Serverless functions, such as Lambda functions, provide an alternative to traditional applications or services. The functions run on servers that you do not have to manage yourself, and you pay for only for the compute time you use. However, you might want to invoke your serverless functions from other services or apps, such as the Kubernetes workloads that run in clusters in your Gloo Mesh Gateway environment. By abstracting a Lambda as a type of destination in your Gloo Mesh Gateway environment, your workloads can send requests to the Lambda destination in the same way that you set up routing through Gloo Mesh Gateway to other types of destinations. Gloo Mesh Gateway does the work of assuming an AWS IAM role to invoke the actual Lambda function in your AWS account.

Gloo Mesh Gateway integration

Gloo Mesh Gateway supports multiple features to help you seamlessly invoke Lambda functions from your Gloo environment:

  • Permissions: To ensure that permissions to AWS Lambda are controlled, you can specify multiple levels of IAM roles for general AWS Lambda access, discovery of functions in an account, and invocation of specific functions.
  • Discovery: Gloo Mesh Gateway can automatically discover all of the functions in an AWS account and region, or if you apply discovery filters, a subset of the functions. Alternatively, you can disable discovery and choose individual functions for Gloo Mesh Gateway to access.
  • Routing: After Gateway discovers your functions, you can route to each function in the same way that you route to other destinations in a route table resource. Gloo Mesh Gateway assumes one of your AWS IAM roles to invoke the Lambda function.
  • Transformations: You can use Gloo Mesh Gateway in place of your AWS ALB or AWS API Gateway. The default transformation that Gloo Mesh Gateway applies adjusts the default request and response payloads for a smooth migration from AWS gateways to Gloo Mesh Gateway. You can also apply additional Gloo transformation policies, which allow you to customize the request and respone payloads for Lambda as needed.
  • Multitenancy: By using Gloo workspaces, you can separate Lambda discovery, IAM access, and function invocation by team in your Gateway environment.