我的书签
添加书签
移除书签aws-lambda
| Name | Type | Requirement | Default | Valid | Description |
|---|---|---|---|---|---|
| accesskey | string | required | Generated access key ID from AWS IAM console. | ||
| secret_key | string | required | Generated access key secret from AWS IAM console. | ||
| aws_region | string | optional | “us-east-1” | The AWS region where the request is being sent. | |
| service | string | optional | “execute-api” | The service that is receiving the request (In case of Http Trigger it is “execute-api”). |
The following is an example of how to enable the aws-lambda faas plugin for a specific route URI. Calling the APISIX route uri will make an invocation to the lambda function uri (the new upstream). We are assuming your cloud function is already up and running.
Now any requests (HTTP/1.1, HTTPS, HTTP2) to URI /aws will trigger an HTTP invocation to the aforesaid function URI and response body along with the response headers and response code will be proxied back to the client. For example (here AWS lambda function just take the name query param and returns Hello $name) :
$ curl -i -XGET localhost:9080/aws\?name=APISIXHTTP/1.1 200 OKContent-Type: application/jsonConnection: keep-aliveDate: Sat, 27 Nov 2021 13:08:27 GMTx-amz-apigw-id: JdwXuEVxIAMFtKw=x-amzn-RequestId: 471289ab-d3b7-4819-9e1a-cb59cac611e0Content-Length: 16X-Amzn-Trace-Id: Root=1-61a22dca-600c552d1c05fec747fd6db0;Sampled=0"Hello, APISIX!"
Similarly, the lambda can be triggered via AWS API Gateway by using AWS IAM permissions to authorize access to your API via APISIX aws-lambda plugin. Plugin includes authentication signatures in their HTTP calls via AWS v4 request signing. Here is an example:
# enable aws lambda for a route via iam authorizationcurl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '{"plugins": {"aws-lambda": {"function_uri": "https://ajycz5e0v9.execute-api.us-east-1.amazonaws.com/default/test-apisix","authorization": {"iam": {"accesskey": "<access key>","secretkey": "<access key secret>"}},"ssl_verify": false},"uri": "/aws"
Note: This approach assumes you already have an iam user with the programmatic access enabled and required permissions (AmazonAPIGatewayInvokeFullAccess) to access the endpoint.
Plugin with Path Forwarding
Note: APISIX route uri must be ended with an asterisk (*) for this feature to work properly. APISIX routes are strictly matched and the extra asterisk at the suffix means any subpath appended to the original parent path will use the same route object configurations.
Here is an example:
curl -i -XGET http://127.0.0.1:9080/aws/default/test-apisix\?name\=APISIXHTTP/1.1 200 OKContent-Type: application/jsonConnection: keep-aliveDate: Wed, 01 Dec 2021 14:23:27 GMTX-Amzn-Trace-Id: Root=1-61a7855f-0addc03e0cf54ddc683de505;Sampled=0x-amzn-RequestId: f5f4e197-9cdd-49f9-9b41-48f0d269885bContent-Length: 16x-amz-apigw-id: JrHG8GC4IAMFaGA=Server: APISIX/2.11.0"Hello, APISIX!"
Remove the corresponding JSON configuration in the plugin configuration to disable the plugin and add the suitable upstream configuration. APISIX plugins are hot-reloaded, therefore no need to restart APISIX.
