Invoke Lambda function URL

Question

How I can invoke a lambda function URL with IAM role?
I know how it can be invoked using Auth type as IAM_USER  by generating AWSSIGv4.

But not sure or have the step to use the same with an assigned Iam role instead of iam user. 
Suppose i enable lambda url Auth type as IAM instead of None. Then in the resource-based permission granted function url invoke by using an IAM role  X.
Then I assigned the iam role X to an EC2 instance.

In this case, what do I need to do to invoke the lambda function URL from the ec2 instance?

Manu Sabu · Accepted Answer

Finally i got it as working

1] role itself added to trusted entities of the role assigned to ec2.
2] From the instance using assume role-generated credentials.
3] used those credentials to generate AWSSIGv4
4] Invoked lambda function url with AWSSIGv4
in lambda function url Auth type iam and resource-based identity permission set with the role in step1.

Uri Segev · Answer

You need to do the same thing as with an IAM user. You get the Role's credentials and you use them to SigV4 sign the request.

Manu Sabu · Answer

I already tried that way by getting a temporary access key and secret of the IAM role and then used it for generating AWSSIGv4. But got "The security token included in the request is invalid."

Note:-
used the key and secret here curl http://169.254.169.254/latest/meta-data/iam/security-credentials/$role to generate AWSSIGv4

Invoke Lambda function URL

Add your answer

Relevant content