我的书签
添加书签
移除书签aws-lambda
When enabled, the Plugin terminates the ongoing request to the configured URI and initiates a new request to the AWS Lambda Gateway URI on behalf of the client with configured authorization details, request headers, body and parameters (all three passed from the original request). It returns back the response with headers, status code and the body to the client that initiated the request with APISIX.
This Plugin supports authorization via AWS API key and AWS IAM secrets.
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| accesskey | string | True | Generated access key ID from AWS IAM console. | |
| secret_key | string | True | Generated access key secret from AWS IAM console. | |
| aws_region | string | False | “us-east-1” | AWS region where the request is being sent. |
| service | string | False | “execute-api” | The service that is receiving the request. For HTTP trigger, it is “execute-api”. |
The example below shows how you can configure the Plugin on a specific Route:
In the example below, AWS Lambda takes in name from the query and returns a message “Hello $name”:
curl -i -XGET localhost:9080/aws\?name=APISIX
HTTP/1.1 200 OKContent-Type: application/jsonConnection: keep-aliveDate: Sat, 27 Nov 2021 13:08:27 GMTx-amz-apigw-id: JdwXuEVxIAMFtKw=x-amzn-RequestId: 471289ab-d3b7-4819-9e1a-cb59cac611e0Content-Length: 16X-Amzn-Trace-Id: Root=1-61a22dca-600c552d1c05fec747fd6db0;Sampled=0Server: APISIX/2.10.2"Hello, APISIX!"
Another example of a request where the client communicates with APISIX via HTTP/2 is shown below (make sure you have configured enable_http2: true for a in your default configuration file (config-default.yaml). You can do this by uncommenting the port 9081 from the field apisix.node_listen):
HTTP/2 200content-length: 16x-amz-apigw-id: JdwulHHrIAMFoFg=date: Sat, 27 Nov 2021 13:10:53 GMTx-amzn-trace-id: Root=1-61a22e5d-342eb64077dc9877644860dd;Sampled=0x-amzn-requestid: a2c2b799-ecc6-44ec-b586-38c0e3b11fe4server: APISIX/2.10.2"Hello, APISIX!"
Similarly the function can be triggered via AWS API Gateway by using AWS IAM permissions for authorization. The Plugin includes authentication signatures in HTTP calls via AWS v4 request signing. The example below shows this method:
curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '{"plugins": {"aws-lambda": {"function_uri": "https://ajycz5e0v9.execute-api.us-east-1.amazonaws.com/default/test-apisix","authorization": {"iam": {"secretkey": "<access key secret>"}},"ssl_verify": false}"uri": "/aws"}'
note
Configuring path forwarding
The aws-lambda Plugins also supports URL path forwarding while proxying requests to the AWS upstream. Extensions to the base request path gets appended to the function_uri specified in the Plugin configuration.
IMPORTANT
The uri configured on a Route must end with * for this feature to work properly. APISIX Routes are matched strictly and the * implies that any subpath to this URI would be matched to the same Route.
The example below configures this feature:
curl -i -XGET http://127.0.0.1:9080/aws/default/test-apisix\?name\=APISIX
HTTP/1.1 200 OKContent-Type: application/jsonConnection: keep-aliveDate: Wed, 01 Dec 2021 14:23:27 GMTX-Amzn-Trace-Id: Root=1-61a7855f-0addc03e0cf54ddc683de505;Sampled=0x-amzn-RequestId: f5f4e197-9cdd-49f9-9b41-48f0d269885bContent-Length: 16x-amz-apigw-id: JrHG8GC4IAMFaGA=Server: APISIX/2.11.0"Hello, APISIX!"
To disable the Plugin, you can delete the corresponding JSON configuration from the Plugin configuration. APISIX will automatically reload and you do not have to restart for this to take effect.
