How to whitelist AWS Lambda function for Google API

Question

I'm building an AWS Lambda function that pulls info from the Google Calendar API using Node.js. The Node application then sends an html response to a third party application. I'm basically following this guide from google, except I'm sending the html somewhere else to be rendered. I keep running into an error where Google tells me I haven't whitelisted the javascript origin coming from Lambda. Here's the error text:

{error: "idpiframe_initialization_failed", details: ""Not a valid origin for the client: https://<Lambda URL>.execute-api.us-west-2.amazonaws.com has not been whitelisted for client ID <My_Google_API_Client_Id>.apps.googleusercontent.com. Please go to https://console.developers.google.com/ and whitelist this origin for your project's client ID."}

I've gone into the Google API developer console and whitelisted that URL, but I'm still getting that error. Here's a screenshot.

I've tried whitelisting "us-west-2.amazonaws.com" as well with no luck. Thanks!!

Answer 1

You'll need to whitelist Lambda's IP addresses, you can't whitelist based on domain name. You can view the current list of IP addresses here: https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html

You note your request is coming from us-west-2 so you could whitelist the IPs from that region only by looking for entries matching that region. 122 by my count so thats a pretty big job!

Otherwise, you could look at setting up a NAT within a VPC and using a IP against that to whitelist that sole IP?