Menu
I have a lambda function that I've been working on and testing with Postman using an HTTP function URL. Now I have applied the Function URL Auth Type "AWS_IAM".
I've created a user with "Access key - Programmatic access" and the AWSLambdaRole which in the permissions json, applies Action: "lambda:InvokeFunction". I have the access key and secret key for this user.
In postman I have selected "AWS Signature" for auth type, and I have entered the access key and secret key. I've also entered my AWS Region. However, I don't know what to enter for "Service Name". The only examples I can find are for accessing APIs created with API Gateway, so the service name indicated is "execute-api". I'm guessing that is not correct for hitting a lambda Function URL. Either that, or I'm doing something else wrong.
the response is always: {"Message":"Forbidden"}
What should the service name be for accessing a Lambda Function URl with AWS_IAM Auth Type?
I've spent a lot of time searching and can't find an example demonstrating this.
987
The IAM permission required to invoke a Lambda function in AWS is:
Action: "lambda:InvokeFunction"
Resource: <ARN of Lambda function>
But IAM permission to invoke a Lambda function URL is different. It's:
Action: "lambda:InvokeFunctionUrl"
Resource: <ARN of Lambda function>
You would give these permissions to an IAM principal when using the AWS_IAM auth type for function URLs. See Security and auth model for Lambda function URLs for more.
108
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
