API Gateway and Lambda Function: first approach - amazon-web-services

I am very new to the API Gateway and AWS Lambda and I am trying to use them in a scenario with the following elements:
a VPC with a private and a public subnet
an AMI EC2 (Free Tier) with Lamp Installed
A simple index.html page with some text (something saying "This is a test page")
What I would like to do is to be able to punch http://myprivateIp/myexample/index.hml through the use of the API gateway and Lambda as it seems to be suggested in the AWS documentation. I have, then, re-used the basic Hello World lambda example (one of the AWS blueprints) for my first lambda function and included the VPC details (with the private subnet too) as requested in the wizard. I have also created a sample API with one resource (myexample, in this case) and the Get method with the Lambda Function Integration Type and the Hello World function. As per the documentation, I have created the correct permissions (http://docs.aws.amazon.com/apigateway/latest/developerguide/create-lambda-roles.html). I have tested the GET method from my API and it correctly returns the response "Hello World" as per the AWS pre-existing blueprint. I know this might sound like a very naive question, but I am not sure whether I have really proven that I can hit my VPC? I would like to be able to return the sample text from my index.html page, for example, Is that possible? Have I misunderstood the purpose of AWS lambda in this particular scenario?
Thank you for your help,
EDIT:
So, I have put together the following in Node JS 4.3:
'use strict';
console.log('We are about to send a Get Request');
exports.handler = function(event, context, callback) {
var http = require("http")
var request = http.get("http://domain/example/index.html")
console.log('"This is my request":"' + request + '"');
callback(null, "The URL is succesfully retrieved")
};
The test runs successfully, am I right in saying that it does prove that I can hit a page running on a VPC?

You are correct - you can make an HTTP request to an endpoint in your VPC via a Lambda function as long as your Lambda function is configured to run inside the same VPC.
Thus, you can use API Gateway to call Lambda and proxy a response back from an HTTP endpoint within a VPC.
API Gateway cannot call HTTP endpoints in a VPC directly, so your current approach using Lambda is the recommended one.

You can connect your EC2 with private IP within your Lambda function. That means you can hit your VPC from your Lambda function.

Related

Using a "password" that effectively starts a lambda function that triggers an ec2 instance

So I have a lambda function that triggers an amazon ec2 instance and thanks to the api gateway I was able to create a URL for the lambda function.
How it works is that you enter the URL and the URL activates the lambda function and starts the amazon ec2 instance.
Now what I want to do is to have a "password", (or a secret), that is used to activate the lambda function and THEN start the ec2 instance. I have researched many possible solutions for this but I could not come across any.
You can pass parameters in the URL, which can be read by the API Gateway function.
You can then add logic to the function to verify the 'password' before starting the Amazon EC2 instance. This could be as simple as verifying that a specific password was provided, or it could perform more complex activities such as checking a database and decrypting an encoded password. It is up to you to write that code.
For an example, see: Pass API Gateway REST API parameters to a Lambda function or HTTP endpoint

AWS Lambda function via Function URL invoke only within VPC

I have a lambda function in AWS inside a VPC. I want to attach http handler (function URL).
The problem is, if I enable the function URL then it creates a public endpoint.
Alternatives I don't want to use
enable AWS_IAM security (then the caller will need to use AWS SKD and get token and all)
API gateway trigger (I am already using API gateway as proxy to kubernetes Ingress, I don't want to diverge that)
ALB (I am already using k8s ingress, which creates ALB, so I want the proxy to be created manually by code, not using lambda configuration)
Is there a way we can create AWS Lambda function URL but it should be accessible only within VPC without involving AWS SKD? (like wget URL)
In our org, we ended up going with an internal-only ALB and we enabled MultiValueQueryStringParameters to pass data into the Lambda function and to execute it. This is the only way I could find to provide an internal-only URL that I could further protect with a security group. I couldn't figure out how to make Lambda URLs internal-only.
I looked into this for a similar use-case, eventually I went with a direct lambda Invoke from the SDK, using the RequestResponse InvocationType to obtain the response payload. This suited my needs, but it might not suit your case.
InvokeResponse response = await lambdaClient.InvokeAsync(new InvokeRequest() {
FunctionName = "LambdaFunctionName",
InvocationType = InvocationType.RequestResponse,
Payload=data
});

API Destination [AWS - Event Bridge] could not be created for HTTPS endpoint which is within the VPC

I have a PUT API that can be accessed within the VPN. I have to invoke that API with a scheduler function. I found Event Bridge is a useful serverless resource that we can use to trigger the endpoint.
I created a connection and when I create the API Destination, The AWS Console shows the following error.
Failed to create the API Destinations. ParameterInvocationEndpoint is not valid. Reason: Endpoint 'https://test.net/events/test' is invalid. please provide a valid HTTPS endpoint URL
My PUT API is working, I confirmed with the postman.
Can anyone assist me to identify the issue to create the API Destination?
EventBridge doesn't run inside your VPC. It doesn't have access to your private VPC resources. The solution is to have EventBridge trigger the invocation of an AWS Lambda function that is configured to run inside your VPC, and then make your API call via the Lambda function.

Can we build Bot using AWS lex with out AWS Lambda Service

I am interested in building bot using AWS Lex but I don't want to use the AWS Lambda for interacting With DB for fetching results,
For Example. If we Ask, "Can you show me the sales for the last month" I want the bot to respond with an Answer " Sales for the last month $1.2 Million"; the Simplest way to achieve this to write an AWS Lambda function to get the details, but can we use an API Endpoint of a web app hosted on Ec2 Instance or AWS ELB
Any thoughts on this?
Surya
Unfortunately no, you cannot use any form of integration for a Lex bot without going through Lambda. You can build Lex bots without Lambda, but they are only able to give static responses and can't call outside of the Lex service.
You can still use your own API endpoint by going via Lambda. Remember that if the resource your calling is in an AWS VPC but not publicly available, you'll need to add extra config for the Lambda to access it. Example of config required for Lambda to call a private AWS endpoint can be see here: AWS: Lambda function cannot call rest api using private API of EC2 instance.
From the Lex FAQs:
Q. How is an action fulfilled?
Amazon Lex integrates with AWS Lambda for ‘fulfillment’ of the action
or business logic. Alternately, you can configure Amazon Lex to return
parsed intent and slot values to the client for action fulfillment.

AWS Lambda http, where do I find the URL?

I am fairly new to AWS Lambda but sure can see the benefits of it and stumbled upon the superb framework Serverless to help me built solutions on Lambda.
I started out building solutions using AWS API Gateway but really need "internal" VPC API's and not public Internet facing API's like API GW creates.
I found that Servless indeed can expose a HTTP endpoint but I can't figure out how this is done and how the URL is created.
When I deploy the Lambda from Serverless it gives me the URL, e.g.:
https://uxezd6ry8z.execute-api.eu-west-1.amazonaws.com/dev/ping
I would like to be able to find (or create) this same http listener for already existing Lambdas so my question is how is the URL created and where is teh actual HTTP listener deployed?
You might be looking for the invoke url,
1. go to https://console.aws.amazon.com/apigateway
2. select api link (which you have deployed on aws lambda).
3. select stages in left side panel and
see the invoke url.
Adding a http listener can be done by going to your lambda function, selecting the 'triggers' tab and 'add trigger', finally selecting API Gateway - but as others mentioned this does create a public facing url.
Duh, I was in the wrong AWS logon previously so the API GW was not showing any matching Serverless API and that was why I couldn't understand how they did it...
Once I logged into the AWS account that hosts the Serverless structure I can see the API GW GET API's for the Serverless HTTP listener.