Set up routing
Set up routing to your Lambda function in a RouteTable Gloo resource.
After you define your AWS and Lambda information, set up routing to your Lambda function in a RouteTable
Gloo resource.
Create a route table
Create a RouteTable
resource to ensure that Gloo Mesh Gateway directs all requests on a specific path to your Lambda function. For more information on how to configure a route table, see the routing guides or API reference documentation.
Example
This route table ensures that all requests to the example.com/test-lambda
path are routed by the gateway to your Lambda function.
Test routing to your Lambda
Get the hostname of your ingress gateway to test the
/test-lambda
route.Send a request to the Lambda endpoint to verify that the request is successfully resolved by the gateway. This example command sends the request to the
/test-lambda
path.
Allow requests to only specific Lambda route tables
Optionally allow gateway routing to only specific types of Lambda routes. This method can be useful when you have a large number of route tables, and want to ensure that the gateway allows traffic requests to only a subset of the available routes based on the Lambda properties (such as the function name, account, or location) or based on the invocation properties (the assumed IAM role). Traffic requests to routes that do not match the properties that you specify result in an error.
Route filtering is enabled through the allowedRoutes
setting in either the VirtualGateway
resource, or the main RouteTable
in a delegated route table setup.
Virtual gateways
You can specify the following filters in the allowedRouteTables.allowedRoutes
section of a VirtualGateway
resource. These filters support regular expressions.
In this example virtual gateway, the following fields filter how a request is being routed:
host
andselector.workspace
: The gateway listens only for requests to routes that are defined in route tables that list*.foo.com
as the host, and that exist in thefoo-ws
workspace.allowedRoutes
: Within these route tables, the gateway only routes requests when:- The route requires the gateway to assume the
dev-team-B-*
IAM role for invocation. - The route is for Lambda functions named
backend-function-*
in theus-east-2
region.
- The route requires the gateway to assume the
Delegated route tables
If you use delegated route tables for your Lambda functions, you can specify the following matchers in the delegate.allowedRoutes
section of your main route table resource. These matchers support regular expressions.
In this example main route table, the gateway only routes requests to sub-tables when:
- The route requires the gateway to assume the
dev-team-B-*
IAM role for invocation. - The route is for Lambda functions named
backend-function-*
in theus-east-2
region.
Apply request and response transformations
When a workload in your Gloo Mesh Gateway environment sends a request to your Lambda function, Gateway applies a default transformation to the payload. When the function returns the response, Gloo Mesh Gateway also expects specific fields in the response payload. When you use these default payload formats, your Lambda must be coded to accept and return the Gloo Mesh Gateway format. You can also disable all request and response transformations, and apply custom transformations by using transformation policies.
For more information, see Request and response payloads.
Preparing for Lambda cold starts
When you invoke a new function in AWS Lambda, you might notice significant latency, or a cold start, as Lambda downloads your code and prepares the execution environment. The latency can vary from under 100ms to more than 1 second. The chances of a cold start increase if you write the function in a programming language that takes a long time to start up a VM, such as Java. For more information, see the AWS blog.
Cold start latency might result in 500
-level server error responses. To mitigate the latency effects, you can apply a Gloo RetryTimeoutPolicy
, such as the following example.
For more information about timeout and retry settings, see the RetryTimeoutPolicy
documentation.