Hi today I wanted to show you how you can connect Lambda Function to API Gateway and how easy it can be secured. I will add the API key.
In this article and video tutorial I will show you also 2 ways to create an API Gateway. First, a longer and a bit more difficult way and then a simple and fast one.
Lambda
I will create a simple lambda function in Python3.9 from scratch. My function will just generate random numbers.
import json
import random
from random import randrange
def lambda_handler(event, context):
number = randrange(10)
return {
'statusCode': 200,
'body': json.dumps('Hello from Lambda! Random number: %s' % number)
}
When you create a lambda function, deploy and check if it works correctly.
1) API Gateway – method 1
Okay, now I will create API Gateway in a longer way, but I will go through the configuration step by step.
Creating an API Gateway
Find GATEWAY API select REST API, add name etc.
Create a new method, in my case GET. Select the appropriate integration type. You can also select Lambda proxy integration, thanks to which the appropriate permissions will be automatically added to run the lambda function using Api Gateway. Finally, select the appropriate region and your lambda function. Once done, you can confirm your choice and move on.
Now you can test the connection between Api Gateway and Lambda function. If everything works fine, go to the next step.
Every time you change something in ApiGateway configuration, you have to add these changes to the appropriate stage – you have to execute Deploy API.
Go to Stages and check that the URL is working properly. With this url you should be able to invoke the lambda function and get a response.
You can also use a command on the command line, for example:
curl -X GET https://zwl2owqucc.execute-api.eu-west-2.amazonaws.com/prod
Adding an API key to the API Gateway
Now add security, add API key to ApiGateway. First, change the API key Required setting from false to true. Once you’ve done that, do the Deploy API as before.
Add a new usage plan. Add a name, or you can limit the number of requests to API Gateway like I did, but it’s not necessary.
Now select your API Gateway and the appropriate stage.
After that you can select an existing API key or create a new one. Once you have the key added, you can click Done.
Now in Usage Plans you should have created a new plan, added to it the appropriate stage of your API gateway and API key. You can also find your API key in the Keys tab. You can copy its value and save it somewhere in a notepad, as it will come in handy soon.
Checking if everything works
You can check your API Gateway url again. This time you won’t be able to access it if you don’t provide the correct key. All you have to do is add –header to the command with the appropriate API key value, as in the example below, and you will be able to invoke your lambda function.
curl -X GET --header "x-api-key: ADD_API_KEY_HERE" https://zwl2owqucc.execute-api.eu-west-2.amazonaws.com/prod
I only defined the GET method in this example, so I can only use it. If you did everything correctly, then you should have no problems running the Lambda function using the API Gateway.
2) API Gateway – method 2
Now a faster way to create an API Gateway. Go back to the lambda function you created at the very beginning. Just add a new trigger. Find API Gateway in the list.
Create a new REST API, select API key as security.
Now everything will be created automatically. Without leaving the lambda function, you can read the URL of the new API Gateway and even the value of the API key.
Checking if everything works
You can use the same command as before to validate the new API Gateway. Just remember to use the new URL and new API key.
curl -X GET --header "x-api-key: ADD_API_KEY_HERE" https://zwl2owqucc.execute-api.eu-west-2.amazonaws.com/prod
After you check the correctness of operation, you can go to the API Gateway configuration page and adjust the configuration to your needs.
If you created the gateway in two ways, you can compare their configuration. As you can see, they are a bit different.
Summary
There are more ways to create an API Gateway. I love creating infrastructure as a code using terraform. However, the best way to start learning the cloud is to create resources using the portal. Once you understand how something works, you can go a step further.
You can add more elements to the API Gateway, such as a custom domain. This will allow you to access lambda functions, microservices etc with a personalized URL.
You can also add a WAF in front of the gateway and only allow traffic in specific countries, or limit queries to specific IP addresses.
The possibilities are huge, start with something simple and then expand your project. If you liked my article, check out other articles in the AWS category.