Creating and Integrating a Node Lambda function with API Gateway

Published in

intrinsic

7 min readApr 2, 2018

In this three-part-series we’ll look at getting a Node.js application which performs image resizing running on AWS Lambda. We’ll look at how Node applications generally work, then we’ll configure our AWS account and get the AWS CLI utility working. We’ll Create a Lambda Function within AWS and configure an Application Gateway which is required to route HTTP requests to our Lambda Function. All the while we’ll be looking at features of Lambda, both basic and advanced, while also taking into consideration security implications.

In this first post we’re going to create a Lambda Function, configure the AWS CLI utility, invoke our function via CLI, create an API Gateway, configure the API Gateway to call our Lambda Function, and finally generate an HTTP request to the API Gateway and get the result back from our Lambda Function.

Of course, you’re going to need an AWS account and log in before you can do anything here!

Create a Lambda Function

Once you’re inside of the AWS interface you’ll want to click the “Services” dropdown at the top of the screen.

AWS Services Dropdown

This button allows us to visit the myriad of services offered by AWS. From the menu that appears, type in “Lambda” and then select the option which appears. You are now on the Lambda screen. From here you can see a list of all Lambdas you’ve created. But, if you’re like me, this list is empty. Click the “Create function” button to start creating your first function.

In my case, I chose the option to “Author from scratch” which will give us an empty Function. For the name, I went with Resizer and for the name of the role I chose ResizerRole. All of the other options should be fine in their default state. Of course, you can choose your own names for these fields, but keep track of whatever you choose as a Function name as we'll need to manually enter the name when we configure our API Gateway.

Once we save our Function we’ll then be redirected to the Edit Function screen. On this screen we’re greeted with an embedded code editor. This is convenient for editing small projects with a very few number of files. Anything bigger and you’ll want to instead edit files locally and deploy them to Lambda via command line (more on that later). But for now let’s simply save the default function code.

As you can see, the code is very simple. There’s no need to require a framework such as Express. Instead we export a single function and let Lambda take care of the rest.

exports.handler = (event, context, callback) => {
  // TODO implement
  callback(null, 'Hello from Lambda');
};

Configure CLI, Invoke Function

At this point we’re not quite done, however it does feel nice to know that we’re making progress. So now that we’ve got a Lambda function running somewhere let’s try to invoke it!

The first think we’ll need to do is install the AWS CLI utility. If you’re on macOS or Linux then this command should get you what you need:

$ wget https://bootstrap.pypa.io/get-pip.py
$ python get-pip.py
$ sudo pip install awscli

(Refer to the AWS CLI Installation Guide if you have any troubles getting the program installed.)

Once that’s done you’ll need to log in. Before we can log in we need to get the appropriate credentials. At the top-right of every AWS screen is a dropdown which has your name. Click your name and then select the “My Security Credentials” option.

If you get a prompt on this screen, select the option “Continue to Security Credentials”. On this screen select the option entitled “Access keys”, and then click the “Create New Access Key” button. This will then generate a pair of strings which you can use to authenticate with the AWS CLI. Click the “Show Access Key” link to make your key pair visible.

Now that you have your Access Key ID and Secret Access Key, run the following command:

$ aws configure

It’ll ask you for the two strings we generated, as well as some other basic information, and then you’ll be logged in using the CLI. Now that we’re authorized you can then attempt to invoke your function by running the command below:

$ aws lambda invoke \
  --invocation-type RequestResponse \
  --function-name Resizer \
  --region us-west-1 \
  output.txt ; cat output.txt ; rm output.txt

You should be greeted with the following output:

{
  "ExecutedVersion": "$LATEST",
  "StatusCode": 200
}
Hello from Lambda

Create an API Gateway

Now that we have our Lambda Function created and we’ve verified it works, let’s go ahead and create our API Gateway so that we can send “real” requests to it.

At the top of the AWS screen click on the “Services” dropdown. Inside of this interface search for “API Gateway”. Once you’re on the API Gateway screen, click “Create API”. On this screen you can enter a name for your gateway. In my case I chose “Intrinsic Resizer API”.

Finally click “Create API” and our gateway will be ready for us to configure.

Link API Gateway to Lambda

Once we’ve created the API Gateway we’ll be taken to a screen for configuring the gateway. Select “Actions” from the menu and then select “Create Method”. By default we’ll be creating an action for the default “/” endpoint, which is fine for our experiment. Of course, you can choose to have more specific endpoints to properly describe your resources within a real application.

Set the method to “POST” and then you should be taken to the screen to edit the method.

On this screen we can set the gritty details of our method. Make sure the Integration types is set to Lambda Function. In the field below title Lambda Function, you’ll need to manually type in the name of the function you created earlier (such as “Resizer”). Then click Save once you’re done. (Note that if you can’t find your function, make sure you’ve selected the correct region).

We now need to deploy the changes we’ve made to our API Gateway for them to go live. Back on the API Gateway screen, choose the “Actions” dropdown again and then select “Deploy API” from the menu.

This will display a prompt where you can then pick an environment. Since we’re just experimenting we don’t need to worry about creating multiple deployment environments. What I chose to do is simply input “Production” and then click the “Deploy” button.

Generate Sample Request

Now we’re ready to generate an HTTP request to invoke our Function. From the screen with our API Gateway, click the “Stages” option on the left and then click the environment you made, such as “Production” on this screen we can see the complete URL to access our API Gateway. Copy this URL and then we’ll make a POST request to it.

Once you’ve copied the URL, go ahead and plug it into your favorite request generator, such as Postman. Since we created an endpoint for POST requests, we can’t simply paste the URL into our browser as that would generate a GET request. In this example I’m generating a request using HTTPie:

$ http POST https://d34db33f99.execute-api.us-west-1.amazonaws.com/Production
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 19
Content-Type: application/json
Date: Wed, 21 Mar 2018 23:30:02 GMT
X-Amzn-Trace-Id: sampled=0;root=1-5abeeafa-e3d6cdabb4f9fca10af8b70c
x-amzn-RequestId: ce38de74-2daf-11d8-bbf1-11fc5cb55784"Hello from Lambda"

Of course, we made an endpoint using the default “/” resource (there’s an implied trailing slash on the URL we requested). If we had made endpoints with specific names, such as “/resize”, then we could append those to the URL we copied from the API Gateway stage screen.

In the next post in this series, Basic Node.js Lambda Function Concepts, we’re going to look into some basic concepts about Node.js in general, and then compare them to how things work in the world of Lambda. We’ll also look into the different methods for invoking Lambda Functions.

This article was written by me, Thomas Hunter II. I work at a company called Intrinsic where we specialize in writing software for securing Node applications. We currently have a product called Intrinsic for Lambda which follows the Least Privilege model for securing applications. Our product is very powerful and is easy to implement. If you are looking for a way to secure your Node applications, give me a shout at tom@intrinsic.com.