By using AWS re:Post, you agree to the AWS re:Post Terms of Use

DescribeEndpoint from inside a lambda

0

I am setting up a CF stack using the CDK. I am planning on having API gateway host a Lambda function to return the IoT Core mqtt endpoint for my remote IoT clients.

Is there a way within the SDK to call DescribeEndpoint from inside the lambda, or do I have to fetch() it from the URL? I'm not quite sure how I would go about calling that, since it needs account permissions.

Inside my Lambda, I'm trying this:

export async function getMqttEndpoint(request: APIGatewayProxyEventV2): Promise<APIGatewayProxyResultV2> {
    const client = new IoTClient({});

    const command = new DescribeEndpointCommand({
        endpointType: "iot:Data"
    });

    return client.send(command)
        .then((response) => {
            return {
                body: response.endpointAddress
            }
        });
}
1 Answer
1
Accepted Answer

ok I figured it out. I just didn't have the right permissions granted to the lambda.

In case anybody ever needs this in the future, here's how I did this in CDK:

        const extraPolicyStatements = new iam.Policy(this, 'describe-endpoint-policy', {
            statements: [
                new iam.PolicyStatement({
                    actions: ["iot:DescribeEndpoint"],
                    resources: ["*"]
                }),
                new iam.PolicyStatement({
                    actions: ["logs:CreateLogGroup"],
                    resources: [`arn:aws:logs:${this.env.region}:${this.env.account}:*`]
                }),
                new iam.PolicyStatement({
                    actions: [
                        "logs:CreateLogStream",
                        "logs:PutLogEvents"
                    ],
                    resources: [`arn:aws:logs:${this.env.region}:${this.env.account}:log-group:/aws/lambda/*:*`]
                })
            ]
        });

        const role = new iam.Role(this,
            "abcdEndpointExecRole", {
                roleName: "abcdEndpointExecRole",
                assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
                inlinePolicies: {
                    "describe": extraPolicyStatements.document
                }
            });

then gave that to the Lambda as its role. Not sure that's the best way or not but it is readable and it wroks.

profile picture
answered 2 years ago
profile picture
EXPERT
reviewed 7 months ago
  • Are you making sure that CF will not do any caching?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions