Does AWS Lambda Encrypt In-Flight Requests? - amazon-web-services

I originally asked this question here: https://forums.aws.amazon.com/message.jspa?messageID=769734#769734
However I haven't seen any activity on it of any kind I hope I have more success here.
Do my requests going to and coming from Lambda functions get encrypted? Basically my json input that is passed to the Lambda event, should I worry about this information being sent as plain text?
Main Purpose:
EC2 instances are the main ones that will be calling this function. However, this lambda does not reside in the same VPC as the instance. The lambda will be returning data as part of a "RequestResponse" call. The return of the lambda will be stored on the EC2 instance.

If you are triggering AWS Lambda functions via AWS API calls, then the requests are send to a HTTPS endpoint.
See: AWS Lambda Endpoints (Notice that protocol is HTTPS)
HTTPS encrypts your request and the response, so your data is encrypted in transit.
The AWS Command-Line Interface (CLI) is a Python app that uses the AWS SDK for Python (boto3) that in-turn calls the AWS API endpoints, so requests from the AWS CLI are also encrypted.

Related

AWS API Gateway + SQS with more than 256KB of data

I am integrating AWS API Gateway with AWS SQS.
What would happen if API Gateway receives a payload > 256KB? Can I divert it to S3 somehow?
In this use case, you probably want to use a lambda proxy integration with API gateway.
So, your API Gateway endpoint sends the payload to a lambda function.
The lambda function works out the size of the payload. If it is <256KB you may want to place his onto the queue in SQS via the lambda.
If it is >256kb then you could write this down to s3 via the lambda, and then place a message into your queue with the s3 details. Your worker can then use the message in the queue to grab the data in s3 and process it from there.
Note there is a 10MB payload limit for API Gateway.
AWS provide the following guide on Lambda Proxy Integration with API Gateway.
https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-lambda-proxy-integrations.html

Creating AWS Lambda Triggers Programmatically

I have an AWS Lambda function that takes in and processes logs from CloudWatch Logs that are sent to specific log groups. The thing is, I may need to add more triggers as more log groups are created. The only way I have found to create a trigger for a specific log group is to use the AWS Lambda console and the AWS CloudFront console. Is it possible to create a trigger for an AWS Lambda function programmatically? For instance, in some Java code?
Yes, one of the common ways of triggering server-less functions is using endpoints. I believe you can expose an API endpoint from the Function's console using a an API Gateway, and call this endpoint URL from your java code or whatever programmatic entity you wish.

Can I call AWS Lambda directly without Gateway API?

I am developing a simple Lambda function on AWS to get and put data into Dynamo DB. I wanted to call this function from the Windows Client desktop application. My question is, do I really need AWS Gateway API here or can I call the lambda function directly using AWS SDK?
You can use invoke() to directly execute an AWS Lambda function from an AWS SDK. You can also pass it a payload, which will be accessible within the function.
Here is a syntax example in Python:
response = client.invoke(
ClientContext='MyApp',
FunctionName='MyFunction',
InvocationType='Event',
LogType='Tail',
Payload='fileb://file-path/input.json',
Qualifier='1',
)
You need API Gateway if you want to create REST APIs that mobile and web applications can use to call publicly available AWS services (through code running in AWS Lambda).
You can synchronous invoke your Lambda functions. This can be accomplished through a variety of options, including using the CLI or any of the supported SDKs. Note the invocation-type should be RequestResponse aws blog
bash command using aws cli
aws lambda invoke —function-name MyLambdaFunction —invocation-type RequestResponse —payload “JSON string here”
sdk python call. configuration
invoke_resp = LAMBDA_CLIENT.invoke(
FunctionName='function_name',
InvocationType='RequestResponse',
Payload='payload')
If you want to invoke the lambda asynchronous Invocation-type flag should be Event
aws lambda invoke —function-name MyLambdaFunction —invocation-type Event —payload “JSON string here”
I don't have much information from your use case. I have to assume something here.
You don't need to wait for the response back from Lambda
So you can use async call through SNS or SQS and then put your Lambda subscribed for either SNS or SQS. You can research more to choose between SNS and SQS, depends on your use case
If you need to wait for the response back from Lambda
If you want to share the Lambda's feature outside your organization, you can use API Gateway to do so, it means you still keep Lambda inside but expose an API through API Gateway to outside for usage.
If you don't want to share the Lambda's feature outside, like previous answers, you can use invoke command/sdk to achieve the result.
If I have more information from your use case, maybe the answer can be more accurate.

Can we build Bot using AWS lex with out AWS Lambda Service

I am interested in building bot using AWS Lex but I don't want to use the AWS Lambda for interacting With DB for fetching results,
For Example. If we Ask, "Can you show me the sales for the last month" I want the bot to respond with an Answer " Sales for the last month $1.2 Million"; the Simplest way to achieve this to write an AWS Lambda function to get the details, but can we use an API Endpoint of a web app hosted on Ec2 Instance or AWS ELB
Any thoughts on this?
Surya
Unfortunately no, you cannot use any form of integration for a Lex bot without going through Lambda. You can build Lex bots without Lambda, but they are only able to give static responses and can't call outside of the Lex service.
You can still use your own API endpoint by going via Lambda. Remember that if the resource your calling is in an AWS VPC but not publicly available, you'll need to add extra config for the Lambda to access it. Example of config required for Lambda to call a private AWS endpoint can be see here: AWS: Lambda function cannot call rest api using private API of EC2 instance.
From the Lex FAQs:
Q. How is an action fulfilled?
Amazon Lex integrates with AWS Lambda for ‘fulfillment’ of the action
or business logic. Alternately, you can configure Amazon Lex to return
parsed intent and slot values to the client for action fulfillment.

How to diagnose AWS API Gateway errors when there is no logging client-side

I created an API with AWS API Gateway. This API provides a method that calls an AWS Lambda function. When I call this API method manually using a REST client, it works properly, and the Lambda function is called.
I also have a device that periodically pushes some data to a server via HTTP(S). When configured to push data to a HTTPS server running on an EC2 instance, it works properly. But when I configure the device to push data to API Gateway, the Lambda function is never called.
I tried sniffing the traffic via WireShark, and I can see that requests are indeed sent by the device and that the API responds, but I can't view the contents of the requests and responses since they are encrypted. My guess is that API Gateway returns somme kind of error that prevents the Lambda to be called. Unfortunately, the device does not provide any logs. Is there any way on AWS side to see what is going on?
Enable CloudWatch Logs for API Gateway: https://aws.amazon.com/premiumsupport/knowledge-center/api-gateway-cloudwatch-logs/