When building serverless applications on AWS, AWS Lambda is often the go-to solution for running code without provisioning or managing servers. Traditionally, AWS API Gateway has been used to expose Lambda functions as RESTful APIs. However, AWS introduced Lambda Function URLs, a simpler way to invoke Lambda functions via HTTPS without the overhead of configuring an API Gateway. In this post, we'll explore how to use Lambda Function URLs to handle different HTTP methods—GET, POST, PUT, and DELETE—while incorporating security authentication.
What are Lambda Function URLs?
Lambda Function URLs provide a dedicated HTTP(S) endpoint for your Lambda function. This feature is particularly useful for single-function microservices, lightweight APIs, or when you need to expose a Lambda function to the public with minimal setup.
Setting Up a Lambda Function URL
First, let's create a Lambda function and configure its URL. You can do this via the AWS Management Console, AWS CLI, or Infrastructure as Code (IaC) tools like AWS CloudFormation or Terraform.
-
Create a Lambda Function:
- Go to the AWS Lambda console.
- Click on "Create function."
- Choose the "Author from scratch" option.
- Define your function name, runtime, and execution role.
- Write your function code or upload a deployment package.
-
Create a Function URL:
- Under your function’s configuration, select the “Function URL” tab.
- Click on “Create Function URL.”
- Choose the authorization type (e.g.,
AWS_IAM
for authenticated access orNONE
for public access). - Click "Create Function URL."
-
Secure Your Function URL:
- You can use AWS IAM for authentication by selecting
AWS_IAM
as the authorization type. - Create IAM roles or policies to control which users or services can invoke the function via the URL.
- Optionally, you can implement custom authorization logic within the function itself to further restrict access.
- You can use AWS IAM for authentication by selecting
Handling Different HTTP Methods
Lambda functions triggered by Function URLs can handle multiple HTTP methods—GET, POST, PUT, and DELETE—within a single function. Here’s a simple example of how to implement this:
import json
def lambda_handler(event, context):
# Determine the HTTP method
http_method = event['httpMethod']
if http_method == 'GET':
return handle_get(event)
elif http_method == 'POST':
return handle_post(event)
elif http_method == 'PUT':
return handle_put(event)
elif http_method == 'DELETE':
return handle_delete(event)
else:
return {
'statusCode': 405,
'body': json.dumps({'message': 'Method Not Allowed'})
}
def handle_get(event):
# Handle GET request logic
return {
'statusCode': 200,
'body': json.dumps({'message': 'GET request received'})
}
def handle_post(event):
# Handle POST request logic
return {
'statusCode': 200,
'body': json.dumps({'message': 'POST request received'})
}
def handle_put(event):
# Handle PUT request logic
return {
'statusCode': 200,
'body': json.dumps({'message': 'PUT request received'})
}
def handle_delete(event):
# Handle DELETE request logic
return {
'statusCode': 200,
'body': json.dumps({'message': 'DELETE request received'})
}
Example of Securing the Function URL with IAM Authentication
If you opted to use AWS_IAM
for securing your function URL, clients will need to sign requests using AWS SigV4 (Signature Version 4). Here’s a brief overview of how to make authenticated requests:
- Create an IAM User/Role with appropriate permissions to invoke the Lambda function.
- Sign the Request: Use AWS SDKs, CLI, or tools like Postman (with AWS IAM authentication) to sign the HTTP requests.
- Invoke the Function URL: Ensure the signed request contains valid credentials; otherwise, the request will be denied.
For example, with the AWS CLI:
aws lambda invoke-url https://<your-function-url-id>.lambda-url.<region>.on.aws/<your-path> \
--http-method POST \
--body '{ "key": "value" }' \
--region <region> \
--profile <aws-profile>
Conclusion
AWS Lambda Function URLs offer a streamlined way to expose Lambda functions via HTTP without the need for an API Gateway. By handling different HTTP methods (GET, POST, PUT, DELETE) within the Lambda function and securing access with AWS IAM, you can build lightweight, secure APIs quickly. Whether you’re developing a simple microservice or a more complex application, Lambda Function URLs are a powerful addition to your AWS toolkit.
Top comments (0)