1 Answer
- Newest
- Most votes
- Most comments
1
For invoking a Lambda function using its function URL, which is protected with IAM, you need to sign the request using SigV4. To create the signature you need to have AWS credentials which are allowed to invoke the function. If you invoke function #2 from a Lambda function #1, you need to attache an execution role to function #1 that has the right permissions.
You will need to sign the request yourself. The role is not enough. Depending on your language, there are different SDKs that may sign it for you.
Relevant content
- asked 2 years ago
- asked a year ago
- asked a month ago
- What's the difference between Lambda function execution role permissions and invocation permissions?AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
I am going to use java/kotlin in lambda #1 to invoke lambda #2. I referred the below link which requires the secret key. Does this secret key represents the IAM user's secret key ? If yes, how does this IAM user and lambda role linked ?
https://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-java
Where do we store the secrets in Lambda ? What is the best practice ? We also want to rotate the key periodically right.
The function has an execution role. You should retrieve the secret key from the role in the Lambda function. The runtime does it for you and you can find the information in environment variables: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN.