    ]
+  },
+  "authors": [
+    {
+      "name": "Nithin Chandran R",
+      "bio": "Technical Account Manager at AWS",
+      "linkedin": "nithin-chandran-r"
+    }
+  ]
+}

lambda-s3-files-cdk/lambda-s3-files-cdk.json

@@ -0,0 +1,80 @@
+{
+    "title": "AWS Lambda with Amazon S3 Files Mount",
+    "description": "Mount an Amazon S3 bucket as a local file system on AWS Lambda using Amazon S3 Files, enabling standard file operations (read, write, list) without downloading objects.",
+    "language": "TypeScript",
+    "level": "300",
+    "framework": "AWS CDK",
+    "introBox": {
+        "headline": "How it works",
+        "text": [
+            "This pattern deploys a Lambda function with an Amazon S3 Files file system mounted at /mnt/s3data. The function performs standard file operations (read, write, list) on S3 data using the local filesystem — no S3 API calls needed.",
+            "S3 Files provides NFS access to S3 buckets with sub-millisecond latency on small files and full POSIX semantics. The pattern creates a VPC, S3 Files file system, mount targets, access point, and a Lambda function wired together.",
+            "Multiple Lambda functions can connect to the same S3 Files file system simultaneously, sharing data through a common workspace without custom synchronization logic."
+        ]
+    },
+    "gitHub": {
+        "template": {
+            "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/lambda-s3-files-cdk",
+            "templateURL": "serverless-patterns/lambda-s3-files-cdk",
+            "projectFolder": "lambda-s3-files-cdk",
+            "templateFile": "lib/lambda-s3-files-stack.ts"
+        }
+    },
+    "resources": {
+        "bullets": [
+            {
+                "text": "Amazon S3 Files Documentation",
+                "link": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-files.html"
+            },
+            {
+                "text": "Configuring Amazon S3 Files access for Lambda",
+                "link": "https://docs.aws.amazon.com/lambda/latest/dg/configuration-filesystem-s3files.html"
+            },
+            {
+                "text": "Mounting S3 file systems on Lambda functions",
+                "link": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-files-mounting-lambda.html"
+            }
+        ]
+    },
+    "deploy": {
+        "text": [
+            "cdk deploy"
+        ]
+    },
+    "testing": {
+        "text": [
+            "See the GitHub repo for detailed testing instructions."
+        ]
+    },
+    "cleanup": {
+        "text": [
+            "Delete the stack: <code>cdk destroy</code>."
+        ]
+    },
+    "authors": [
+        {
+            "name": "Nithin Chandran R",
+            "bio": "Technical Account Manager at AWS",
+            "linkedin": "nithin-chandran-r"
+        }
+    ],
+    "patternArch": {
+        "icon1": {
+            "x": 20,
+            "y": 50,
+            "service": "lambda",
+            "label": "AWS Lambda"
+        },
+        "icon2": {
+            "x": 80,
+            "y": 50,
+            "service": "s3",
+            "label": "Amazon S3 Files"
+        },
+        "line1": {
+            "from": "icon1",
+            "to": "icon2",
+            "label": "read/write"
+        }
+    }
+}