AWS lambda executor setup
Yoda uses an external executor to resolve requests to data sources. Currently, it supports AWS Lambda (through REST interface). In future releases, yoda will support more executors and allow you to specify multiple executors to add redundancy.
In your AWS account, go to AWS Lambda Page and click Create function.
Follow the following steps:
- Select Author from Scratch
- Choose your Function name It will be your endpoint route.
- Set Runtime to
Python 3.7 - For permission, if you don't have an existing role, create a new one.
Click Create function. Once everything is complete, You will see this page.
Scroll down to Function code panel and click Actions -> Upload a .zip file. You will need to upload (the runtime zip)[TODO: update url].
Scroll down to Environment variables section and add 2 environment variables: MAX_EXECUTABLE to 8192 (8 MB) and MAX_DATA_SIZE to 256.
Scroll further to Basic Settings and update the runtime configurations. We recommend using 512MB RAM and 12 seconds timeout.
We will use API Gateway for receiving a request from our Yoda program. Let’s create a new trigger by clicking + Add trigger -> API Gateway and follow the setup wizard to create a new API endpoint connecting to your Lambda function.
Once completed, you will see the API endpoint that will be used as the endpoint URL to test your Lambda function.
You can now test the endpoint using curl
curl --location --request POST '<your_api_endpoint>' \
--header 'Content-Type: application/json' \
--data-raw '{
"executable": "IyEvdXNyL2Jpbi9lbnYgcHl0aG9uMwoKaW1wb3J0IHN5cwoKZGVmIG1haW4oZGF0YSk6CiAgICByZXR1cm4gZGF0YQoKCmlmIF9fbmFtZV9fID09ICJfX21haW5fXyI6CiAgICB0cnk6CiAgICAgICAgcHJpbnQobWFpbigqc3lzLmFyZ3ZbMTpdKSkKICAgIGV4Y2VwdCBFeGNlcHRpb24gYXMgZToKICAgICAgICBwcmludChzdHIoZSksIGZpbGU9c3lzLnN0ZGVycikKICAgICAgICBzeXMuZXhpdCgxKQo=",
"calldata": "\"Hello lambda\"",
"timeout": 3000
}'The expected result should be:
{
"returncode": 0,
"stdout": "Hello lambda\n",
"stderr": "",
"error": "",
"version": "lambda:1.2.4"
}If all goes well, you can configure the endpoint as yoda’s executor.
yoda config executor "rest:<your_aws_lambda_endpoint>?timeout=7s"NOTE: If you skip this section, Yoda still works.
This section will introduce how to improve API Gateway security by attaching an authorizer.
A Lambda authorizer (formerly known as a custom authorizer) is an API Gateway feature that uses a Lambda function to control access to your API.
In your AWS account, go to AWS Lambda Page and click Create function.
Follow the following steps:
- Select Author from Scratch
- Fill your Function name It will be your endpoint route.
- Select Runtime to
Python 3.7 - For permission if you don't have an existing role, create a new one.
Click Create function. Once everything is complete, You will see this page.
Scroll down to Function code panel and click Actions -> Upload a .zip file. You will need to upload (the runtime zip)[TODO: add link].
Scroll down to "Environment variables" section and add an environment variable: JWT_SECRET_KEY to <YOUR_JWT_SECRET>
In your AWS account, go to API Gateway page and click your API Gateway.
Click Authorization on API Gateway left sidebar
Click Manage authorizers and Create authorizer
Follow the following steps:
- Select the Lambda as the authorizer type
- Choose AWS region and Lambda function to Lambda authorizer that we set up on Creating Authorizer Function section
- Choose Playload fromat version to 2.0
- Set default to another field
Aftter that's done, go back the to Attach authorizers to routes menu. Click ANY, choose your authorizer, then click Attach authorizer
Once complete, you will see a Lambda badge
First, We add the secret key to Yoda.
$ yoda config jwt-secret-key <YOUR_JWT_SECRET>You can test it with cURL.
$ curl --location --request POST <YOUR_API_ENDPOINT> \
--header 'Content-Type: application/json' \
--header 'Authorization: '"$(yoda auth signed-token)"'' \
--data-raw '{
"executable": "IyEvdXNyL2Jpbi9lbnYgcHl0aG9uMwoKaW1wb3J0IHN5cwoKZGVmIG1haW4oZGF0YSk6CiAgICByZXR1cm4gZGF0YQoKCmlmIF9fbmFtZV9fID09ICJfX21haW5fXyI6CiAgICB0cnk6CiAgICAgICAgcHJpbnQobWFpbigqc3lzLmFyZ3ZbMTpdKSkKICAgIGV4Y2VwdCBFeGNlcHRpb24gYXMgZToKICAgICAgICBwcmludChzdHIoZSksIGZpbGU9c3lzLnN0ZGVycikKICAgICAgICBzeXMuZXhpdCgxKQo=",
"calldata": "\"Hello lambda\"",
"timeout": 3000
}'The expected result should be:
{
"returncode": 0,
"stdout": "Hello lambda\n",
"stderr": "",
"error": "",
"version": "lambda:1.2.4"
}