Apigee to AWS Lambda functions without using AWS a...

Prashanth4576 · 08-09-2022 02:37 AM

Hi All,

We're trying to connect directly from Apigee to Lambda functions. But we don't want to use AWS access keys (access key Id and secret access key).

Now i wanted to know is there any solution which will suit rather than this.

Apricate for the responses.

dchiesa1

There's nothing special about connecting into AWS Lambda when you do it from Apigee. The same possibilities apply, as if you were connecting into AWS Lambda from anything external to AWS. I am not an expert in AWS Lambda, but I think one way you can invoke Lambda from the internet is via function URLs.

As I understand it, you should use AWS_IAM as the auth type, then Apigee needs to sign each outbound request to lambda using the AWS v4 signature approach. There's a nice Java callout for use within Apigee that can produce those signatures. BUT YOU DO NEED the access key ID and secret key.

If you don't want to use the access key ID and secret key, in other words if you don't want to sign requests, then basically, as I understand it, you will be allowing unauthenticated access into your AWS Lambda function. Anyone will be able to call it. In that case you may wish to implement some sort of custom authorization inside the Lambda function. For that you are on your own.

Good luck!

Prashanth4576

Thanks for the detailed explanation.

will that possible to sign the request by using short term/temporary access key ID and secret key. Expiry time: 30 mins/1hr

dchiesa1

I am not aware of "temporary" access key IDs and secret keys, in AWS. (I'm not an AWS expert. I work for Google) If these temporary credentials work just like the permanent credentials, then I guess it would work the same.

Prashanth4576

Thanks for the response.

Apigee to AWS Lambda functions without using AWS access keys (access key Id and secret access key)