This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Apigee to AWS Lambda functions without using AWS access keys (access key Id and secret access key)

Posted on 08-09-2022 02:37 AM
Prashanth4576
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi All,

We're trying to connect directly from Apigee to Lambda functions. But we don't want to use AWS access keys (access key Id and secret access key).

Now i wanted to know is there any solution which will suit rather than this.

 

Apricate for the responses.  

0 7 966
0 Likes
7 REPLIES 7

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

There's nothing special about connecting into AWS Lambda when you do it from Apigee. The same possibilities apply, as if you were connecting into AWS Lambda from anything external to AWS.  I am not an expert in AWS Lambda, but I think one way you can invoke Lambda from the internet is via function URLs.

As I understand it, you should use AWS_IAM as the auth type, then Apigee needs to sign each outbound request to lambda using the AWS v4 signature approach. There's a nice Java callout for use within Apigee that can produce those signatures. BUT YOU DO NEED the access key ID and secret key. 

If you don't want to use the access key ID and secret key, in other words if you don't want to sign requests, then basically, as I understand it, you will be allowing unauthenticated access into your AWS Lambda function. Anyone will be able to call it.  In that case you may wish to implement some sort of custom authorization inside the Lambda function.  For that you are on your own. 

Good luck!

0 Likes

Posted on --/--/---- --:-- AM
Prashanth4576
Bronze 1
Bronze 1
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Thanks for the detailed explanation. 

will that possible to sign the request by using short term/temporary access key ID and secret key. Expiry time: 30 mins/1hr

0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to Prashanth4576
Reply posted on --/--/---- --:-- AM

I am not aware of "temporary" access key IDs and secret keys, in AWS. (I'm not an AWS expert. I work for Google)   If these temporary credentials work just like the permanent credentials, then I guess it would work the same. 

0 Likes

Posted on --/--/---- --:-- AM
Prashanth4576
Bronze 1
Bronze 1
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Thanks for the response. 

Posted on --/--/---- --:-- AM
atri
Bronze 1
Bronze 1
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Hi @dchiesa1. for the java callout as I see below we need to pass the aws-key & aws-secret-key.

Is there any other way to call if I don't have the provision to get these values?

I am trying to call from apigee hybrid deployed in aws & connect to a cross account aws lambda function.

We don't have any specific aws user for which we can get the access key, secret or session value. 

 

<Property name="key">{private.aws-key}</Property>
    <Property name="secret">{private.aws-secret-key}</Property>
    <Property name="sign-content-sha256">true</Property>
  </Properties>
  <ClassName>com.google.apigee.callouts.AWSV4Signature</ClassName>
  <ResourceURL>java://apigee-callout-awsv4sig

 

0 Likes

Posted on --/--/---- --:-- AM
AlexET
Staff
In response to atri
Reply posted on --/--/---- --:-- AM

Hello @atri,

Thank you for your follow-up question! To ensure your inquiry receives the attention it deserves, I recommend posting it as a new question with as much detail as possible. This will help our community members better understand your situation and provide you with more specific guidance.

0 Likes

Posted on --/--/---- --:-- AM
atri
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

@Prashanth4576. can you share how you achieved this scenario? 

0 Likes
Top Solution Authors
View all