By using AWS re:Post, you agree to the Terms of Use

How do I setup a multi-stage API using Lambda Aliases in a VPC?


I am trying to setup an API in AWS using Lambda functions, but I am finding it way more difficult than I expected. We have setup some one-off APIs with no problem, but setting up a more robust API with multiple versions seems to be beyond my understanding.

I would like to create a single Lambda function with multiple aliases (development, sandbox, production). Each alias should use a different configuration for databases, notifications, etc. I have built my configuration information using AWS AppConfig, so if I can set an environment variable for each alias I should be able to retrieve the correct configuration information.

We want the same url to be used for each Lambda alias (,,

The Lambda functions need to be in a VPC so that we can connect to the VPC's resources.

Does anyone have any guidance or an example somewhere?


Richard Sargent

2 Answers

Hi Richard,

As you know, A Lambda version is a snapshot of the $LATEST version of a Lambda function[1]. Since it is a snapshot, we are not able to edit the code or any configuration which includes the environment variables. On the other hand, an Alias is simply a pointer to a particular Lambda version[2].

In order to achieve your desired setup, you would have to create three separate versions of your $LATEST Lambda function. Each version will have the desired configuration and environment variables for its intended environment. For example:

  1. On the $LATEST Lambda function, go to the "Configuration" Tab and provide the Environment variables for the development environment
  2. Create a new version for this Lambda function
  3. Create a "development" alias and point it to the version in #2.
  4. You will then need to go back to the $LATEST version and repeat this process 2 more times for your sandbox and productions environments.
  5. Now we have 3 aliases pointing to 3 different version with different environment variables which you can point your API to.

If you need to make any codes changes then you will need to make sure that the above process is done again and to point the existing alias to the newly created versions.

Aliases and versions should behave the same whether the Lambda is configured for VPC or not. The VPC settings are also taken in the version snapshot so each of version/alias combination can have different VPC settings.

I hope this information helps. Please let me know if you have any other questions.


answered 6 months ago

Hi Ryan,

Thanks for the response.

I do understand Lambda aliases and versioning and have been using them for other projects. The problem lies in pointing an API stage to a particular alias. As far as I can tell, there is no good way of accomplishing this in a generic way.

There is a way to point a method (or the ANY method) to a Lambda alias, but it appears that the entire ARN of the Lambda alias needs to be included in the Lambda Function field as opposed to just name:alias. In addition, although there is supposed to be a way of using stage variables to invoke a particular Lambda alias (arn:aws:lambda:<region>:<account>:function:<name>:${stageVariables.lambdaAlias}), I have not been able to get the security to work. Since there is no way to see the security associated with resources, it is hard to troubleshoot. There is also no way to see what resources have been published, so troubleshooting is almost impossible.

I would suggest that the API Gateway page be redesigned with visibility in mind.


Richard Sargent

answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions