In this article, we will explore how to access an AWS Lambda URL endpoint with AWS IAM authentication. AWS recently introduced the capability to access AWS Lambda functions via a URL endpoint, providing a new way to interact with serverless applications and APIs. We’ll focus on AWS IAM (Identity and Access Management) authentication, a highly secure method for accessing Lambda functions.
Accessing AWS Lambda URL Endpoint:
Previously, when working with serverless applications, we had to route traffic through an API Gateway to access Lambda functions. Now, AWS has streamlined this process by allowing direct access to Lambda functions through URL endpoints. There are two authentication methods for securing these endpoints:
- No Authentication: If you want to allow wide access to your Lambda function without any authentication, you can choose the “none” option. However, this approach may not be suitable for all scenarios.
- AWS IAM Authentication: AWS Identity and Access Management (IAM) offers a more secure authentication method. In this article, we’ll focus on accessing Lambda functions using AWS IAM authentication.
Hands-On Section:
In this hands-on section, we’ll walk through the process of accessing an AWS Lambda function with AWS IAM authentication using Postman.
Prerequisites:
- AWS CLI installed and configured
- Postman installed
Step 1: Create an AWS Lambda Function
- Access your AWS account and navigate to the Lambda service.
- Create a new Lambda function. You can configure it with a basic runtime (e.g., Python 3.8) and an execution role.
Step 2: Enable the Function URL
- Expand the “Advanced settings” for your Lambda function.
-
Enable the “Function URL” feature.
Copy the URL of Lambda function.
Step 3: Configure AWS IAM Authentication
- In the “Authentication type” section, select “AWS IAM.”
- Configure the required permissions for AWS IAM to access the Lambda function.
On the Configuration tab of Lambda function you can find the URL of function. Click on this URL you will see a screen that display a message that you are forbidden to access this URL>
Click on the Permission on the left sidebar
scroll down and hit the button “Add permission”
Fulfill the form
Now you can see it on the Lambda function console
Step 4: Create a Postman Request
- Open Postman.
- Set the request type to “GET.”
- In the request URL, paste the AWS Lambda function’s URL endpoint.
Step 5: Configure AWS Signature Authorization in Postman
- Under the “Authorization” tab in Postman, select “AWS Signature” as the authorization type.
- Set the “Header” type to “Request headers.”
- Add a request header with the key “Content-Type” and the value “application/json.”
Step 6: Generate Temporary AWS Access Keys and Token
- Use the AWS CLI to generate temporary AWS access keys and a token:
aws configure
- Enter your AWS Access Key ID and Secret Access Key.
- Run the following command to get a temporary session token (replace the duration as needed):
aws sts get-session-token --duration-seconds 900
Step 7: Configure Postman with Temporary Credentials
- In Postman, fill in the following fields:
- AWS Region: The AWS region where your Lambda function is located (e.g., us-east-1).
- Service Name: “lambda.”
- Session Token: Use the temporary session token generated in Step 6.
- Access Key: Use the temporary access key generated in Step 6.
- Secret Key: Use the temporary secret key generated in Step 6.
Step 8: Send the Postman Request
- Click the “Send” button in Postman.
- You should receive a response from the Lambda function, which will include the expected output, such as “Hello from your Lambda function.”
Conclusion:
In this hands-on section, we demonstrated how to access an AWS Lambda function with AWS IAM authentication using Postman. This method provides a secure way to communicate with your Lambda functions via URL endpoints. In the next article, we will explore programmatic approaches for accessing AWS Lambda functions, allowing you to incorporate these techniques into your applications. Stay tuned for more AWS tutorials and tips.