By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

DescribeEndpoint from inside a lambda

0

I am setting up a CF stack using the CDK. I am planning on having API gateway host a Lambda function to return the IoT Core mqtt endpoint for my remote IoT clients.

Is there a way within the SDK to call DescribeEndpoint from inside the lambda, or do I have to fetch() it from the URL? I'm not quite sure how I would go about calling that, since it needs account permissions.

Inside my Lambda, I'm trying this:

export async function getMqttEndpoint(request: APIGatewayProxyEventV2): Promise<APIGatewayProxyResultV2> {
    const client = new IoTClient({});

    const command = new DescribeEndpointCommand({
        endpointType: "iot:Data"
    });

    return client.send(command)
        .then((response) => {
            return {
                body: response.endpointAddress
            }
        });
}
Topics
Internet of Things (IoT)ServerlessComputeFront-End Web & MobileNetworking & Content DeliveryDeveloper Tools
Tags
AWS IoT CoreAWS LambdaAmazon API GatewayDeveloper Tools
Language
English
profile picture
wz2b
asked a year ago194 views
1 Answer
0
Accepted Answer

ok I figured it out. I just didn't have the right permissions granted to the lambda.

In case anybody ever needs this in the future, here's how I did this in CDK:

        const extraPolicyStatements = new iam.Policy(this, 'describe-endpoint-policy', {
            statements: [
                new iam.PolicyStatement({
                    actions: ["iot:DescribeEndpoint"],
                    resources: ["*"]
                }),
                new iam.PolicyStatement({
                    actions: ["logs:CreateLogGroup"],
                    resources: [`arn:aws:logs:${this.env.region}:${this.env.account}:*`]
                }),
                new iam.PolicyStatement({
                    actions: [
                        "logs:CreateLogStream",
                        "logs:PutLogEvents"
                    ],
                    resources: [`arn:aws:logs:${this.env.region}:${this.env.account}:log-group:/aws/lambda/*:*`]
                })
            ]
        });

        const role = new iam.Role(this,
            "abcdEndpointExecRole", {
                roleName: "abcdEndpointExecRole",
                assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
                inlinePolicies: {
                    "describe": extraPolicyStatements.document
                }
            });

then gave that to the Lambda as its role. Not sure that's the best way or not but it is readable and it wroks.

profile picture
wz2b
answered a year ago
  • Ozy smile
    a year ago

    Are you making sure that CF will not do any caching?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content