I have a AWS setup containing an api gateway resource and a lambda function.
I need to determine in lambda function if request is coming from direct invocation or through api gateway invocation.
How would this be possible?
For now I tried to find something suitable on google, but without success unfortunatly.
I'm sure you've noticed that a new Lambda function is declared as follows:
exports.handler = (event, context, callback) => {
// Your code goes here
}
The event object here contains information regarding the invocation of your Lambda Function. For example, if your lambda is triggered by an upload to S3 this will contain information about the object being uploaded for example or in your case, it will contain API Gateway information.
See more documentation on AWS Lambda's integration with other services here.
Related
I am calling a lambda function from my API Gateway with Lambda proxy integration enabled. But when I am receive the event object in the function it is an empty object i.e. '{}'. I have tested the function with a test input available on AWS Console with dummy request object and it works fine. I am using AWS Cognito Pool as authorizer for the API Gateway Method.
In the function I have made an object that returns me dummy data and event object itself. When I hit the API from Postman or my frontend application it returns me with the dummy data and the event object is empty.
I have looked at the following Stackoverflow questions but to no avail.
Event Object is empty in AWS Lambda nodejs function
Passing event from API gateway to Lambda
Event object is empty in api gateway call to lambda
Api Gateway sends empty parameters to AWS lambda
Lambda event returns empty object
This is a small thing and is really hindering my progress. Would really appreciate any help.
Just made whole another Lambda and API Gateway setup and it worked. Must have been bad API Gateway configuration
Im assuming lambda is like the missing piece of the puzzle for a complete api request. So you create the apigateway and then write the lambda function which bridges the gap between taking a request and returning the output of the lambda function as the http response.
I've successfully followed guides on how to set up an API gateway that triggers AWS lambda to do something, but I still don't really understand what is being done.
How is the function def handler(event, context): being called by the aws apigateway? How does it get triggered and how is the output of handler sent back?
You do not need a Lambda "in the middle". Using Lambda Proxy integration in the API Gateway you can receive the full information about the request (endpoint URL, query parameters, etc) in your targeted Lambda event.
Have a look at the following Tutorial how to setup Lambda Proxy integration with API Gateway.
The tricky thing you should care about is the structure of the response that you will return from your lambda_handler. See the requirements here.
Answering the question of "how this happens"... In short, when an HTTP request comes to your API endpoint it is automatically routed to the mapped Lambda function. Behind the scenes a new container for the Function is spawned and your request comes to the event of the lambda_handler. API Gateway by default also creates a CloudFront distribution in front of itself to serve your requests more efficiently. Once your Lambda returns the response, API Gateway parses it and constructs the HTTP response out of it. The nice thing is that all of this is managed by AWS.
I have been putting together and deploying Lambda functions using Apex and the functions, where I have been using GET method through AWS API Gateway are working fine.
I now need to create an API to call into a Lambda function using POST and pass in a JSON object. To get the basics of POST working I created a simple Lambda function that just does the following
console.log("!!!!!!! Received request");
callback(null, {data: "Success"});
return;
When I call this Lambda function using a GET method from API Gateway and test the API, it works fine - the API Gateway Test mechanism gives the "success" message while "Received Request" is logged in a successful call in CloudWatch.
However when I use the POST request to call the same Lambda function from API Gateway I get the following
"message": "Internal server error"
And I also see "Execution failed due to configuration error: Invalid permissions on Lambda function"
So what I am wondering is whether the role by which Lambda functions are called require any additional privileges when that function is invoked through a POST method. If so what is that privilege that I need to assign to the role being used?
Thanks,
Sanjay.
If you want to call POST method through API gateway level, that post method you have to deploy. Go to AWS API Gateway console. then select your POST API name and on the top of the grid (screen) you will find a drop down called Actions, there one option called deploy. That you have to select then only your POST API will work.
API Gateway needs permissions to invoke your Lambda function. It prompts you to add the permission automatically if you configure your API via the web console, and the Lambda function is not specified with a stage variable.
So if you're using a tool like CloudFormation or Swagger import to create or update your APIs, or the Lambda function is specified with a stage variable, you'll need issue a aws lambda add-permission command manually to set the permission.
See these posts for more details:
Lambda function -> Api Gateway stage variable permission manually
AWS API Gatewat with proxy Lambda: Invalid permissions on Lambda function
I have a lambda function that I'd like to trigger via HTTP request.
When I click add trigger to a lambda function, I get an API Gateway API set up with:
method: ANY
Great. Now, when viewing this lambda function, I see a trigger has been configured.
However, I would like to restrict the trigger to only allow POST requests.
So I deleted the API Gateway method ANY, and created a new method POST, under the same resource, using an integration type of Lambda Function. I select my region, and sure enough, my existing lambda function is autocompleted.
However, when I view the triggers tab on the lambda function itself, it shows that there are no triggers.
What am I missing?
If you need flexible control of the API, I would suggest to use the API Gateway console to mange your API. Lambda triggers should only be used for simple use-cases - API methods configured through API Gateway will not show up in the Lambda triggers list.
According to Amazon's documentation, step function can be invoked using HTTP API.
Step Functions can be accessed and used with the Step Functions
console, the AWS SDKs, or an HTTP API.
I tried to search the detailed information, but can't seem to find any good ones. Does anyone know how to invoke AWS step function using API gateway, similar to the way it invokes Lambda functions?
If you need to call StepFunction from API Gateway, it's now possible and described well in docs: https://docs.aws.amazon.com/step-functions/latest/dg/tutorial-api-gateway.html
For Integration Type, choose AWS Service
For AWS Service, choose Step Functions from the list
For HTTP Method, choose POST from the list
For Action Type, choose Use action name
For Action, type StartExecution
For Execution Role, type ARN of role with API Gateway trusted identity provider and attached policy AWSStepFunctionsFullAccess
This is not the "official" AWS way -- see Erndob's answer for that.
The problem with the AWS way (sign each request with AWS credentials) is that most enterprises already have mature methods in place to manage authentication and authorization via their API gateways and (speaking as an enterpise architect) do not want to deal with the headache of duplicating this at the AWS-credential-level.
I'm sure that AWS will eventually integrate Step Functions with API Gateway but as of this writing (1/17) this is probably the simplest way to get the job done. Below is a trivial Lambda proxy function I wrote to leverage the SDK's ability to sign the requests:
'use strict';
const AWS = require('aws-sdk');
const stepfunctions = new AWS.StepFunctions();
exports.handler = (event, context, callback) => {
if(!event && event.action)
callback("Error: 'action' is required.");
if(!event && event.params)
callback("Error: 'params' is required.");
stepfunctions[event.action](event.params, function (err, data) {
if (err)
console.log(err, err.stack);
callback(err, data);
});
};
You will need to grant your Lambda privs to interact with your Step Functions. To give it full access to all operations create a new role and attach the following policies:
AWSLambdaBasicExecutionRole
AWSStepFunctionsFullAccess
Now configure the Lambda to be invoked via API gateway as normal, passing in an event with two properties:
action (the Step Functions method name, like "startExecution")
params (the params needed for that method. Ref here: http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/StepFunctions.html)
And be sure to lock your API down! :-)
It's using HTTP API, not API Gateway.
Step function endpoints follow this format:
https://states.${region}.amazonaws.com
for example:
https://states.us-east-1.amazonaws.com
And you use HTTP API (again, not API gateway) to make actions on your states.
More about HTTP API here:
http://docs.aws.amazon.com/step-functions/latest/apireference/Welcome.html
Technically you could use API gateway, to redirect to step functions API but there's not much point in that.
I recently posted an example code that make it work using CloudFormation and OpenApi on https://stackoverflow.com/a/59326771/6697093.