Support lambda direct requests over HTTPS
ermi-ltd opened this issue · comments
Runtime
nodejs
Runtime version
16+
Module version
future
Used with
No response
Any other relevant information
No response
What problem are you trying to solve?
The lambda direct endpoint can't currently be access via HTTPS as the TLS certificate specified with the httpsProtocol
option are not passed to the Hapi server instance.
This prevents Lambda's being reached by the Swift AWS SDK from within the Xcode Build + Run process.
Lambda configuration in Swift to pass the endpoint:
let configuration = try await LambdaClient.LambdaClientConfiguration(
credentialsProvider: credentialsProvider,
endpoint: "https://localhost:3002",
region: "eu-west-2"
)
With a HTTPS endpoint, the following error is returned when a Lambda is invoked:
crtError(AwsCommonRuntimeKit.CRTError(code: 1029, message: "TLS (SSL) negotiation failed", name: "AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE"))
This error can be resolved by modifying the src/lambda/HttpServer.js file to pass the TLS information:
constructor(options, lambda) {
this.#lambda = lambda
this.#options = options
const { host, lambdaPort } = options
const serverOptions = {
host,
port: lambdaPort,
...(options.httpsProtocol != null && {
tls: this.#loadCerts(options.httpsProtocol),
}),
}
this.#server = new Server(serverOptions)
}
#loadCerts(httpsProtocol) {
return {
cert: fs.readFileSync(resolve(httpsProtocol, "cert.pem"), "utf8"),
key: fs.readFileSync(resolve(httpsProtocol, "key.pem"), "utf8"),
}
}
I'm not sure what the best way to do this would be, so I'm opening this as an issue rather than a pull request. I've created a fork with a temporary fix (dherault/serverless-offline@master...ermi-ltd:serverless-offline:master). Happy to submit a PR if that would be preferred.
Do you have a new or modified API suggestion to solve the problem?
I'd propose to add support for the httpsProtocol when accessing Lambda's directly using the lambdaPort, or add a new option called something like: lambdaPortProtocol.
ha, this was intended for serverless-offline. Doh, wrong repo. blush