calling IAM auth function urls from Lambda
I have a 2 lambda functions
- Caller - calling the service mentioned #2
- Service - with function url with IAM permission setup.
From service lambda #1 I want to invoke service #2 . I searched online, all mentioned calling the function url using IAM credentials, but we don’t use IAM credentials inside calling Lambda right ?
Do we need to use the lambda role while configuring the lambda resource based policy ? Are there any CDK examples for Lambda with functions urls IAM permissions set ? Can some one share on this ?
For invoking a Lambda function using its function URL, which is protected with IAM, you need to sign the request using SigV4. To create the signature you need to have AWS credentials which are allowed to invoke the function. If you invoke function #2 from a Lambda function #1, you need to attache an execution role to function #1 that has the right permissions.
You will need to sign the request yourself. The role is not enough. Depending on your language, there are different SDKs that may sign it for you.
The function has an execution role. You should retrieve the secret key from the role in the Lambda function. The runtime does it for you and you can find the information in environment variables: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN.
Relevant questions
calling IAM auth function urls from Lambda
Accepted Answerasked 15 days agoMissing MSK service icon within Lambda Function 'Add Trigger' dropdown
asked 12 days agonew Lambda Function URL with Terraform
Accepted Answerasked 3 months agocan we attach the custom domain to lambda function urls ?
Accepted Answerasked 2 months agoLambda Function URL /ping endpoint
asked 2 months agoMy Lambda function is not getting invoked all of a sudden.
asked 3 months agoReturn Value from Lambda function triggered by SQS to individual client
Accepted Answerasked 5 months ago403 creating java lambda function
asked 5 months agoMake Lambda Function Urls to be accessible within the VPC only.
asked 2 months agoCalling AWS Lambda directly
Accepted Answerasked a year ago
I am going to use java/kotlin in lambda #1 to invoke lambda #2. I referred the below link which requires the secret key. Does this secret key represents the IAM user's secret key ? If yes, how does this IAM user and lambda role linked ?
https://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-java
Where do we store the secrets in Lambda ? What is the best practice ? We also want to rotate the key periodically right.