You are browsing documentation for an outdated plugin version.
Configuration
This plugin is compatible with DB-less mode.
Compatible protocols
The AWS Lambda plugin is compatible with the following protocols:
grpc
, grpcs
, http
, https
Parameters
Here's a list of all the parameters which can be used in this plugin's configuration:
-
name or plugin
string requiredThe name of the plugin, in this case
aws-lambda
.- If using the Kong Admin API, Konnect API, declarative configuration, or decK files, the field is
name
. - If using the KongPlugin object in Kubernetes, the field is
plugin
.
- If using the Kong Admin API, Konnect API, declarative configuration, or decK files, the field is
-
service.name or service.id
stringThe name or ID of the service the plugin targets. Set one of these parameters if adding the plugin to a service through the top-level
/plugins
endpoint. Not required if using/services/{serviceName|Id}/plugins
. -
route.name or route.id
stringThe name or ID of the route the plugin targets. Set one of these parameters if adding the plugin to a route through the top-level
/plugins
endpoint. Not required if using/routes/{routeName|Id}/plugins
. -
consumer.name or consumer.id
stringThe name or ID of the consumer the plugin targets. Set one of these parameters if adding the plugin to a consumer through the top-level
/plugins
endpoint. Not required if using/consumers/{consumerName|Id}/plugins
. -
enabled
boolean default:true
Whether this plugin will be applied.
-
config
record required-
timeout
number required default:60000
An optional timeout in milliseconds when invoking the function.
-
keepalive
number required default:60000
An optional value in milliseconds that defines how long an idle connection lives before being closed.
-
aws_key
string encryptedThe AWS key credential to be used when invoking the function. The
aws_key
value is required ifaws_secret
is defined. Ifaws_key
andaws_secret
are not set, the plugin uses an IAM role inherited from the instance running Kong to authenticate. Can be symmetrically encrypted if using Kong Gateway and data encryption is configured.
-
aws_secret
string encryptedThe AWS secret credential to be used when invoking the function. The
aws_secret
value is required ifaws_key
is defined. Ifaws_key
andaws_secret
are not set, the plugin uses an IAM role inherited from the instance running Kong to authenticate. Can be symmetrically encrypted if using Kong Gateway and data encryption is configured.
-
aws_region
stringThe AWS region where the Lambda function is located. The plugin does not attempt to validate the supplied region name. If an invalid region name is provided, the plugin responds with an HTTP
500 Internal Server Error
at runtime and logs a DNS resolution failure.The plugin will automatically detect the AWS region on runtime via
AWS_REGION
orAWS_DEFAULT_REGION
environment variables when neitheraws_region
norhost
is specified in plugin configuration. Using environment variables enables regionally distributed Kong cluster nodes to connect to the closest AWS region. Ifaws_region
,host
and environment variables have not been specified, the plugin responds with an HTTP500 Internal Server Error
at run-time.
-
function_name
stringThe AWS Lambda function name to invoke. This may contain the function name only (
my-function
), the full ARN (arn:aws:lambda:us-west-2:123456789012:function:my-function) or a partial ARN (123456789012:function:my-function). You can also append a version number or alias to any of the formats.
-
qualifier
stringThe
Qualifier
to use when invoking the function.
-
invocation_type
string required default:RequestResponse
Must be one of:RequestResponse
,Event
,DryRun
The
InvocationType
to use when invoking the function. Available types areRequestResponse
,Event
,DryRun
.
-
log_type
string required default:Tail
Must be one of:Tail
,None
-
host
stringThe host where the Lambda function is located. This value can point to a local Lambda server, allowing for easier debugging.
Either
aws_region
orhost
must be provided.
-
port
integer default:443
between:0
65535
The TCP port that the plugin uses to connect to the server.
-
unhandled_status
integer between:100
999
The response status code to use (instead of the default
200
,202
, or204
) in the case of anUnhandled
Function Error.
-
forward_request_method
boolean default:false
An optional value that defines whether the original HTTP request method verb is sent in the
request_method
field of the JSON-encoded request.
-
forward_request_uri
boolean default:false
An optional value that defines whether the original HTTP request URI is sent in the
request_uri
field of the JSON-encoded request. Request URI arguments (if any) are sent in the separaterequest_uri_args
field of the JSON body.
-
forward_request_headers
boolean default:false
An optional value that defines whether the original HTTP request headers are sent as a map in the
request_headers
field of the JSON-encoded request.
-
forward_request_body
boolean default:false
An optional value that defines whether the request body is sent in the
request_body
field of the JSON-encoded request. If the body arguments can be parsed, they are sent in the separaterequest_body_args
field of the request. The body arguments can be parsed forapplication/json
,application/x-www-form-urlencoded
, andmultipart/form-data
content types.
-
is_proxy_integration
boolean default:false
An optional value that defines whether the response format to receive from the Lambda to this format.
-
awsgateway_compatible
boolean default:false
An optional value that defines whether the plugin should wrap requests into the Amazon API gateway.
-
proxy_scheme
string Must be one of:http
,https
As of Kong Gateway 2.8.0.0, this parameter is deprecated.
If running Kong Gateway 2.7.x or earlier, theproxy_scheme
value is required ifproxy_url
is defined. In 2.8.x or later versions,proxy_scheme
is not required.An optional value that defines which HTTP scheme to use for connecting through the proxy server. The supported schemes are
http
andhttps
.
-
proxy_url
stringAn optional value that defines whether the plugin should connect through the given proxy server URL. Include the request scheme in the URL, which must be
http
. For example:http://my-proxy-server:3128
.Kong Gateway uses HTTP tunneling via the CONNECT HTTP method so that no details of the AWS Lambda request are leaked to the proxy server.
-
skip_large_bodies
boolean default:true
An optional value that defines whether Kong should send large bodies that are buffered to disk. Note that enabling this option will have an impact on system memory depending on the number of requests simultaneously in flight at any given point in time and on the maximum size of each request. Also this option blocks all requests being handled by the nginx workers. That could be tens of thousands of other transactions that are not being processed. For small I/O operations, such a delay would generally not be problematic. In cases where the body size is in the order of MB, such a delay would cause notable interruptions in request processing. Given all of the potential downsides resulting from enabling this option, consider increasing the client_body_buffer_size value instead.
-
base64_encode_body
boolean default:true
-