Invoke Lambda function URL

Question

How I can invoke a lambda function URL with IAM role?
I know how it can be invoked using Auth type as IAM_USER  by generating AWSSIGv4.

But not sure or have the step to use the same with an assigned Iam role instead of iam user. 
Suppose i enable lambda url Auth type as IAM instead of None. Then in the resource-based permission granted function url invoke by using an IAM role  X.
Then I assigned the iam role X to an EC2 instance.

In this case, what do I need to do to invoke the lambda function URL from the ec2 instance?

Accepted Answer

Finally i got it as working

1] role itself added to trusted entities of the role assigned to ec2.
2] From the instance using assume role-generated credentials.
3] used those credentials to generate AWSSIGv4
4] Invoked lambda function url with AWSSIGv4
in lambda function url Auth type iam and resource-based identity permission set with the role in step1.

Answer

I already tried that way by getting a temporary access key and secret of the IAM role and then used it for generating AWSSIGv4. But got "The security token included in the request is invalid."

Note:-
used the key and secret here curl http://169.254.169.254/latest/meta-data/iam/security-credentials/$role to generate AWSSIGv4

Answer

You need to do the same thing as with an IAM user. You get the Role's credentials and you use them to SigV4 sign the request.

Invoke Lambda function URL

相关内容