AWS API Gateway and Lambda Integration
In AWS, you can build APIs with Lambda integrations. AWS API Gateway supports proxy and non-proxy ways of integration.
In Lambda proxy integration, the input to the integrated Lambda function can be expressed as any combination of request headers, path variables, query string parameters, and body. Just create a proxy resource with a greedy path variable of {proxy+} and set the ANY method on the proxy resource. With this approach, you can set up an entire endpoint hierarchy of the HTTP backend with a single integration setup.
In Lambda non-proxy integration, which is more customizable, you must ensure that input to the Lambda function is supplied as the integration request payload. This implies that you, as an API developer, must map any input data the client supplied as request parameters into the proper integration request body. You may also need to translate the client-supplied request body into a format recognized by the Lambda function.
In this post, I will cover the non-proxy way of Lambda integration. I have implemented a custom token provider based on client_id and client_secret, and that token can be used to access
- HTTP resources within the API suite.
- Get resource policy out of AWS API Gateway Authorizer.
- Or Any other third-party resources.
Prerequisite
- Install Java 8
- Your favorite IDE. I have used IntelliJ.
- Configure your AWS Credentials and Region.
- Install AWS SAM CLI (and Install Docker Desktop, as I am using Windows)
Setup AWS Toolkit in IDE
Get AWS ToolKit in the IDE. File -> Settings -> Plugins -> Search for AWS Toolkit -> install
Get Started with Implementation
1. Create a new project. AWS -> AWS Serverless Application
2. Create a new SAM project. Provide project details, java runtime, and SAM template. For this demo, I have used AWS SAM Hello World + Maven template.
Make sure you have the following dependencies available in your pom.xml
- aws-lambda-java-core
- aws-lambda-java-events
- aws-java-sdk-api-gateway
3. It will generate a class which implements RequestHandler<<inputType>,<outputType>>.
AWS Lambda java events library provides a wide range of event models that can be used as per use case. Here I have used API Gateway Proxy Request and Response events, which is primarily for Lambda Proxy Integrations.
APIGatewayProxyRequestEventAPIGatewayProxyResponseEvent
You can use a custom event model as per your need.
The method <outputEvent>handleRequest(<inputEvent>, <LambdaContext>) will contain the code which needs to execute upon Lambda Invocation. You have to specify the same in your Lamdba Config as well.
The package structure will like as below.
4. In order to deploy the function on AWS
1. Go to AWS Explorer
2. Provide Function Name and Handler
3. Select Timeout and Memory
4. Select Runtime
5. Select IAM Role
6. Select S3 bucket, where Lambda Execuatbale package will be deployed. Make sure S3 bucket has proper permissions and region.
7. Select Build function inside a container, as it will do mvn packaging inside a docker container. Underneath it is mvn package shade:shade
8. Lambda package deployed and propagated in the specified S3 bucket.
Setup API Gateway
- Create API and give some name and select Endpoint Type as Regional
- Add a resource /api/token with GET method, select integration type as Lambda Function, specify Region, and select the target function.
2. Add mandatory HTTP header in Method Request
- client_id
- client_secret
3. Now add the mapping template. It's the most important part of this implementation.
We used APIGatewayProxyRequestEvent as lambda input which is compatible with {proxy+} integration i.e Lambda Proxy Integrations.
Since we are implementing Lambda Non-Proxy integrations, so we need to transform the inbound API Method request to Lambda Inputs otherwise you will get JSON’s ParsingException or NullPointerException.
For more information on AWS API Gateway mapping templates and transformation click here
If you look closely, APIGatewayProxyRequestEvent has a map of headers along with other attributes. So inbound requests should be similar in terms of the JSON structure.
In our TokenProvider Lambda, I am expecting two HTTP headers client_id and client_secret.
Successful API Invocation
In TokenProvider Lambda code, I combined client_id and client_secret to generate a token. You can implement the logic as per your requirements.
You can check the Cloud Watch logs for the Lambda invocation in your IDE as well.
