This sample lets you create an API that can create a signed request (AWS4-HMAC-SHA256) to securely access an AWS Lambda function.
It uses:
- A KVM to store the AWS Lambda function key and secret, and other configuration information (e.g. region, host),
- an Assign Message policy to prepare the request,
- a JavaScript policy to create the canonical values for the signature,
- and an Assign Message policy to create the HMAC keys and signature using HMAC calculation functions.
This example is not an official Google product, nor is it part of an official Google product.
This material is copyright 2019, Google LLC. and is licensed under the Apache 2.0 license. See the LICENSE file included.
This code is open source.
- Existing AWS Lambda function
- Apigee X
- Apigeecli
- Clone the respository
git clone https://github.com/kurtkanaskie/apigeex-lambda-javascript.git - Install apigeecli
curl -L https://raw.githubusercontent.com/apigee/apigeecli/main/downloadLatest.sh | sh - - Get the details from you Lambda function (keys, function URL and region
- Edit the
env.shand configure the ENV vars and sourceenv.shsource env.sh
hello-app/index.mjs
export const handler = async (event) => {
// TODO implement
const body = {
message:'Hello Kurt from Lambda hello-app',
eventPath:event.rawPath
// ,eventTotal:event
};
if( event.rawQueryString ) {
body.queryString = decodeURI(event.rawQueryString);
}
if( event.body ) {
body.content = JSON.parse(event.body);
}
const response = {
statusCode: 200,
body: JSON.stringify(body),
};
return response;
};
Next, let's deploy our lambda-javascript-v1 proxy.
deploy-lambda-javascript-v1.sh
Test the proxy
curl -s https://$APIGEE_HOST/lambda-javascript | jq
{
"message": "Hello Kurt from Lambda hello-app",
"eventPath": "/",
"eventQueryString": ""
}
curl -s https://$APIGEE_HOST/lambda-javascript/ | jq
{
"message": "Hello Kurt from Lambda hello-app",
"eventPath": "/",
"eventQueryString": ""
}
curl -s https://$APIGEE_HOST/lambda-javascript/somepathsuffix | jq
{
"message": "Hello Kurt from Lambda hello-app",
"eventPath": "/somepathsuffix",
"eventQueryString": ""
}
curl -s https://$APIGEE_HOST/'lambda-javascript/somepathsuffix?hello=sunshine&goodbye=rain' | jq
{
"message": "Hello Kurt from Lambda hello-app",
"eventPath": "/somepathsuffix",
"eventQueryString": "hello=sunshine&goodbye=rain"
}
curl -s https://$APIGEE_HOST/'lambda-javascript/prompt?question=What%20is%20the%20meaning%20of%20life%3F' | jq
{
"message": "Hello Kurt from Lambda hello-app",
"eventPath": "/prompt",
"eventQueryString": "question=What%20is%20the%20meaning%20of%20life%3F"
}
curl --location --request POST https://$APIGEE_HOST/'lambda-javascript/prompts?prompt=What%20is%20the%20meaning%20of%20life' \
--header 'Content-Type: application/json' \
--data-raw '{
"prompt":"What is the meaning of life?",
"options": {
"detailLevel":"HIGH",
"errorTolerance":"LOW",
"mode":"SYNCHRONOUS"
}
}'
{
"message": "Hello Kurt from Lambda hello-app",
"eventPath": "/prompts",
"eventQueryStringDecoded": "prompt=What is the meaning of life",
"eventBody": {
"prompt": "What is the meaning of life?",
"options": {
"detailLevel": "HIGH",
"errorTolerance": "LOW",
"mode": "SYNCHRONOUS"
}
}
}
Congratulations! You've successfully created Apigee API to securely access ans AWS Lambda function.
To clean up the artifacts created source your env.sh script and run the following to delete your sample CORS proxy:
./clean-lambda-javascript-v1.sh- Apigee HMAC Calculation Functions with AWS example
- Apigee Javascript Crypto Object - SHA-256
- apigeecli
- Include body in canonical string