This extension is community supported.
The f5_aws_apigw_proxy iRules LX plug-in is a BIG-IP iRules LX plugin for enables the BIG-IP to act as a many-to-one proxy for both AWS API Gateway and direct Lambda function requests. The plug-in utilizes a data-group to perform path/URI and path/LambdaFunction matching. This allows for a single public facing proxy endpoint to service multiple backend AWS Lambda functions and APIs.
To proxy a Lambda function located within the same region as the F5 BIG-IP instance, create a datagroup, ('aws-apis')to create path/fxn mappings fxn1 ---> glc-hello-function. To proxy a Lambda function located in a different AWS region simply prepend the region to the function name fxn1 ---> eu-west-1/glc-hello-function.
Lambda Proxy Example1:
POST/apigw.f5demo.net/fxn1 -- proxies directly to the Lambda function with the name glc-hello-function
Lambda Proxy outside of region Example2:
POST/apigw.f5demo.net/fxn2 -- proxies directly to the Lambda function with the region/name eu-west-2/glc-hello-function
To proxy AWS APIs, use the same datagroup to create path --> URI matchings - api1 ---> jbfipbsqfa.execute-api.us-east-1.amazonaws.com/prod/LambdaPub-WCGIBYB9AHI
API example:
POST/apigw.f5demo.net/api1 -- proxies to -- POST/jbfipbsqfa.execute-api.us-east-1.amazonaws.com/prod/LambdaPub-WCGIBYB9AHI
BIG-IP VE 13.1 or later running on EC2
1. Download and import .tgz file into the BIGIP, (see below).
2. Create LX plugin from imported workspace - Note: must be named 'f5_aws_apigw_proxy'
TMSH command example: tmsh create ilx plugin f5_aws_apigw_proxy from-workspace f5_aws_apigw_proxy
3. Create and populate the data-group //Note: must be named 'aws-apis'
TMSH command example: tmsh create ltm data-group internal aws-apis type string records add { api1 { data jbfipbsqfa.execute-api.us-east-1.amazonaws.com/default/serverlessrepo-glc-publisher-LambdaPublisher-WFCGIBYB9AHI } fxn1 { data glc-hello-fxn }}
4. Create an AWS IAM role with the name: f5ApiProxyRole
The role requires, at a minimum the 'AmazonAPIGatewayInvokeFullAccess' and 'AWSLambdaFullAccess' permissions, (see below). Attach the newly created role to BIG-IP ec2 instance. Refer to this link for instructions.
For a quick video run through of the installation process, check out this video.
Once the workspace has been installed, you can use the BIG-IP workspace, (see below) to view and modify the underlying iRule -tcl and the nodejs processor