What are Lambda Function URLs?
In the past, calling a Lambda function over HTTP required a lot of setup and configuration with API Gateway. The process of setting up API resources and methods, and linking them to the appropriate Lambda function, can be overwhelming, especially for developers who are new to it.
With the function URL feature of the AWS Lambda service, you can create a secure HTTPS endpoint dedicated to a Lambda function. This means that instead of using an intermediary service (like Amazon API Gateway), you can directly invoke your function by simply sending an HTTP request to its unique URL. It’s an easy and convenient way to run a Lambda function, especially if it’s only meant to be used by a specific service or client.
Function URL endpoints have the following format:
A Lambda Function URL can be created and configured via the AWS Lambda console or through the Lambda API. Upon creating a function URL, AWS Lambda automatically generates a unique URL endpoint for you that you can immediately use. Take note that this URL endpoint is static and doesn’t change once created. Lambda URLs are dual stack-enabled which support both IPv4 and IPv6 protocols, and can be invoked via a web browser, CURL, Postman, or any HTTP client.
Two authentication types for controlling access to a Lambda function URL:
AWS_IAM – uses IAM to authenticate and authorize users. Only IAM users or roles that have been granted permission to invoke the function through IAM policies will be able to do so.
NONE – allows anyone who has the function URL to execute the Lambda function, regardless of whether they have an AWS account or not.
Remember that you can access your function URL through the public Internet only. It’s not accessible via AWS PrivateLink. In addition, this feature uses resource-based policies for security and access control. You can further secure your function URL by enabling cross-origin resource sharing (CORS) to whitelist origins permitted to invoke it. A function URL can be applied to any Lambda function alias or to the $LATEST unpublished function version but not to any other function version.
In this demo, let’s assume a scenario where you act as an administrator. Imagine you want to find information on EC2 instances with a specific tag directly from your team’s Slack channel. This way, you can seamlessly manage your AWS resources from any location (as long as you have access to Slack) without the need to navigate the AWS console or type CLI commands in the terminal. For the purposes of this demo, we’ll just retrieve the ID of instances and their current state.
I’ll take you through the steps of creating a custom command, setting up a Lambda function URL, and connecting the two to trigger the function when the command is submitted.
A user enters a slash command (/list-instances <TAG_NAME>) in the Slack chat box. For example, the /list-instances DEV command would retrieve details on instances that were tagged as DEV.
Slack sends the command to the Lambda function URL via an HTTP POST request.
The Lambda function receives the request, processes it, and generates a response.
The response is sent back to Slack.
Before creating a Lambda Function URL, make sure you have the following already prepared:
A Slack workspace. You can create one here.
A Lambda function configured with Python as the runtime.
Ensure the following permission is attached to your Lambda function’s execution role. This is required so that Lambda can call the DescribeInstances API:
We’ll divide the steps into three main parts:
Creating a Lambda Function URL
Open the console page of your Lambda function
Under the Configuration tab, select Function URL, then click Create function URL
3. We’re using the NONE auth type for demo purposes. Choose NONE. Hit Save.
When you create a function URL and choose the “NONE” auth type via the Console or AWS SAM, AWS automatically generates a resource-based policy for you and attaches it to your function. Take note that this is not the case when you’re creating function URLs through AWS CLI, CloudFormation, or the Lambda API.
4. Copy the code here and paste it into your Lambda code editor. Click Deploy.
Here’s a summary of what the code does when invoked:
Extracts payload from the event object.
The command issued from the Slack chat, along with details such as the Slack app ID, the requesting user, channel ID, and other things, is wrapped in a base64-encoded message in the body.
The parse_slack_payload() function decodes the body and converts the output (a list) into a dictionary so that we can retrieve data by key names.
Retrieves the tag value from the text key
The Lambda function then calls the DescribeInstances API using the tag value as a filter.
Formats the response and sends it back to Slack.
Copy the URL of your Lambda function and paste it into a text editor. We’ll need this later.
Creating a Slack application
First, sign in to your Slack workspace and create a new Slack application.
Click Create New App
3. Select From scratch
4. Give your app a name and select a workspace. Click Create App.
5. Under Add features and functionality, click Slash commands.
6. Click Create New Command and enter the following details:
7. Hit Save
Installing the Slack application
Under Settings, select Install App, then click Install to WorkSpace.
2. Click Allow.
Testing Your Lambda Function URL
That’s pretty much it! To test whether the application works, you must tag at least one EC2 instance in your account. Give it a tag name of Env and a value of DEV. Feel free to use any name/value pair you want but make sure you change the code as well. If you don’t have an existing instance, you may create a t2.micro to stay under the free tier.
Open up your Slack workspace and pick a channel where you’d run the command in. Type /list-instance DEV and press enter.
You should see a similar response to the GIF below:
Once you’re finished, don’t forget to delete your Lambda function. You might accidentally post its URL somewhere on the internet. And since it’s publicly accessible, anyone invoking it can do so at unlimited times, which could lead to unexpected costs on your AWS Bill.
I hope you enjoyed walking through the process of building a custom Slack command using AWS Lambda as the backend. The possibilities are endless with Lambda function URL, and this is just one example of its practical applications. You can use this same concept to create even more useful tools to help streamline your work and make your life easier. If you’re planning to implement this solution in production, it’s important to take a few extra steps to ensure the security of your function. One thing to consider is setting a reserved concurrency to protect against abuse. Additionally, adding some form of authentication in the code, such as verifying the requester’s identity by comparing your Slack app ID to the one received by the function, is a good start. Overall, the Lambda function URL is a powerful tool that can be used to create a variety of useful solutions. I hope you have fun exploring the possibilities and building your own custom Slack commands.
Learn Serverless and Get #AWSCertified
AWS Lambda is the primary Function-as-a-Service(FaaS) of AWS. This is part of the serverless computing revolution that provides a highly scalable computing capacity with an extremely low cost.
As more and more companies move their on-premises workloads to the cloud, the demand for AWS Certified professionals will continue to rise to fill the never-ending need for knowledgeable individuals. If you are a developer, you may want to consider taking the AWS Certified Developer Associate exam DVA-C02 to help your profile get noticed easily by headhunters and hiring managers. An AWS Certification can be your competitive edge against other well-capable professionals who are also vying for the same lucrative position you’re applying for.
You can check out these FREE AWS Lambda Foundations digital course to get started: