AWS Lambda Function URL vs API Gateway – When to Use What

AWS Lambda Function URLs and API Gateway are two ways to expose your Lambda functions to outside of AWS. But when should you use one over the other? Find out in this article.

I recently posted about the early leak of Lambda Function URLs by AWS. AWS lambda function URLs were finally officially announced in a blog post by Alex Casalboni. This is a long-awaited feature that the AWS community has been quite vocal about.

But how do lambda function URLs compare to API gateway in terms of HTTP API hosting? In this article we’ll explore what lambda function URLs have to offer and the pros and cons of using them over API gateway.

What Are Lambda Function URLs?

Lambda function URLs allow you to invoke your lambda function from a HTTPS endpoint. This allows you to expose your function to applications outside of AWS with a HTTP client.

In the past users who wanted to expose their lambda functions through HTTP endpoint had to first create a API gateway endpoint and then associate their lambda function with it. This required quite a few extra steps and knowledge over the API gateway service in order to set up correctly.

Having API Gateway as an intermediary between your user and function is a good choice for users looking to leverage API Gateways advanced features. This includes things like throttling, request validation, custom authorization, resource policies, and more.

Lambda function URLs make this process much much easier. You can now quickly add a HTTPS endpoint by configuring your lambda function in the advanced settings section of the console. The feature is already available through AWS cloud formation and CDK as an alternative.

Lambda Function URLs are a simplified version of API Gateway endpoints.

This feature is great for those of us that want to get setup with HTTP urls quickly without having to worry about the fus of setting up a API gateway endpoint.

How Do function URLs work?

You can enable function URLs either when originally create in your function or by updating it afterwards. You can access it in the console by clicking the Advanced Settings dropdown when initially creating your function. If you want to add a function URL to a already existing function, go to the Configuration tab of your function, and click on the Function URL tab.

You can choose between function url public access (NONE) or IAM based access.

You are able to define one of two Authentication types for your function.

Setting NONE will make your URL publicly accessible from anywhere on the internet. This can be useful in some testing cases but should be avoided in most production use cases.

Setting IAM allows you to define access to the function URL by defining a Resource Based Policy. Resource based policies allow you to define specific accounts, organizations, users, roles, or other AWS Principals to access your function. More info on IAM Auth can be found here.

The IAM option is ideal for functions they expect to get invoked from other AWS users.

When To Use API Gateway Over Function URLs

API Gateway and Function URLs offer similar features at first glance. Whether you should choose API Gateway or Function URLs to host your endpoint depends on whether you need access to the additional functionalities API Gateway provides.

For example, API gateway offers features such as throttling on endpoints. This can prevent clients from calling your API beyond a certain count.

Other API Gateway features include IP whitelist / blacklisting, authorization through integration with Amazon Cognito, request validation, any many many more features.

If you find yourself just needed a quick way to expose your Lambda function to the public internet, then Function URLs are definitely a good option. Its also interesting to note that there is no extra cost for using function URLs beyond normal Lambda invocation cost. However, integration with API Gateway costs extra.

However if you’re looking for a product a little bit more robust with a whole suite of extra features, then API Gateway with Lambda may be a better choice.

Exit mobile version