Tutorial: Creating a Lambda function with a function URL
In this tutorial, you create a Lambda function defined as a .zip file archive with a public function URL endpoint that returns the product of two numbers. For more information about configuring function URLs, see Function URLs.
Prerequisites
This tutorial assumes that you have some knowledge of basic Lambda operations and the Lambda console. If you haven't already, follow the instructions in Create a Lambda function with the console to create your first Lambda function.
To complete the following steps, you need the AWS CLI version 2. Commands and the expected output are listed in separate blocks:
aws --version
You should see the following output:
aws-cli/2.13.27 Python/3.11.6 Linux/4.14.328-248.540.amzn2.x86_64 exe/x86_64.amzn.2
For long commands, an escape character (\
) is used to split a command over multiple lines.
On Linux and macOS, use your preferred shell and package manager.
Note
In Windows, some Bash CLI commands that you commonly use with Lambda (such as zip
) are not supported by the operating system's built-in terminals.
To get a Windows-integrated version of Ubuntu and Bash, install the Windows Subsystem for Linux
Create an execution role
Create the execution role that gives your Lambda function permission to access AWS resources.
To create an execution role
-
Open the Roles page
of the AWS Identity and Access Management (IAM) console. -
Choose Create role.
-
For Trusted entity type select AWS service, then for Use case, select Lambda.
-
Choose Next.
-
In the Permissions policies pane, enter
AWSLambdaBasicExecutionRole
in the search box. -
Select the checkbox next to the the
AWSLambdaBasicExecutionRole
AWS managed policy, then choose Next. -
Enter
lambda-url-role
for the Role name, then choose Create role.
The AWSLambdaBasicExecutionRole
policy has the permissions that
the function needs to write logs to Amazon CloudWatch Logs. Later in the tutorial, you'll need the Amazon Resource Name (ARN) of the role to create your
Lambda function.
To find the ARN of your execution role
-
Open the Roles page
of the AWS Identity and Access Management (IAM) console. -
Select the role you just created (
lambda-url-role
). -
In the Summary pane, copy the ARN.
Create a Lambda function with a function URL (.zip file archive)
Create a Lambda function with a function URL endpoint using a .zip file archive.
To create the function
-
Copy the following code example into a file named
index.js
.Example index.js
exports.handler = async (event) => { let body = JSON.parse(event.body); const product = body.num1 * body.num2; const response = { statusCode: 200, body: "The product of " + body.num1 + " and " + body.num2 + " is " + product, }; return response; };
-
Create a deployment package.
zip function.zip index.js
-
Create a Lambda function with the
create-function
command. Be sure to replace the role ARN with the ARN of your own execution role you copied earlier in the tutorial.aws lambda create-function \ --function-name my-url-function \ --runtime nodejs18.x \ --zip-file fileb://function.zip \ --handler index.handler \ --role
arn:aws:iam::123456789012:role/lambda-url-role
-
Add a resource-based policy to your function granting permissions to allow public access to your function URL.
aws lambda add-permission \ --function-name my-url-function \ --action lambda:InvokeFunctionUrl \ --principal "*" \ --function-url-auth-type "NONE" \ --statement-id url
-
Create a URL endpoint for the function with the
create-function-url-config
command.aws lambda create-function-url-config \ --function-name my-url-function \ --auth-type NONE
Test the function URL endpoint
Invoke your Lambda function by calling your function URL endpoint using an HTTP client such as curl or Postman.
curl
'https://abcdefg.lambda-url.us-east-1.on.aws/'
\ -H 'Content-Type: application/json' \ -d '{"num1": "10", "num2": "10"}'
You should see the following output:
The product of 10 and 10 is 100
Create a Lambda function with a function URL (CloudFormation)
You can also create a Lambda function with a function URL endpoint using the AWS CloudFormation type
AWS::Lambda::Url
.
Resources: MyUrlFunction: Type: AWS::Lambda::Function Properties: Handler: index.handler Runtime: nodejs18.x Role: arn:aws:iam::123456789012:role/lambda-url-role Code: ZipFile: | exports.handler = async (event) => { let body = JSON.parse(event.body); const product = body.num1 * body.num2; const response = { statusCode: 200, body: "The product of " + body.num1 + " and " + body.num2 + " is " + product, }; return response; }; Description: Create a function with a URL. MyUrlFunctionPermissions: Type: AWS::Lambda::Permission Properties: FunctionName: !Ref MyUrlFunction Action: lambda:InvokeFunctionUrl Principal: "*" FunctionUrlAuthType: NONE MyFunctionUrl: Type: AWS::Lambda::Url Properties: TargetFunctionArn: !Ref MyUrlFunction AuthType: NONE
Create a Lambda function with a function URL (AWS SAM)
You can also create a Lambda function configured with a function URL using AWS Serverless Application Model (AWS SAM).
ProductFunction: Type: AWS::Serverless::Function Properties: CodeUri: function/. Handler: index.handler Runtime: nodejs18.x AutoPublishAlias: live FunctionUrlConfig: AuthType: NONE
Clean up your resources
You can now delete the resources that you created for this tutorial, unless you want to retain them. By deleting AWS resources that you're no longer using, you prevent unnecessary charges to your AWS account.
To delete the execution role
-
Open the Roles page
of the IAM console. -
Select the execution role that you created.
-
Choose Delete.
-
Enter the name of the role in the text input field and choose Delete.
To delete the Lambda function
-
Open the Functions page
of the Lambda console. -
Select the function that you created.
-
Choose Actions, Delete.
-
Type
delete
in the text input field and choose Delete.