AWS Lambda Function URLs and API Gateway are two ways to expose your Lambda functions to outside of AWS. But when should you use one over the other? Find out in this article.
I recently posted about the early leak of Lambda Function URLs by AWS. AWS lambda function URLs were finally officially announced in a blog post by Alex Casalboni. This is a long-awaited feature that the AWS community has been quite vocal about.
But how do lambda function URLs compare to API gateway in terms of HTTP API hosting? In this article we’ll explore what lambda function URLs have to offer and the pros and cons of using them over API gateway.
What Are Lambda Function URLs?
Lambda function URLs allow you to invoke your lambda function from a HTTPS endpoint. This allows you to expose your function to applications outside of AWS with a HTTP client.
In the past users who wanted to expose their lambda functions through HTTP endpoint had to first create a API gateway endpoint and then associate their lambda function with it. This required quite a few extra steps and knowledge over the API gateway service in order to set up correctly.
Lambda function URLs make this process much much easier. You can now quickly add a HTTPS endpoint by configuring your lambda function in the advanced settings section of the console. The feature is already available through AWS cloud formation and CDK as an alternative.
This feature is great for those of us that want to get setup with HTTP urls quickly without having to worry about the fus of setting up a API gateway endpoint.
How Do function URLs work?
You can enable function URLs either when originally create in your function or by updating it afterwards. You can access it in the console by clicking the Advanced Settings dropdown when initially creating your function. If you want to add a function URL to a already existing function, go to the Configuration tab of your function, and click on the Function URL tab.
You are able to define one of two Authentication types for your function.
Setting NONE will make your URL publicly accessible from anywhere on the internet. This can be useful in some testing cases but should be avoided in most production use cases.
Setting IAM allows you to define access to the function URL by defining a Resource Based Policy. Resource based policies allow you to define specific accounts, organizations, users, roles, or other AWS Principals to access your function. More info on IAM Auth can be found here.
The IAM option is ideal for functions they expect to get invoked from other AWS users.
When To Use API Gateway Over Function URLs
API Gateway and Function URLs offer similar features at first glance. Whether you should choose API Gateway or Function URLs to host your endpoint depends on whether you need access to the additional functionalities API Gateway provides.
For example, API gateway offers features such as throttling on endpoints. This can prevent clients from calling your API beyond a certain count.
Other API Gateway features include IP whitelist / blacklisting, authorization through integration with Amazon Cognito, request validation, any many many more features.
If you find yourself just needed a quick way to expose your Lambda function to the public internet, then Function URLs are definitely a good option. Its also interesting to note that there is no extra cost for using function URLs beyond normal Lambda invocation cost. However, integration with API Gateway costs extra.
However if you’re looking for a product a little bit more robust with a whole suite of extra features, then API Gateway with Lambda may be a better choice.
Thank you for sharing about the new AWS feature.
I’d like to translate this post to Korean language. So would you allow me to translate it?