このページは、まだ日本語ではご利用いただけません。翻訳中です。
古いプラグインバージョンのドキュメントを閲覧しています。
構成
このプラグインはDBレスモードに対応しています。
互換性のあるプロトコル
AWS Lambdaプラグインは以下のプロトコルに対応しています:
grpc
, grpcs
, http
, https
パラメータ
このプラグインの設定で使用できるすべてのパラメータのリストは次のとおりです。
-
name or plugin
string requiredプラグイン名。この場合は
aws-lambda
。- Kong Admin API、Kong Konnect API、宣言型構成、または decK ファイルを使用する場合、フィールドは
name
です。 - Kubernetes で KongPlugin オブジェクトを使用する場合、フィールドは
plugin
です。
- Kong Admin API、Kong Konnect API、宣言型構成、または decK ファイルを使用する場合、フィールドは
-
instance_name
stringプラグインのインスタンスを識別するための任意のカスタム名 (例:
aws-lambda_my-service
。インスタンス名はKong ManagerとKonnectに表示されるので、 例えば複数のサービスで同じプラグインを複数のコンテキストで実行する場合に便利です。また、Kong Admin API経由で特定のプラグインインスタンスに アクセスするためにも使用できます。
インスタンス名は、次のコンテキスト内で一意である必要があります。
- Kong Gateway Enterpriseのワークスペース内
- Konnectのコントロールプレーン(CP)またはコントロールプレーン(CP)グループ内
- Kong Gateway (OSS)の全世界
-
service.name or service.id
stringプラグインが対象とするサービス名または ID。最上位の
/plugins
エンドポイント. からプラグインをサービスに追加する場合は、これらのパラメータのいずれかを設定してください/services/{serviceName|Id}/plugins
を使用する場合は必要ありません。 -
route.name or route.id
stringプラグインがターゲットとするルート名または ID。最上位の
/plugins
エンドポイント. を通るルートにプラグインを追加する場合は、これらのパラメータのいずれかを設定してください/routes/{routeName|Id}/plugins
を使用する場合は必要ありません。 -
consumer.name or consumer.id
stringプラグインがターゲットとするコンシューマーの名前または ID。 最上位の
/plugins
エンドポイント. からコンシューマーにプラグインを追加する場合は、これらのパラメーターのいずれかを設定してください/consumers/{consumerName|Id}/plugins
を使用する場合は必要ありません。 -
enabled
boolean default:true
このプラグインが適用されるかどうか。
-
config
record required-
timeout
number required default:60000
An optional timeout in milliseconds when invoking the function.
-
keepalive
number required default:60000
An optional value in milliseconds that defines how long an idle connection lives before being closed.
-
aws_key
string referenceable encryptedThe AWS key credential to be used when invoking the function. The
aws_key
value is required ifaws_secret
is defined. Ifaws_key
andaws_secret
are not set, the plugin uses an IAM role inherited from the instance running Kong to authenticate. Can be symmetrically encrypted if using Kong Gateway and data encryption is configured.
-
aws_secret
string referenceable encryptedThe AWS secret credential to be used when invoking the function. The
aws_secret
value is required ifaws_key
is defined. Ifaws_key
andaws_secret
are not set, the plugin uses an IAM role inherited from the instance running Kong to authenticate. Can be symmetrically encrypted if using Kong Gateway and data encryption is configured.
-
aws_assume_role_arn
string referenceable encryptedThe target AWS IAM role ARN used to invoke the Lambda function. Typically this is used for a cross-account Lambda function invocation.
-
aws_role_session_name
string default:kong
The identifier of the assumed role session. It is used for uniquely identifying a session when the same target role is assumed by different principals or for different reasons. The role session name is also used in the ARN of the assumed role principle.
-
aws_region
stringThe AWS region where the Lambda function is located. The plugin does not attempt to validate the supplied region name.
The plugin has two methods of detecting the AWS region: the
aws_region
parameter, or one of theAWS_REGION
orAWS_DEFAULT_REGION
environment variables. One of these must be set.If
region
is not specified in plugin configuration, the plugin automatically detects the AWS region on runtime via one of the environment variables. Using environment variables enables regionally distributed Kong cluster nodes to connect to the closest AWS region.The AWS region is required for AWS SigV4. If
aws_region
or theAWS_REGION
orAWS_DEFAULT_REGION
environment variables have not been specified, or an invalid region name has been provided, the plugin responds with an HTTP500 Internal Server Error
at runtime.
-
function_name
stringThe AWS Lambda function name to invoke. This may contain the function name only (
my-function
), the full ARN (arn:aws:lambda:us-west-2:123456789012:function:my-function) or a partial ARN (123456789012:function:my-function). You can also append a version number or alias to any of the formats.
-
qualifier
stringThe
Qualifier
to use when invoking the function.
-
invocation_type
string required default:RequestResponse
Must be one of:RequestResponse
,Event
,DryRun
The
InvocationType
to use when invoking the function. Available types areRequestResponse
,Event
,DryRun
.
-
log_type
string required default:Tail
Must be one of:Tail
,None
-
host
stringThe host where the Lambda function is located. This value can point to a local Lambda server, allowing for easier debugging.
To set a region, use the
aws_region
parameter.
-
port
integer default:443
between:0
65535
The TCP port that the plugin uses to connect to the server.
-
unhandled_status
integer between:100
999
The response status code to use (instead of the default
200
,202
, or204
) in the case of anUnhandled
Function Error.
-
forward_request_method
boolean default:false
An optional value that defines whether the original HTTP request method verb is sent in the
request_method
field of the JSON-encoded request.
-
forward_request_uri
boolean default:false
An optional value that defines whether the original HTTP request URI is sent in the
request_uri
field of the JSON-encoded request. Request URI arguments (if any) are sent in the separaterequest_uri_args
field of the JSON body.
-
forward_request_headers
boolean default:false
An optional value that defines whether the original HTTP request headers are sent as a map in the
request_headers
field of the JSON-encoded request.
-
forward_request_body
boolean default:false
An optional value that defines whether the request body is sent in the
request_body
field of the JSON-encoded request. If the body arguments can be parsed, they are sent in the separaterequest_body_args
field of the request. The body arguments can be parsed forapplication/json
,application/x-www-form-urlencoded
, andmultipart/form-data
content types.
-
is_proxy_integration
boolean default:false
An optional value that defines whether the response format to receive from the Lambda to this format.
-
awsgateway_compatible
boolean default:false
An optional value that defines whether the plugin should wrap requests into the Amazon API gateway.
-
proxy_url
stringAn optional value that defines whether the plugin should connect through the given proxy server URL. Include the request scheme in the URL, which must be
http
. For example:http://my-proxy-server:3128
.Kong Gateway uses HTTP tunneling via the CONNECT HTTP method so that no details of the AWS Lambda request are leaked to the proxy server.
-
skip_large_bodies
boolean default:true
An optional value that defines whether Kong should send large bodies that are buffered to disk. Note that enabling this option will have an impact on system memory depending on the number of requests simultaneously in flight at any given point in time and on the maximum size of each request. Also this option blocks all requests being handled by the nginx workers. That could be tens of thousands of other transactions that are not being processed. For small I/O operations, such a delay would generally not be problematic. In cases where the body size is in the order of MB, such a delay would cause notable interruptions in request processing. Given all of the potential downsides resulting from enabling this option, consider increasing the client_body_buffer_size value instead.
-
base64_encode_body
boolean default:true
An optional value that Base64-encodes the request body.
-
aws_imds_protocol_version
string required default:v1
Must be one of:v1
,v2
Identifier to select the IMDS protocol version to use, either
v1
orv2
. Ifv2
is selected, an additional session token is requested from the EC2 metadata service by the plugin to secure the retrieval of the EC2 instance role. Note that if {{site.base_gateway}} is running inside a container on an EC2 instance, the EC2 instance metadata must be configured accordingly. Please refer to ‘Considerations’ section in the ‘Retrieve instance metadata’ section of the EC2 manual for details.
-