Search
  • Tim Burns

Using a Lambda Layer with API Gateway

Updated: Dec 8, 2019


AWS API Gateway is one of the most common ways to trigger a Lambda function. The API gateway acts as a front end to the Lambda function, which is a wrapper for the functionality in your library.


What we want to do here is make a web service call that reproduces the pytest function we have already proven on our local system.


The original test is




The functional test I want to write will provide an end to end validation of the service as it is called through an HTTP get request as an API function.


curl -H "X-API-KEY: ${X_API_KEY}" https://${API_ID}.execute-api.us-east-1.amazonaws.com/Prod/parse_filename?Path="api-gateway/tests/data/apple_health_tracking_201911231045steps.csv"

The first step in implementing the API gateway is gathering the system parameters you need from your VPC settings.


export VPC_ID="vpc-somelongid" export SUBNET_IDS="subnet-somelongid, subnet-somelongid" export LAMBDA_SECURITY_GROUP="sg-somelongid" export ENVIRONMENT="Dev"

Also, I use a Blue-Green deployment strategy to provide smooth development and rollout. For serverless applications, having a good CI strategy is very important.


I'll alias functions on my command line to switch quickly between environments.


alias set_blue="export COLOR=Blue" alias set_green="export COLOR=Green"


Having set up my default environment, I can now focus on a cloud formation template. Focus on including the portion of your application that developers change often into the template. Avoid including shared items such as network settings, Lambda layer definitions, usage plans, or API security keys. Shared components don't belong in development templates.


The Cloud Formation Template has the following major parts. Review them blue. The Globals part will contain some runtime globals. The Parameters portion contains your parameters. The Resources portion holds the parts that are dependent on the root stack like the DefaultLambdaRole definition specifies what services the Lambda can access, and the ParseFilename is the Lambda function and associates it with an API gateway.



Running from the provided Makefile "make deploy" will yield a stack with an API Gateway. Copy the API Gateway key into a file for referencing the API. See the circled value, for example.


The gateway key will not change unless you delete the deployment and create a new one, but it is useful for calling directly to the API. Once you map the API key to a public URL using vpc-links, you will no longer need to reference this key in API tests.


To provide API key security, map this API gateway to a usage plan, and specify an api key. You will only do this once for each environment, so using the AWS console is acceptable.


Finally, you need to associate your Lambda Layer with the functionality that you have already tested to the Lambda function that calls the layer. To do that, open the Lambda console and copy the Lambda associate.


aws lambda update-function-configuration --function-name ${STACK_NAME}${COLOR}-ParseFilename-${LAMBDA_ID} \ --layers arn:aws:lambda:us-east-1:${AWS_ACCOUNT_ID}:layer:api_layer:1

Running the command will associate the lambda layer with the Lambda function, and now you will have a Lambda system that genuinely conforms to a "test-first" design pattern.

The full code can be found on my github site.


15 views0 comments

Recent Posts

See All