By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

cross account cross region API gateway lambda integration

0

I need to create a Cross account and cross-region API gateway and lambda Integration. I have my API gateway in Account A and Region 1 (It is already associated with a lambda function in the same region and account) .. now I want to integrate this API gateway with a lambda function in Account B and Region 2.

Any reference to documentation or blogs will be appreciated.

Topics
ServerlessComputeFront-End Web & MobileNetworking & Content Delivery
Tags
AWS LambdaAmazon API Gateway
Language
English
Deepak Puri
asked 3 months ago168 views
2 Answers
0

Hello.

If it is cross-account, you can use Lambda with the settings in the document below.
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-cross-account-lambda-integrations.html

However, we have confirmed that it does not work well in the case of cross regions.
I will check it a bit more.

profile picture
EXPERT
Riku_Kobayashi
answered 3 months ago
profile pictureAWS
EXPERT
Didier_Durand
reviewed 3 months ago
  • Riku_Kobayashi EXPERT
    3 months ago

    We were able to confirm that it can be used cross-account if Lambda is in the same region as API Gateway. Although the cause is unknown in the case of a different region, we have confirmed that the following permission error occurs even if a resource-based policy is attached to Lambda.

    Execution failed due to configuration error: Invalid permissions on Lambda function
  • Deepak Puri
    3 months ago

    Hi Riku and Didier, I get a different error while testing the API gateway integration after attaching the necessary resource-based policy to the lambda: Latency 119 Status 500 Response body {"message": "Internal server error"} Response headers { "x-amzn-ErrorType": "InternalServerErrorException" }

0

Hi,

Like Riku, I believe that API GTW and Lambda must be in same region (but not necessarily in same account).

So, you can create a proxy Lambda that will get the input payload from Account A in Region 1 to call Lambda in region 2. You can go with a direct Lamdda invoke() from the proxy Lambda to call the real one.

Best,

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content