Hi All,
We’re trying to connect directly from Apigee to Lambda functions. But we don’t want to use AWS access keys (access key Id and secret access key).
Now i wanted to know is there any solution which will suit rather than this.
Apricate for the responses.
There’s nothing special about connecting into AWS Lambda when you do it from Apigee. The same possibilities apply, as if you were connecting into AWS Lambda from anything external to AWS. I am not an expert in AWS Lambda, but I think one way you can invoke Lambda from the internet is via function URLs.
As I understand it, you should use AWS_IAM as the auth type, then Apigee needs to sign each outbound request to lambda using the AWS v4 signature approach. There’s a nice Java callout for use within Apigee that can produce those signatures. BUT YOU DO NEED the access key ID and secret key.
If you don’t want to use the access key ID and secret key, in other words if you don’t want to sign requests, then basically, as I understand it, you will be allowing unauthenticated access into your AWS Lambda function. Anyone will be able to call it. In that case you may wish to implement some sort of custom authorization inside the Lambda function. For that you are on your own.
Good luck!
Thanks for the detailed explanation.
will that possible to sign the request by using short term/temporary access key ID and secret key. Expiry time: 30 mins/1hr
I am not aware of “temporary” access key IDs and secret keys, in AWS. (I’m not an AWS expert. I work for Google) If these temporary credentials work just like the permanent credentials, then I guess it would work the same.
Thanks for the response.
Hi @dchiesa1 . for the java callout as I see below we need to pass the aws-key & aws-secret-key.
Is there any other way to call if I don’t have the provision to get these values?
I am trying to call from apigee hybrid deployed in aws & connect to a cross account aws lambda function.
We don’t have any specific aws user for which we can get the access key, secret or session value.
<Property name="key">{private.aws-key}</Property>
<Property name="secret">{private.aws-secret-key}</Property>
<Property name="sign-content-sha256">true</Property>
</Properties>
<ClassName>com.google.apigee.callouts.AWSV4Signature</ClassName>
<ResourceURL>java://apigee-callout-awsv4sig
@Prashanth4576 . can you share how you achieved this scenario?
Hello @atri ,
Thank you for your follow-up question! To ensure your inquiry receives the attention it deserves, I recommend posting it as a new question with as much detail as possible. This will help our community members better understand your situation and provide you with more specific guidance.