calling IAM auth function urls from Lambda
I have a 2 lambda functions
- Caller - calling the service mentioned #2
- Service - with function url with IAM permission setup.
From service lambda #1 I want to invoke service #2 . I searched online, all mentioned calling the function url using IAM credentials, but we don’t use IAM credentials inside calling Lambda right ?
Do we need to use the lambda role while configuring the lambda resource based policy ? Are there any CDK examples for Lambda with functions urls IAM permissions set ? Can some one share on this ?
For invoking a Lambda function using its function URL, which is protected with IAM, you need to sign the request using SigV4. To create the signature you need to have AWS credentials which are allowed to invoke the function. If you invoke function #2 from a Lambda function #1, you need to attache an execution role to function #1 that has the right permissions.
You will need to sign the request yourself. The role is not enough. Depending on your language, there are different SDKs that may sign it for you.
I am going to use java/kotlin in lambda #1 to invoke lambda #2. I referred the below link which requires the secret key. Does this secret key represents the IAM user's secret key ? If yes, how does this IAM user and lambda role linked ?
Where do we store the secrets in Lambda ? What is the best practice ? We also want to rotate the key periodically right.
The function has an execution role. You should retrieve the secret key from the role in the Lambda function. The runtime does it for you and you can find the information in environment variables: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN.
calling IAM auth function urls from LambdaAccepted Answerasked 15 days ago
Missing MSK service icon within Lambda Function 'Add Trigger' dropdownasked 12 days ago
new Lambda Function URL with TerraformAccepted Answerasked 3 months ago
can we attach the custom domain to lambda function urls ?Accepted Answer
Lambda Function URL /ping endpointasked 2 months ago
My Lambda function is not getting invoked all of a sudden.asked 3 months ago
Return Value from Lambda function triggered by SQS to individual clientAccepted Answerasked 5 months ago
403 creating java lambda functionasked 5 months ago
Make Lambda Function Urls to be accessible within the VPC only.
Calling AWS Lambda directlyAccepted Answerasked a year ago