The AWS Request Signing plugin allows for secure communication with AWS Lambdas.
It signs requests with AWS SIGV4 and temporary credentials obtained from sts.amazonaws.com using an OAuth token.
This eliminates the need for an AWS API Gateway and simplifies the use of Lambdas as upstreams in Kong Gateway.
AWS Request Signing
Third PartyRelated Documentation
Incompatible with
konnect
Compatible Protocols
http
https
Minimum Version
Kong Gateway - 3.4
Third Party: This plugin is developed, tested, and maintained by The LEGO Group.
Install the AWS Request Signing plugin
Set up your AWS account and install the Kong AWS Request Signing plugin via Luarocks.
Prerequisites
To use this plugin, you have to prepare your AWS account. Add your token issuer to the Identity Providers in your AWS account so that the plugin can request temporary credentials.
For more information on the required AWS setup, visit the plugin repo.
Once your AWS account is set up, you can use the plugin to communicate with your Lambda HTTPS endpoint.
Install
You can install the AWS Request Signing plugin via LuaRocks.
A Lua plugin is distributed in .rock format, which is
a self-contained package that can be installed locally or from a remote server.
-
Install the AWS Request Signing plugin:
luarocks install https://github.com/LEGO/kong-aws-request-signing/raw/main/rocks/kong-aws-request-signing-$PLUGIN_VERSION.all.rockSubstitute
$PLUGIN_VERSIONwith one of available plugin versions. -
Update your loaded plugins list in Kong Gateway.
In your
kong.conf, appendaws-request-signingto thepluginsfield. Make sure the field isn’t commented out.plugins = bundled,aws-request-signing -
Restart Kong Gateway:
kong restart