aws_lambda.proto

Package : envoy.config.filter.http.aws_lambda.v2

Top

aws_lambda.proto

Table of Contents

AWSLambdaConfig

Field Type Label Description
useDefaultCredentials google.protobuf.BoolValue Use AWS default credentials chain to get credentials. This will search environment variables, ECS metadata and instance metadata to get the credentials. credentials will be rotated automatically.
If credentials are provided on the cluster (using the AWSLambdaProtocolExtension), it will override these credentials. This defaults to false, but may change in the future to true.
serviceAccountCredentials envoy.config.filter.http.aws_lambda.v2.AWSLambdaConfig.ServiceAccountCredentials Use projected service account token, and role arn to create reate temporary credentials with which to authenticate lambda requests. This functionality is meant to work along side EKS service account to IAM binding functionality as outlined here: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.htmll<br>If the following environment values are not present, this option cannot be used. 1. AWS_WEB_IDENTITY_TOKEN_FILE 2. AWS_ROLE_ARN
The role arn may also be specified in the AWSLambdaProtocolExtension on the cluster level, to override the environment variable.
propagateOriginalRouting bool Send downstream path and method as x-envoy-original-path and x-envoy-original-method headers on the request to AWS lambda. Defaults to false.
credentialRefreshDelay google.protobuf.Duration Sets cadence for refreshing credentials for Service Account. Does nothing if Service account is not set. Does not affect the default filewatch for service account only augments it. Defaults to not refreshing on time period. Suggested is 15 minutes.

AWSLambdaConfig.ServiceAccountCredentials

Field Type Label Description
cluster string The name of the envoy cluster which represents the desired aws sts endpoint
uri string The full uri of the aws sts endpoint
timeout google.protobuf.Duration timeout for the request

AWSLambdaPerRoute

Field Type Label Description
name string The name of the function
qualifier string The qualifier of the function (defaults to $LATEST if not specified)
async bool Invocation type - async or regular.
emptyBodyOverride google.protobuf.StringValue Optional default body if the body is empty. By default on default body is used if the body empty, and an empty body will be sent upstream.
unwrapAsAlb bool Unwrap responses as AWS ALB does. Expects json lambda responses to construct response. Intended to ease migration when previously using alb to invoke Lambdas. When set on a route the filter will not stream data on the encoding step. Defaults to false.

AWSLambdaProtocolExtension

Field Type Label Description
host string The host header for AWS this cluster
region string The region for this cluster
accessKey string The access_key for AWS this cluster
secretKey string The secret_key for AWS this cluster
sessionToken string The session_token for AWS this cluster
roleArn string The role_arn to use when generating credentials for the mounted projected SA token