AWS Lambda function URL with example

Hello Everyone

Welcome to CloudAffaire and this is Debjeet.

Today we will discuss what is AWS Lambda Function URL and how to create an AWS Lambda Function URL with example.

What is Lambda function URL?

A function URL is a dedicated HTTP(S) endpoint for your Lambda function. You can create and configure a function URL through the Lambda console or the Lambda API. When you create a function URL, Lambda automatically generates a unique URL endpoint for you. Function URL endpoints have the following format:

https://<url-id>.lambda-url.<region>.on.aws

Lambda generates the <url-id> portion of the endpoint based on a number of factors, including your AWS account ID. Because this process is deterministic, it may be possible for anyone to retrieve your account ID from the <url-id>.

Function URLs are dual stack-enabled, supporting IPv4 and IPv6. After you configure a function URL for your function, you can invoke your function through its HTTP(S) endpoint via a web browser, curl, Postman, or any HTTP client. Lambda function URLs use resource-based policies for security and access control. Function URLs also support cross-origin resource sharing (CORS) configuration options.

You can apply function URLs to any function alias, or to the $LATEST unpublished function version. You can’t add a function URL to any other function version.

Lambda Function URL security:

You can control access to your Lambda function URLs using the AuthType parameter combined with resource-based policies attached to your specific function. The configuration of these two components determines who can invoke or perform other administrative actions on your function URL.

The AuthType parameter determines how Lambda authenticates or authorizes requests to your function URL. When you configure your function URL, you must specify one of the following AuthType options:

AWS_IAM: Lambda uses AWS Identity and Access Management (IAM) to authenticate and authorize requests based on the IAM principal’s identity policy and the function’s resource-based policy. Choose this option if you want only authenticated IAM users and roles to invoke your function via the function URL.

NONE: Lambda doesn’t perform any authentication before invoking your function. However, your function’s resource-based policy is always in effect and must grant public access before your function URL can receive requests. Choose this option to allow public, unauthenticated access to your function URL.

In addition to AuthType, you can also use resource-based policies to grant permissions to other AWS accounts to invoke your function.

Next, we will create a lambda function with URL.

How to create an AWS Lambda function URL?

Prerequisites:

AWS CLI installed and configured.

Step 1: Create a file containing the lambda function code.

Step 2: Zip the lambda function file.

Step 3: Create a trust policy definition file for the lambda IAM role.

Step 4: Create an IAM role that will be assumed by the lambda function.

Step 5: Create an IAM policy definition file for the lambda IAM role.

Step 6: Create an IAM policy for the lambda role.

Step 7: Attach the IAM policy to the lambda IAM role.

Step 8: Create the lambda function.

Step 9: Create the Lambda function URL using AWS CLI.

Note: If you get an error, you need to update your AWS CLI version.

Warning: We have defined “auth-type” as “NONE”, which allows anyone (public) who knows the endpoint URL to trigger the lambda function using the endpoint. Hence do not share the URL with anyone or set up monitoring on the lambda execution.

Step 10: Get the lambda function URL endpoint.

We have successfully created the AWS Lambda URL public endpoint.

Next, let us test the endpoint and check if the lambda function gets executed and returns the expected data.

Step 11: Test lambda function URL public endpoint.

Step 12: Clean up.

Hope you have enjoyed this article. To get more details in AWS Lambda, please refer to the below documentation.

https://docs.aws.amazon.com/lambda/index.html