Amplify-js: Call Lambda function directly?

Created on 18 Mar 2019 · 3Comments · Source: aws-amplify/amplify-js

* Which Category is your question related to? *

Auth, API

* What AWS Services are you utilizing? *

Lambda

* Provide additional details e.g. code snippets *

I would like to invoke a Lambda directly (not using API gateway). Further, I don't want to pull in the entire Amplify API code as that adds 200kb to the bundle which is dedicated mostly to GraphQL. Is there a way to invoke a Lambda directly using unauthenticated credentials from Amplify Auth (I can already get those credentials after having properly configured those roles in Cognito) all without pulling in the entire API subsystem?

API Auth question

Source

cliffordh

Most helpful comment

Hi @cliffordh

Is there a way to invoke a Lambda directly using unauthenticated credentials from Amplify Auth

Yes, it is possible. It might not be straight-forward, but definitely possible. Our recommendation would be to use the API category, but I understand your concerns about bundle size.

You might be able to use Lambda's Invoke endpoint directly. Please note that this would require that you sign the request using the guest credentials.

If you use axios, it might be feasible to import the Amplify signer to help you with this. This is just a sample that might get you on the right track if you want to pursue it

import { Signer } from '@aws-amplify/core';

// ...

const access_info = {
    secret_key: guestCredentials.secretAccessKey,
    access_key: guestCredentials.accessKeyId,
    session_token: guestCredentials.sessionToken,
};

const service_info = {
    region: 'your-region',
    service: 'lambda',
};

const request = {
    url: `https://lambda.${region}.amazonaws.com/2015-03-31/functions/${functionName}/invocations`
};

const signedRequest = Signer.sign(request, access_info, service_info);

const result = await axios({
    method: 'post',
    ...signedRequest
});

manueliglesias on 18 Mar 2019

❤5 👍1

All 3 comments

Hi @cliffordh

Is there a way to invoke a Lambda directly using unauthenticated credentials from Amplify Auth

Yes, it is possible. It might not be straight-forward, but definitely possible. Our recommendation would be to use the API category, but I understand your concerns about bundle size.

You might be able to use Lambda's Invoke endpoint directly. Please note that this would require that you sign the request using the guest credentials.

If you use axios, it might be feasible to import the Amplify signer to help you with this. This is just a sample that might get you on the right track if you want to pursue it

import { Signer } from '@aws-amplify/core';

// ...

const access_info = {
    secret_key: guestCredentials.secretAccessKey,
    access_key: guestCredentials.accessKeyId,
    session_token: guestCredentials.sessionToken,
};

const service_info = {
    region: 'your-region',
    service: 'lambda',
};

const request = {
    url: `https://lambda.${region}.amazonaws.com/2015-03-31/functions/${functionName}/invocations`
};

const signedRequest = Signer.sign(request, access_info, service_info);

const result = await axios({
    method: 'post',
    ...signedRequest
});

manueliglesias on 18 Mar 2019

❤5 👍1

Just for reference, the request requires a method.

const request = {
    method: "POST",
    url: `https://lambda.${region}.amazonaws.com/2015-03-31/functions/${functionName}/invocations`
};

AbeEstrada on 25 May 2019

Also, just to add - In order to grab the access_info from the Amplify Auth

const cred = await Auth.currentCredentials();
const essentialCred = Auth.essentialCredentials(cred);

essentialCred will contain the guest credentials like below -

{
  "accessKeyId": "XXXXXXXXXXXXXXXXXXXXXXXXX",
  "authenticated": true,
  "identityId": "ap-south-1:XXXXXXXXXXXXXXXXXXXXXXXXX",
  "secretAccessKey": "XXXXXXXXXXXXXXXXXXXXXXXXX",
  "sessionToken": "IQoJb3JpZ2luX2VjEHoaCmFwLXNvd...........",
}