AWS Lambda For The Impatient Part 2
Written by Nikos Vaggalis   
Monday, 23 January 2017
Article Index
AWS Lambda For The Impatient Part 2
Attaching policies to the Role
Calling with AWS CLI and HTTP requests
Using Postman

In the first part of the AWS Lambda for the Impatient tutorial series we set out to create our very first lambda function and call it through an open, public, unrestricted and unauthenticated endpoint.This time around we add security so that calling our lambdas will require the client to authenticate through an IAM Role and User name.

 

 

Step 1 - Create a new Lambda function and API Gateway endpoint

As happened in the first part, we create a new lambda called lambda_basic_execution_helloWorldNodeJS but with the added suffix of _auth. So that we can tell it apart, call it lambda_basic_execution_helloWorldNodeJS_auth.

Despite the name change, the function's code remains the same as last time:

use strict';
exports.handler = (event, context, callback) => {
 console.log('Received event:',
                 JSON.stringify(event, null, 2));
 var inputObj = JSON.parse(event["body"]);
 callback(null, {
    "statusCode": 200,
    "headers": { },
 // Echo back the first key value
    "body": JSON.stringify(
                    {"received":inputObj.key1})
 })
}



Still in the Lambda functions creation menu, choose Create Custom Role to also create a Role with the same name as the function, that is lambda_basic_execution_helloWorldNodeJS_auth:


Create Custom Role attaches a default policy to the role, which we can examine by expanding the role's Policy Document:


Moving on to the API Gateway menu, where we also create a matching LambdaMicroServiceHelloWorldNodeJSAuth API to go along with our lambda and role.

 

2a

 

Back to our lambda_basic_execution_helloWorldNodeJS_auth function in order to continue adding a new Trigger:





In contrast to the 'Open' security setting used in the first part of this tutorial, this time we choose AWS IAM:


which means that in order to access our function we have to use IAM authentication.

At this point we save our Trigger to create a new API Gateway HTTP endpoint:


So thus far our lambda_basic_execution_helloWorldNodeJS_auth lambda looks like:



Step 2 - Creating Roles and granting permissions

Next we need to go back to the API Gateway and the  LambdaMicroServiceHelloWorldNodeJSAuth API. This time we are going to define the HTTP methods that our API will listen to as well as how to react to their invocation. As lambdas work only with POST requests, we add just the POST method:

Actions->Create Method->POST->POST Setup

Integration Type: HTTP

Endpoint URL: https://bgi7kbuoq7.execute-api.eu-west-1.amazonaws.com/prod/helloWorldNodeJsAuth



Method Execution->API key required->AWS_IAM




This is as far as the tweaking of the Gateway goes.



Last Updated ( Sunday, 19 February 2017 )