Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support lambda direct requests over HTTPS #1767

Open
ermi-ltd opened this issue Mar 4, 2024 · 0 comments
Open

Support lambda direct requests over HTTPS #1767

ermi-ltd opened this issue Mar 4, 2024 · 0 comments

Comments

@ermi-ltd
Copy link

ermi-ltd commented Mar 4, 2024

Feature Request

The lambda direct endpoint can't currently be accessed via HTTPS as the TLS certificate specified with the httpsProtocol option is not passed to the Hapi server instance.

This prevents Lambda's being reached by the Swift AWS SDK from within the Xcode Build + Run process.

Lambda configuration in Swift to pass the endpoint:

let configuration = try await LambdaClient.LambdaClientConfiguration(
            credentialsProvider: credentialsProvider,
            endpoint: "https://localhost:3002",
            region: "eu-west-2"
        )

With a HTTPS endpoint, the following error is returned by the AWS Swift SDK when a Lambda is invoked:

crtError(AwsCommonRuntimeKit.CRTError(code: 1029, message: "TLS (SSL) negotiation failed", name: "AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE"))

This error can be resolved by modifying the src/lambda/HttpServer.js file to pass the TLS information (see below)

I'm not sure what the best way to do this would be, so I'm opening this as an issue rather than a pull request. I've created a fork with a temporary fix (master...ermi-ltd:serverless-offline:master). Happy to submit a PR if that would be preferred.

Sample Code

The following patch to src/lambda/HttpServer.js resolved the issues by adding the feature:

 constructor(options, lambda) {
    this.#lambda = lambda
    this.#options = options

    const { host, lambdaPort } = options

    const serverOptions = {
      host,
      port: lambdaPort,
      ...(options.httpsProtocol != null && {
        tls: this.#loadCerts(options.httpsProtocol),
      }),
    }

    this.#server = new Server(serverOptions)
  }
  
  #loadCerts(httpsProtocol) {
    return {
      cert: fs.readFileSync(resolve(httpsProtocol, "cert.pem"), "utf8"),
      key: fs.readFileSync(resolve(httpsProtocol, "key.pem"), "utf8"),
    }
  }

Expected behavior/code

It should be possible to hit the direct lambda endpoint (aka, lambdaPort) over HTTPS.

Additional context/Screenshots

I'd propose to add support for the httpsProtocol when accessing Lambda's directly using the lambdaPort, or add a new option called something like: lambdaPortProtocol.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ermi-ltd