Invoke an AWS Lambda function from Kong. It can be used in combination with other request plugins to secure, manage or extend the function.
Configure this plugin on a Service by making the following request:
$ curl -X POST http://kong:8001/services/{service}/plugins \
--data name=aws-lambda \
--data "config.aws_region=AWS_REGION" \
--data "config.function_name=LAMBDA_FUNCTION_NAME"
Configure this plugin on a Service by adding this section to your declarative configuration file:
plugins:
- name: aws-lambda
service: {service}
config:
aws_region: AWS_REGION
function_name: LAMBDA_FUNCTION_NAME
In both cases, {service}
is the id
or name
of the Service that this plugin configuration will target.
Configure this plugin on a Route with:
$ curl -X POST http://kong:8001/routes/{route}/plugins \
--data name=aws-lambda \
--data "config.aws_region=AWS_REGION" \
--data "config.function_name=LAMBDA_FUNCTION_NAME"
Configure this plugin on a Route by adding this section to your declarative configuration file:
plugins:
- name: aws-lambda
route: {route}
config:
aws_region: AWS_REGION
function_name: LAMBDA_FUNCTION_NAME
In both cases, {route}
is the id
or name
of the Route that this plugin configuration will target.
You can use the http://localhost:8001/plugins
endpoint to enable this plugin on specific Consumers:
$ curl -X POST http://kong:8001/consumers/{consumer}/plugins \
--data name=aws-lambda \
--data "config.aws_region=AWS_REGION" \
--data "config.function_name=LAMBDA_FUNCTION_NAME"
Configure this plugin on a Consumer by adding this section to your declarative configuration file:
plugins:
- name: aws-lambda
route: {route}
config:
aws_region: AWS_REGION
function_name: LAMBDA_FUNCTION_NAME
In both cases, {consumer}
is the id
or username
of the Consumer that this plugin configuration will target.
You can combine consumer_id
and service_id
In the same request, to furthermore narrow the scope of the plugin.
- Using a database, all plugins can be configured using the
http://kong:8001/plugins/
endpoint. - Without a database, all plugins can be configured via the
plugins:
entry on the declarative configuration file.
A plugin which is not associated to any Service, Route or Consumer (or API, if you are using an older version of Kong) is considered "global", and will be run on every request. Read the Plugin Reference and the Plugin Precedencesections for more information.
Here's a list of all the parameters which can be used in this plugin's configuration:
Form Parameter | default | description |
---|---|---|
name |
The name of the plugin to use, in this case: aws-lambda . |
|
service_id |
The id of the Service which this plugin will target. | |
route_id |
The id of the Route which this plugin will target. | |
enabled |
true |
Whether this plugin will be applied. |
consumer_id |
The id of the Consumer which this plugin will target. | |
config.aws_key semi-optional |
The AWS key credential to be used when invoking the function. This value is required if aws_secret is defined. |
|
config.aws_secret semi-optional |
The AWS secret credential to be used when invoking the function. This value is required if aws_key is defined. |
|
config.aws_region semi-optional |
The AWS region where the Lambda function is located. The plugin does not attempt to validate the provided region name; an invalid region name will result in a DNS name resolution error. This value cannot be specified if host is set. |
|
config.function_name |
The AWS Lambda function name to invoke. | |
config.timeout |
60000 |
Timeout protection in milliseconds when invoking the function. |
config.keepalive |
60000 |
Max idle timeout in milliseconds when invoking the function. |
config.qualifier optional |
The Qualifier to use when invoking the function. |
|
config.invocation_type optional |
RequestResponse |
The InvocationType to use when invoking the function. Available types are RequestResponse , Event , DryRun . |
config.log_type optional |
Tail |
The LogType to use when invoking the function. By default None and Tail are supported. |
config.host semi-optional |
The AWS lambda host. If not specified, aws_region is required and the official AWS lambda endpoint for the given AWS region is used as host. |
|
config.port optional |
443 |
The TCP port that this plugin will use to connect to the server. |
config.unhandled_status optional |
200 , 202 or 204 |
The response status code to use (instead of the default 200 , 202 , or 204 ) in the case of an Unhandled Function Error |
config.forward_request_body optional |
false |
An optional value that defines whether the request body is to be sent in the request_body field of the JSON-encoded request. If the body arguments can be parsed, they will be sent in the separate request_body_args field of the request. The body arguments can be parsed for application/json , application/x-www-form-urlencoded , and multipart/form-data content types. |
config.forward_request_headers optional |
false |
An optional value that defines whether the original HTTP request headers are to be sent as a map in the request_headers field of the JSON-encoded request. |
config.forward_request_method optional |
false |
An optional value that defines whether the original HTTP request method verb is to be sent in the request_method field of the JSON-encoded request. |
config.forward_request_uri optional |
false |
An optional value that defines whether the original HTTP request URI is to be sent in the request_uri field of the JSON-encoded request. Request URI arguments (if any) will be sent in the separate request_uri_args field of the JSON body. |
config.is_proxy_integration optional |
false |
An optional value that defines whether the response format to receive from the Lambda to this format. Note that the parameter isBase64Encoded is not implemented. |
config.awsgateway_compatible optional |
false |
An optional value that defines whether the plugin should wrap requests into the Amazon API gateway. |
config.proxy_url semi-optional |
An optional value that defines whether the plugin should connect through the given proxy server URL. This value is required if proxy_scheme is defined. |
|
config.proxy_scheme semi-optional |
An optional value that defines which HTTP protocol scheme to use in order to connect through the proxy server. The schemes supported are: http and https . This value is required if proxy_url is defined. |
|
config.skip_large_bodies optional |
true |
An optional value that defines whether very large bodies (that are buffered to disk) should be sent by Kong. Note that sending very large bodies will have an impact on the system memory. |
If you do not provide aws.key
or aws.secret
, the plugin uses an IAM role inherited from the instance running Kong.
First, the plugin will try ECS metadata to get the role. If no ECS metadata is available, the plugin will fall back on EC2 metadata.