When working with Service-Oriented Architecture (SOA) systems, you may need an internal API for communication between services. A common approach is to use AWS Lambda alongside an API Gateway. However, for internal APIs, there’s a simpler and more efficient option: invoke AWS Lambda directly.

Why Invoke AWS Lambda Directly?

1. Built-in Authentication with IAM
   AWS Lambda natively integrates with AWS Identity and Access Management (IAM), allowing you to secure access to your internal API without additional layers of authentication.

2. Simpler Configuration & Overall Architecture
   Direct Lambda invocation eliminates the need to configure API Gateways, custom headers, or complex server setups. It’s a lightweight solution tailored for internal use cases.

Example: Adding Two Numbers with AWS Lambda

Step 1: Create the Lambda Function

Let’s start by creating a simple Lambda function in Python that adds two numbers. Here’s the code:

def lambda_handler(event, context):

    if 'number1' not in event:
        return {'status':'error','msg':"Number1 is missing"}

    if 'number2' not in event:
        return {'status':'error','msg':"Number1 is missing"}

    result = int(event['number1']) + int(event['number2'])

    return {"status":"success","result":result}

Here’s an improved and polished version of your document:
Simplifying Internal APIs with Direct AWS Lambda Invocation

When working with Service-Oriented Architecture (SOA) systems, you may need an internal API for communication between services. A common approach is to use AWS Lambda alongside an API Gateway. However, for internal APIs, there’s a simpler and more efficient option: invoke AWS Lambda directly.
Why Invoke AWS Lambda Directly?

Built-in Authentication with IAM
AWS Lambda natively integrates with AWS Identity and Access Management (IAM), allowing you to secure access to your internal API without additional layers of authentication.

Simpler Configuration
Direct Lambda invocation eliminates the need to configure API Gateways, custom headers, or complex server setups. It’s a lightweight solution tailored for internal use cases.

Example: Adding Two Numbers with AWS Lambda
Step 1: Create the Lambda Function

Let’s start by creating a simple Lambda function in Python that adds two numbers. Here’s the code:

def lambda_handler(event, context):
if 'number1' not in event:
return {'status': 'error', 'msg': "Number1 is missing"}
if 'number2' not in event:
return {'status': 'error', 'msg': "Number2 is missing"}

result = int(event['number1']) + int(event['number2'])
return {"status": "success", "result": result}

This Lambda function:

• Validates input to ensure both number1 and number2 are provided.
• Adds the two numbers and returns the result in a as a dict.

The input provided that our apps consuming the API is provided directly into the event. No fancy objects here just plain dict, no POST, Not GET no headers whatsoever. As mentioned above, the access is defined by IAM itself.

Running Locally with AWS SAM

To test the Lambda function locally, use AWS Serverless Application Model (SAM). Here’s a sample SAM template:

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
  Dummy Lambda that adds 2 numbers

# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
  Function:
    Timeout: 3
    MemorySize: 128

Resources:
  AddTwoNumbersFunction:
    Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
    Properties:
      CodeUri: hello_world/
      Handler: app.lambda_handler
      Runtime: python3.10
      Architectures:
        - x86_64

Step 2: Invoke the Lambda Function Directly (PHP Example)

We can run our lambda via this script

<?php

require 'vendor/autoload.php'; // Autoload the AWS SDK

use Aws\Lambda\LambdaClient;

try {

    // Define the custom endpoint, ommit upon production
    $customEndpoint = 'http://172.17.0.1:3001';

    // Create a Lambda client with a custom endpoint
    $lambda = new LambdaClient([
        'region' => 'us-east-1', // Replace with your Lambda's region
        'version' => 'latest',
        'endpoint' => $customEndpoint,
        // Dummy keys work upon SAM but in realyty you mau need to provide your own
        'credentials' => [
            'key'    => 'your-access-key-id',
            'secret' => 'your-secret-access-key',
        ],
    ]);

    // Define the payload to send to the Lambda function
    $payload = json_encode([
        'number1' => 1,
        'number2' => 2,
    ]);

    // Invoke the Lambda function
    $result = $lambda->invoke([
        'FunctionName' => 'AddTwoNumbersFunction', // Replace with your Lambda's name
        'InvocationType' => 'RequestResponse', // Options: 'Event', 'RequestResponse', 'DryRun'
        'Payload' => $payload,
    ]);

    // Print the response from Lambda
    $responsePayload = $result->get('Payload');
    echo "Response from Lambda: ". PHP_EOL;
    var_dump(json_decode($responsePayload));

} catch (Exception $e) {
    // Handle exceptions
    echo "Error: " . $e->getMessage() . PHP_EOL;
    echo $e->getTraceAsString();
}

As you can see, The lambda input is encoded as json string the number1 and number2 parameters. (Code from example above)

 $payload = json_encode([
        'number1' => 1,
        'number2' => 2,
    ]);

The parameters must be as a json string and not as an array. The rersults can also be decoded as Json, only if lambda returns a dict, or in case of a Javascript lamdas an object.

The return value is always a string and must be decoded intot he desired form.

Production Considerations

AWS Cli confiuguration upon PHP script

If php script was deployed upon production, or script was invoking a deployed lambda on AWS itself, the client should be configured without the endpoint setting:

$lambda = new LambdaClient([
        'region' => 'us-east-1', // Replace with your Lambda's region
        'version' => 'latest',
        // Dummy keys work upon SAM but in realyty you mau need to provide your own
        'credentials' => [
            'key'    => 'your-access-key-id',
            'secret' => 'your-secret-access-key',
        ],
    ]);

Of course place key and secret with keys that are configured upon AWS IAM.

IAM Role Configuration

The invoking script requires IAM permissions to access the Lambda function. Use the following IAM policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "lambda:InvokeFunctionUrl",
            "Resource": "arn:aws:lambda:eu-west-1:XXXXXX:function:AddTwoNumbersFunction"
        }
    ]
}

Replace:

• XXXXXX with your AWS account ID.
• AddTwoNumbersFunction with your Lambda function’s name.

The permission that policy should have is the lambda:InvokeFunctionUrl one. You can use the graphical permission editor and placing the lambda's ARN at Resource section mentioned in policy above.

Conclusion

Directly invoking AWS Lambda simplifies internal API setups. By leveraging IAM for authentication and removing unnecessary middleware, this approach is both efficient and easy to implement. Whether you’re building microservices or handling internal tasks, this method can save time and effort.