Aws-cli: lambda invoke: Allow specifying a payload from a file
The lambda invoke command currently has the --payload CLI arg. The docs state that this must be a JSON "blob". If one wishes to pass secrets to a Lambda function this forces the user to pass the secrets on the command line. In Linux, it is generally considered bad practices and a security risk to pass secrets on the command line. Tools such as top and ps might be able to see these secrets.
Suggested solution: Add a new command line argument to read the payload from a file. For example --payload-from /path/to/payload.json.
Alternatively, could use cURL's approach where if the first character is @, interpret it as a path: --payload @/path/to/payload.json.
jdufresne
All 10 comments
@jdufresne - Thank you for your post. You can pass a file with payload the way you want. Here is the command i tried:
aws lambda invoke --function-name myfun --payload file://payload.json out.txt
Hope it helps and please let me know if you have any questions.
swetashre
on 13 Aug 2019
Excellent! Thanks for the response and the help.
I think the help could be improved to make this easier to discover. I read through aws lambda invoke help, and this is not listed as an example nor is it discussed that the file:// protocol works. Thanks.
jdufresne
on 13 Aug 2019
out.txt is a MUST; otherwise you get "too few arguments" error
cmrzlg
on 24 Sep 2019
has this syntax changed in version 2? I'm now getting the following error:
Invalid base64: <content>
gitnik
on 25 Feb 2020
@gitnik I'm using this version:
aws-cli/2.0.0 Python/3.7.3 Linux/5.3.0-40-generic botocore/2.0.0dev4
This worked for me:
aws lambda invoke \
--function-name ${FUNCTION_NAME} \
--payload $(echo '{ "foo": "bar" }' | base64 -w 0 ) \
response.json
orenfromberg
on 25 Feb 2020
Just ran into this too, you can use the fileb:// ("file binary") syntax for the payload parameter so you don't have to run it through base64
phealy3330
on 2 Apr 2020
@phealy3330 thanks, that's even better since base64 varies between GNU and BSD versions.
orenfromberg
on 2 Apr 2020
@jdufresne - Thank you for your post. You can pass a file with payload the way you want. Here is the command i tried:
aws lambda invoke --function-name myfun --payload file://payload.json out.txtHope it helps and please let me know if you have any questions.
for googlers coming here, if you use aws cli 2.0, and your payload is long enough, please use this,
AWS_REGION=us-east-1 aws lambda invoke \
--function-name goad \
--invocation-type Event \
--payload file://payload.json \
--cli-binary-format raw-in-base64-out \
out.txt
AWS V2 defaults to base 64 input. For your case to work, simply add a --cli-binary-format raw-in-base64-out parameter to your command.
dfang
on 8 Aug 2020
How do you specify that the payload is in a different directory? For example in a 'datafiles' sub directory of the parent directory where the CLI invoke is being executed. I have tried various combinations and, unless the json payload file is in the same directory, I get the following error: "An error occurred (InvalidRequestContentException) when calling the Invoke operation: Could not parse request body into json: Unrecognized token 'file': was expecting 'null', 'true', 'false' or NaN"
stockyard1
on 10 Aug 2020
@stockyard1
aws lambda invoke \
--function-name <FUNCTION> \
--payload file://./datafiles/payload.json \
--cli-binary-format raw-in-base64-out \
out.txt
Related issues
maanbsat
路
3Comments
ehammond
路
3Comments
DrStrangepork
路
3Comments
vadimkim
路
3Comments
alexejk
路
3Comments
Most helpful comment
@gitnik I'm using this version:
This worked for me: