By using AWS re:Post, you agree to the Terms of Use
/calling IAM auth function urls from Lambda/

calling IAM auth function urls from Lambda

0

I have a 2 lambda functions

  1. Caller - calling the service mentioned #2
  2. Service - with function url with IAM permission setup.

From service lambda #1 I want to invoke service #2 . I searched online, all mentioned calling the function url using IAM credentials, but we don’t use IAM credentials inside calling Lambda right ?

Do we need to use the lambda role while configuring the lambda resource based policy ? Are there any CDK examples for Lambda with functions urls IAM permissions set ? Can some one share on this ?

1 Answers
1
Accepted Answer

For invoking a Lambda function using its function URL, which is protected with IAM, you need to sign the request using SigV4. To create the signature you need to have AWS credentials which are allowed to invoke the function. If you invoke function #2 from a Lambda function #1, you need to attache an execution role to function #1 that has the right permissions.

You will need to sign the request yourself. The role is not enough. Depending on your language, there are different SDKs that may sign it for you.

EXPERT
answered 14 days ago
  • I am going to use java/kotlin in lambda #1 to invoke lambda #2. I referred the below link which requires the secret key. Does this secret key represents the IAM user's secret key ? If yes, how does this IAM user and lambda role linked ?

    https://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-java

    Where do we store the secrets in Lambda ? What is the best practice ? We also want to rotate the key periodically right.

  • The function has an execution role. You should retrieve the secret key from the role in the Lambda function. The runtime does it for you and you can find the information in environment variables: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions