コンテンツにスキップ
|
Plugin Hub
report-issue問題を報告する
header icon

AWS Lambda Configuration

By Kong Inc.

このページは、まだ日本語ではご利用いただけません。翻訳中です。

古いプラグインバージョンのドキュメントを閲覧しています。

構成

このプラグインはDBレスモードに対応しています。

互換性のあるプロトコル

AWS Lambdaプラグインは以下のプロトコルに対応しています:

grpc, grpcs, http, https

パラメータ

このプラグインの設定で使用できるすべてのパラメータのリストは次のとおりです。

  • name or plugin

    string required

    プラグイン名。この場合は aws-lambda

    • Kong Admin API、Kong Konnect API、宣言型構成、または decK ファイルを使用する場合、フィールドはnameです。
    • Kubernetes で KongPlugin オブジェクトを使用する場合、フィールドはpluginです。

  • instance_name

    string

    プラグインのインスタンスを識別するための任意のカスタム名 (例: aws-lambda_my-service

    インスタンス名はKong ManagerとKonnectに表示されるので、 例えば複数のサービスで同じプラグインを複数のコンテキストで実行する場合に便利です。また、Kong Admin API経由で特定のプラグインインスタンスに アクセスするためにも使用できます。

    インスタンス名は、次のコンテキスト内で一意である必要があります。

    • Kong Gateway Enterpriseのワークスペース内
    • Konnectのコントロールプレーン(CP)またはコントロールプレーン(CP)グループ内
    • Kong Gateway (OSS)の全世界

  • service.name or service.id

    string

    プラグインが対象とするサービス名または ID。最上位の /plugins エンドポイント. からプラグインをサービスに追加する場合は、これらのパラメータのいずれかを設定してください /services/{serviceName|Id}/plugins を使用する場合は必要ありません。

  • route.name or route.id

    string

    プラグインがターゲットとするルート名または ID。最上位の /plugins エンドポイント. を通るルートにプラグインを追加する場合は、これらのパラメータのいずれかを設定してください /routes/{routeName|Id}/plugins を使用する場合は必要ありません。

  • consumer.name or consumer.id

    string

    プラグインがターゲットとするコンシューマーの名前または ID。 最上位の /plugins エンドポイント. からコンシューマーにプラグインを追加する場合は、これらのパラメーターのいずれかを設定してください /consumers/{consumerName|Id}/pluginsを使用する場合は必要ありません。

  • enabled

    boolean default: true

    このプラグインが適用されるかどうか。

  • config

    record required

    • timeout

      number required default: 60000

      An optional timeout in milliseconds when invoking the function.

    • keepalive

      number required default: 60000

      An optional value in milliseconds that defines how long an idle connection lives before being closed.

    • aws_key

      string referenceable encrypted

      The AWS key credential to be used when invoking the function. The aws_key value is required if aws_secret is defined. If aws_key and aws_secret are not set, the plugin uses an IAM role inherited from the instance running Kong to authenticate. Can be symmetrically encrypted if using Kong Gateway and data encryption is configured.

    • aws_secret

      string referenceable encrypted

      The AWS secret credential to be used when invoking the function. The aws_secret value is required if aws_key is defined. If aws_key and aws_secret are not set, the plugin uses an IAM role inherited from the instance running Kong to authenticate. Can be symmetrically encrypted if using Kong Gateway and data encryption is configured.

    • aws_assume_role_arn

      string referenceable encrypted

      The target AWS IAM role ARN used to invoke the Lambda function. Typically this is used for a cross-account Lambda function invocation.

    • aws_role_session_name

      string default: kong

      The identifier of the assumed role session. It is used for uniquely identifying a session when the same target role is assumed by different principals or for different reasons. The role session name is also used in the ARN of the assumed role principle.

    • aws_region

      string

      The AWS region where the Lambda function is located. The plugin does not attempt to validate the supplied region name.

      The plugin has two methods of detecting the AWS region: the aws_region parameter, or one of the AWS_REGION or AWS_DEFAULT_REGION environment variables. One of these must be set.

      If region is not specified in plugin configuration, the plugin automatically detects the AWS region on runtime via one of the environment variables. Using environment variables enables regionally distributed Kong cluster nodes to connect to the closest AWS region.

      The AWS region is required for AWS SigV4. If aws_region or the AWS_REGION or AWS_DEFAULT_REGION environment variables have not been specified, or an invalid region name has been provided, the plugin responds with an HTTP 500 Internal Server Error at runtime.

    • function_name

      string

      The AWS Lambda function name to invoke. This may contain the function name only (my-function), the full ARN (arn:aws:lambda:us-west-2:123456789012:function:my-function) or a partial ARN (123456789012:function:my-function). You can also append a version number or alias to any of the formats.

    • qualifier

      string

      The Qualifier to use when invoking the function.

    • invocation_type

      string required default: RequestResponse Must be one of: RequestResponse, Event, DryRun

      The InvocationType to use when invoking the function. Available types are RequestResponse, Event, DryRun.

    • log_type

      string required default: Tail Must be one of: Tail, None

    • host

      string

      The host where the Lambda function is located. This value can point to a local Lambda server, allowing for easier debugging.

      To set a region, use the aws_region parameter.

    • port

      integer default: 443 between: 0 65535

      The TCP port that the plugin uses to connect to the server.

    • unhandled_status

      integer between: 100 999

      The response status code to use (instead of the default 200, 202, or 204) in the case of an Unhandled Function Error.

    • forward_request_method

      boolean default: false

      An optional value that defines whether the original HTTP request method verb is sent in the request_method field of the JSON-encoded request.

    • forward_request_uri

      boolean default: false

      An optional value that defines whether the original HTTP request URI is sent in the request_uri field of the JSON-encoded request. Request URI arguments (if any) are sent in the separate request_uri_args field of the JSON body.

    • forward_request_headers

      boolean default: false

      An optional value that defines whether the original HTTP request headers are sent as a map in the request_headers field of the JSON-encoded request.

    • forward_request_body

      boolean default: false

      An optional value that defines whether the request body is sent in the request_body field of the JSON-encoded request. If the body arguments can be parsed, they are sent in the separate request_body_args field of the request. The body arguments can be parsed for application/json, application/x-www-form-urlencoded, and multipart/form-data content types.

    • is_proxy_integration

      boolean default: false

      An optional value that defines whether the response format to receive from the Lambda to this format.

    • awsgateway_compatible

      boolean default: false

      An optional value that defines whether the plugin should wrap requests into the Amazon API gateway.

    • proxy_url

      string

      An optional value that defines whether the plugin should connect through the given proxy server URL. Include the request scheme in the URL, which must be http. For example: http://my-proxy-server:3128.

      Kong Gateway uses HTTP tunneling via the CONNECT HTTP method so that no details of the AWS Lambda request are leaked to the proxy server.

    • skip_large_bodies

      boolean default: true

      An optional value that defines whether Kong should send large bodies that are buffered to disk. Note that enabling this option will have an impact on system memory depending on the number of requests simultaneously in flight at any given point in time and on the maximum size of each request. Also this option blocks all requests being handled by the nginx workers. That could be tens of thousands of other transactions that are not being processed. For small I/O operations, such a delay would generally not be problematic. In cases where the body size is in the order of MB, such a delay would cause notable interruptions in request processing. Given all of the potential downsides resulting from enabling this option, consider increasing the client_body_buffer_size value instead.

    • base64_encode_body

      boolean default: true

      An optional value that Base64-encodes the request body.

    • aws_imds_protocol_version

      string required default: v1 Must be one of: v1, v2

      Identifier to select the IMDS protocol version to use, either v1 or v2. If v2 is selected, an additional session token is requested from the EC2 metadata service by the plugin to secure the retrieval of the EC2 instance role. Note that if {{site.base_gateway}} is running inside a container on an EC2 instance, the EC2 instance metadata must be configured accordingly. Please refer to ‘Considerations’ section in the ‘Retrieve instance metadata’ section of the EC2 manual for details.