AWS Amplify: Lambda Url

README.md

Amplify Lambda URLs

TL;DR

With AWS Amplify, you can use amplify add api to create REST APIs using API Gatway and Lambdas. However, I wanted to try out the new Lambda Url feature for a simple public webhook.

Steps involved

1. Make your "Webhook" Lambda
2. Create a custom reasource "Webhooks".
   1. Give it access to the "Webhook" lambda
3. Create 3 resources in your custom resource (File: Webhooks-cloudformation.json below)
   1. AWS::Lambda::Url
   2. AWS::IAM::Policy to ALLOW lambda:InvokeFunctionUrl
   3. AWS::Lambda::Permission
   4. And if you want to access the URL elsewhere in Amplify, add an output
4. Give your amplify cli user/profile permissions (cli-inline-policy.json below)

Log into the console, find your lambda and you'll see the Function Url. Click it, profit.

Detailed steps

amplify add function amplify add custom

cli-inline-policy.json

GO TO IAM -> USERS -> your amplify cli user -> Permissions tab -> add inline policy:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AmplifyCLICanManageLambdaUrls",
            "Effect": "Allow",
            "Action": [
                "lambda:CreateFunctionUrlConfig",
                "lambda:UpdateFunctionUrlConfig",
                "lambda:DeleteFunctionUrlConfig",
                "lambda:GetFunctionUrlConfig"
            ],
            "Resource": "arn:aws:lambda:YOURREGION:YOURACCOUNTNUMBER:function:*"
        }
    ]
}

Webhooks-cloudformation-template.json

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Parameters": {
    "env": {
      "Type": "String"
    },
    "functionmyServiceWebhookName": {
      "Type": "String",
      "Description": "Input parameter describing Name attribute for function/myServiceWebhook resource"
    },
    "functionmyServiceWebhookArn": {
      "Type": "String",
      "Description": "Input parameter describing Arn attribute for function/myServiceWebhook resource"
    },
    "functionmyServiceWebhookRegion": {
      "Type": "String",
      "Description": "Input parameter describing Region attribute for function/myServiceWebhook resource"
    },
    "functionmyServiceWebhookLambdaExecutionRole": {
      "Type": "String",
      "Description": "Input parameter describing LambdaExecutionRole attribute for function/myServiceWebhook resource"
    }
  },
  "Resources": {
    "LambdaPermission": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunctionUrl",
        "FunctionUrlAuthType": "NONE",
        "FunctionName": {
          "Ref": "functionmyServiceWebhookArn",
        },
        "Principal": "*"
      }
    },
    "LambdaExecutionPolicy": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyName": "lambda-url-execution-policy",
        "Roles": [
          {
            "Ref": "functionmyServiceWebhookLambdaExecutionRole"
          }
        ],
        "PolicyDocument": {
          "Version": "2012-10-17",
          "Id": "default",
          "Statement": [
            {
              "Sid": "FunctionURLAllowPublicAccess",
              "Effect": "Allow",
              "Action": "lambda:InvokeFunctionUrl",
              "Resource": {
                "Ref": "functionmyServiceWebhookArn"
              },
              "Condition": {
                "StringEquals": {
                  "lambda:FunctionUrlAuthType": "NONE"
                }
              }
            }
          ]
        }
      }
    },
    "LambdaUrl": {
      "Type": "AWS::Lambda::Url",
      "DependsOn": [
        "LambdaExecutionPolicy"
      ],
      "Properties": {
        "AuthType": "NONE",
        "TargetFunctionArn": {
          "Ref": "functionmyServiceWebhookArn"
        }
      }
    }
  },
  "Outputs": {
    "LambdaUrl": {
      "Value": {
        "Fn::GetAtt": [
          "LambdaUrl",
          "FunctionUrl"
        ]
      }
    }
  },
  "Description": "{\"createdOn\":\"Mac\",\"createdBy\":\"Amplify\",\"createdWith\":\"9.2.0\",\"stackType\":\"custom-customCloudformation\",\"metadata\":{}}"
}