Routing to Lambda functions for HTTP(S) requests
TypeScriptTo route HTTP(S) requests to an AWS Lambda function, you'll leverage the AWS API Gateway service, which acts as the front door for requests to your Lambda function. The steps to do this include creating a Lambda function, setting up an API Gateway, and configuring routes that forward the calls to the Lambda function.
Here is an explanation of how you can accomplish this with Pulumi in TypeScript:
-
Define an AWS Lambda function. This includes specifying the code for the function, the execution role, the handler, and the runtime environment. AWS Lambda supports various runtimes such as Node.js, Python, and more.
-
Create an API Gateway HTTP API. An HTTP API is a lightweight, high-performance subset of API Gateway features that is optimal for serverless workloads.
-
Link your Lambda function to the API Gateway by creating an integration. An integration instructs the API Gateway on how to handle incoming requests and where to route them.
-
Configure routes in your API Gateway that determine how requests are forwarded to the Lambda function based on the HTTP method and resource path.
-
Deploy the API Gateway to make the routes live.
-
Optionally, you can configure the permissions for the Lambda function to grant the API Gateway the required invoke privileges.
Below is the Pulumi TypeScript program that accomplishes this:
import * as aws from "@pulumi/aws"; // Define the AWS Lambda function const lambdaRole = new aws.iam.Role("lambdaRole", { assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: "lambda.amazonaws.com" }), }); const lambdaPolicyAttachment = new aws.iam.RolePolicyAttachment("lambdaPolicyAttachment", { role: lambdaRole, policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole, }); const lambdaFunction = new aws.lambda.Function("myLambdaFunction", { role: lambdaRole.arn, handler: "index.handler", runtime: aws.lambda.NodeJS12dXRuntime, code: new aws.pulumi.asset.AssetArchive({ ".": new aws.pulumi.asset.FileArchive("./function"), }), }); // Create an AWS API Gateway for HTTP API const httpApi = new aws.apigatewayv2.Api("httpApi", { protocolType: "HTTP", }); // Create an integration between the API Gateway and the Lambda function const lambdaIntegration = new aws.apigatewayv2.Integration("lambdaIntegration", { apiId: httpApi.id, integrationType: "AWS_PROXY", integrationUri: lambdaFunction.arn, payloadFormatVersion: "2.0", }); // Create a route for handling HTTP GET requests const getRoute = new aws.apigatewayv2.Route("getRoute", { apiId: httpApi.id, routeKey: "GET /", target: pulumi.interpolate`integrations/${lambdaIntegration.id}`, }); // Deploy the API Gateway const httpDeployment = new aws.apigatewayv2.Deployment("httpDeployment", { apiId: httpApi.id, }); // Create a stage, which is a snapshot of the deployment const stage = new aws.apigatewayv2.Stage("stage", { apiId: httpApi.id, deploymentId: httpDeployment.id, name: "$default", // Use the $default stage }); // Set up the Lambda permission to allow Invocation from the API Gateway const lambdaPermission = new aws.lambda.Permission("lambdaPermission", { action: "lambda:InvokeFunction", principal: "apigateway.amazonaws.com", function: lambdaFunction.name, sourceArn: pulumi.interpolate`${httpApi.executionArn}/*/*`, }); // Export the HTTP API endpoint export const apiEndpoint = httpApi.apiEndpoint;
Explanation of the code:
- The
aws.iam.Role
andaws.iam.RolePolicyAttachment
resources create an IAM role and attach the necessary permissions for the Lambda function to run. - The
aws.lambda.Function
resource defines the Lambda function, including its code, handler, runtime, and the IAM role it assumes. - The
aws.apigatewayv2.Api
resource defines an HTTP API in API Gateway. - The
aws.apigatewayv2.Integration
links the Lambda function with the API Gateway, using theAWS_PROXY
integration type. - The
aws.apigatewayv2.Route
resource sets up a route to forward incoming HTTP GET requests to the Lambda function. - The
aws.apigatewayv2.Deployment
andaws.apigatewayv2.Stage
resources handle the deployment and stage setup for making the route configuration effective. - The
aws.lambda.Permission
resource grants the API Gateway the permission to invoke the Lambda function. - An endpoint URL is exported at the end, which you can use to invoke the deployed API and Lambda function.
To deploy this infrastructure, you should have Pulumi and AWS CLI configured on your machine, and the code should be placed in a project with the necessary
Pulumi.yaml
andpackage.json
configuration files. The./function
directory should contain your Lambda function code with anindex.js
file exporting the handler function (e.g.,exports.handler = async function(event) { /*...*/ };
). After runningpulumi up
, your API endpoint will be outputted, ready to receive HTTP requests.-