I have a hard time finding information related to this.
I have a API Gateway in AWS with a method that is tied to a lambda through
Integration type: Lambda Function
. Is the traffic between the API gateway and the lambda secured?
Cheers,
Rasmus
Related
I'm trying to build a schedule in AWS EventBridge that is going to invoke an API Gateway endpoint on a specific rate. However, I'm not able to specify the API Gateway endpoint when creating the schedule. I couldn't find examples in the documentation about the JSON body that I need to provide to specify the API Gateway ARN, endpoint and headers.
Follow AWS EventBridge documentation: https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-api-gateway-target.html
I have a vue.js/aws-nodejs/mongodb-atlas website.
To lock things down better, I'm switching the mongodb-atlas database to VPC peering with lambda. That works just fine. But the other aws services now are giving me problems. They tend to just hang and never return.
I understand that I should use vpc endpoints specific to the aws services to make them work, but they are not consistently working or do not exist. Here's what I have:
lambda -> aws secret manager using secretmanager endpoint: works fine
lambda -> invoking other lamdas using lambda endpoint: works fine
lambda -> s3 does not work with interface endpoint, but does work with gateway endpoint.
lambda -> aws ses using smtp-email endpoint: hangs
lambda -> aws cognito admin functions (such as adminCreateUser), cannot find a cognito endpoint type: hangs
I have created a separate, non-vpc lambda that calls the SES api. My vpc lambda invokes this non-vpc lambda with parameters to send email.
This does work, but seems kludgey. My old non-vpc code worked fine. Before calling ses or doing anything dangerous, I checked custom permissions in my database. But this new non-vpc lambda does not have access to the database and therefore is missing this check close to the api call. This non-vpc lambda feels like potential weapon of mass destruction.
Apparently, I could use a NAT gateway. But a NAT gateway is expensive, especially if I want redundancy. And using the public internet defeats the purpose of using a vpc in the first place.
Why is the smtp-email endpoint not working while secretmanager and lambda endpoints do work?
How can I call cognito admin functions from a vpc-based lambda if there is no cognito endpoint type?
If there is no available endpoint type for a specific aws service (such as cognito), does that mean a NAT gateway is required?
Are lambda functions without an apig interface safe from being invoked by hackers over the internet?
Is using a non-vpc lambda to access aws services from a vpc lambda actually a good idea?
Should I just use a NAT gateway?
I am integrating AWS API Gateway with AWS SQS.
What would happen if API Gateway receives a payload > 256KB? Can I divert it to S3 somehow?
In this use case, you probably want to use a lambda proxy integration with API gateway.
So, your API Gateway endpoint sends the payload to a lambda function.
The lambda function works out the size of the payload. If it is <256KB you may want to place his onto the queue in SQS via the lambda.
If it is >256kb then you could write this down to s3 via the lambda, and then place a message into your queue with the s3 details. Your worker can then use the message in the queue to grab the data in s3 and process it from there.
Note there is a 10MB payload limit for API Gateway.
AWS provide the following guide on Lambda Proxy Integration with API Gateway.
https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-lambda-proxy-integrations.html
I have a aws dyanmodb on my cloud account, which is queried by a lambda triggered by api gateway.
Now i want to have a simple flask application that sends requests via apigateway rather than postman. Can anyone help with the code.
api gateway endpoint: https://3omrrlu81m.execute-api.us-east-1.amazonaws.com/default
This is a simple application for a larger application
please help.
Thanking You.
On my current project we configured forwarding of Cloudwatch alarms to Slack channel. For that we use AWS SNS topic + API Gateway which is subscribed on that topic and forwarded alarms to Slack webhook.
The issue I'm trying to solve - currently the REST resource of the mentioned API Gateway is public (it don't require any auth and is available from Internet). How can I configure API Gateway that it could be available only as SNS subscription endpoint?
You need to create the API gateway with the Endpoint type : Private
And you need to create a VPC end point for SNS to access the end point internally.
More Info: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-vpc-endpoint-policies.html