Exposing AWS Lambda Functions to Internet? Here’s your options
AWS Lambda is an excellent solution for handling cloud workloads without the need of managing complex infrastructure. There will be times you may need to make your Lambda function accessible to external users or services. In this blog post, I’ll explain three distinct approaches to expose Lambda Functions to the internet: API Gateway, Application Load Balancer, and Function URLs.
I always like to follow the “right tool for the right job” approach, which has served me well throughout my career.
API Gateway
Amazon API Gateway is a fully managed service for creating, publishing, maintaining, monitoring, and securing REST, HTTP, and WebSocket APIs at any scale. It acts as a “front door” for applications to access data, business logic, or functionality from your backend services, such as workloads running on EC2, and Lambda.
Features
- API Mangement
- WebSocket Support
- Access Control via IAM, Cognito, OAuth2, Lambda Authorizer
- Deployment Strategies, including Canary releases
- Version Management
- OpenAPI Integration
- Web Application Framework(WAF) Integration
- Rate Limiting
In short, you would want to use API Gateway if you are looking for full-blown API framework where you will need rich features. Keep in mind, though, that the costs associated with API Gateway are higher compared to other options, but totally worth it in my opinion.
Application Load Balancer
AWS Application Load Balancer (ALB) is a fully managed service that provides Layer-7 load balancing for HTTP/HTTPS traffic to targets such as EC2 instances, Lambda Functions, ECS, and EKS based on request attributes like headers, HTTP methods, query string parameters, and source IP address CIDR.
Feaetures
- Advanced Routing Capabilities
- TLS Offloading
- Web Application Firewall (WAF) Integration
- Sticky Sessions
- HTTP/2 and gRPC support
- Access Control via Cognito and IAM
Consider using ALB if you want to use a Load Balancer to manage requests for your Lambda Functions without the need for a comprehensive API framework like API Gateway. ALB is also a suitable choice when performance is a factor if you have a high traffic workload.
Functions URLs
AWS Lambda Function URLs are built-in HTTPS endpoints that can be associated with a single Lambda function or function alias. They provide a simplified way to configure an HTTPS endpoint in front of your function without needing to learn, configure, and operate additional services like API Gateway or ALB.
Features
- Simple setup process
- Version support via mapping to function alias
- Authentication via IAM
- CORS Support
Function URLs are ideal for scenarios in which you need to deploy a single-function microservice with a public endpoint that doesn’t need features offered by API Gateway or ALB. Lambda Function URLs enable you to attach HTTPS endpoints to any Lambda function. Functions URLs are easy to set up, have no dependency on other cloud resources.
Now that we’ve explored each option, let’s discuss potential use cases for each one.
Backend for a SaaS business:
API Gateway: Ideal for situations where support for multiple versions of APIs, user authentication, rate limiting for bad actors, OpenAPI compatibility, and Canary deployments for gradual rollout of changes are necessary.
Microservices
Application Load Balancer: Best suited for a Microservice responsible for sending notifications to recipients. This microservice may be called by other applications, leading to high load. In such a scenario, it is essential to manage the load effectively, ensure performance, handle authentication, and have the ability for advanced routing and support for multiple targets.
Webhooks
Function URLs: The perfect choice for a webhook for external services when the goal is to minimize resource usage and overhead, or for form handlers that forward user-submitted form data. In both cases, Function URLs offer a simplified solution with reduced overhead.
In this short article I’ve discussed the options for exposing your Lambda functions to internet. Hopefully this can guide you choosing the right option for your use case.
