Home > Software engineering >  New AWS Lambda URLs - has anyone got the 'secure' version with the AWS_IAM working?
New AWS Lambda URLs - has anyone got the 'secure' version with the AWS_IAM working?

Time:04-13

I have a simple function that returns an item of text.

When I set auth to NONE it works fine.

When I set auth to AWS_IAM and create the resource based policy within the permissions section of AWS Lambda I set the following:

  "Version": "2012-10-17",
  "Id": "default",
  "Statement": [
    {
      "Sid": "sid8",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::xxxxxxxxxx:user/xxxxxxxxxx"
      },
      "Action": "lambda:InvokeFunctionUrl",
      "Resource": "arn:aws:lambda:eu-west-1:xxxxxxxxx:function:simpleFunction",
      "Condition": {
        "StringEquals": {
          "lambda:FunctionUrlAuthType": "AWS_IAM"
        }
      }
    }
  ]
}

On this I get a forbidden error.

Every demo / example on the internet uses NONE for auth.

I have also tried adding the lambda:InvokeFunctionUrl to the IAM policy of the user for the specified resource but still getting a forbidden error.

Am I missing something or does this aspect of the new function not work?

CodePudding user response:

The problem is that when you are using IAM_AUTH you're required to sign your requests with SigV4. Essentially, this is identical to using API Gateway with IAM_AUTH type.

There are multiple ways of signing requests you can even use botocore functionality to do so. The easiest would be to use awscurl or postman, also check this doco that confirms this requirement https://docs.aws.amazon.com/lambda/latest/dg/urls-invocation.html

Page link:https//www.codepudding.com/Softwareengineering/371044.html

Prev:I can't ssh into my newly created EC2 instance and can't figure it out for the life of me
Next:ECS Fargate - Can a container access its own Public IP address
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding