Creating and managing Lambda function URLs
A function URL is a dedicated HTTP(S) endpoint for your Lambda function. You can create and configure a function URL through the Lambda console or the Lambda API.
Tip
Lambda offers two ways to invoke your function through an HTTP endpoint: function URLs and Amazon API Gateway. If you're not sure which is the best method for your use case, see Select a method to invoke your Lambda function using an HTTP request.
When you create a function URL, Lambda automatically generates a unique URL endpoint for you. Once you create a function URL, its URL endpoint never changes. Function URL endpoints have the following format:
https://
<url-id>
.lambda-url.<region>.on.aws
Note
Function URLs are not supported in the following AWS Regions: Asia Pacific (Hyderabad) (ap-south-2
), Asia Pacific (Melbourne) (ap-southeast-4
), Asia Pacific (Malaysia) (ap-southeast-5
), Canada West (Calgary) (ca-west-1
), Europe (Spain) (eu-south-2
), Europe (Zurich) (eu-central-2
), Israel (Tel Aviv) (il-central-1
), and Middle East (UAE) (me-central-1
).
Function URLs are dual stack-enabled, supporting IPv4 and IPv6. After you configure a function URL for your function, you can invoke your function through its HTTP(S) endpoint via a web browser, curl, Postman, or any HTTP client.
Note
You can access your function URL through the public Internet only. While Lambda functions do support AWS PrivateLink, function URLs do not.
Lambda function URLs use resource-based policies for security and access control. Function URLs also support cross-origin resource sharing (CORS) configuration options.
You can apply function URLs to any function alias, or to the $LATEST
unpublished function version.
You can't add a function URL to any other function version.
The following section show how to create and manage a function URL using the Lambda console, AWS CLI, and AWS CloudFormation template
Topics
- Creating a function URL (console)
- Creating a function URL (AWS CLI)
- Adding a function URL to a CloudFormation template
- Cross-origin resource sharing (CORS)
- Throttling function URLs
- Deactivating function URLs
- Deleting function URLs
- Control access to Lambda function URLs
- Invoking Lambda function URLs
- Monitoring Lambda function URLs
- Select a method to invoke your Lambda function using an HTTP request
- Tutorial: Creating a webhook endpoint using a Lambda function URL
Creating a function URL (console)
Follow these steps to create a function URL using the console.
-
Open the Functions page
of the Lambda console. -
Choose the name of the function that you want to create the function URL for.
-
Choose the Configuration tab, and then choose Function URL.
-
Choose Create function URL.
-
For Auth type, choose AWS_IAM or NONE. For more information about function URL authentication, see Access control.
-
(Optional) Select Configure cross-origin resource sharing (CORS), and then configure the CORS settings for your function URL. For more information about CORS, see Cross-origin resource sharing (CORS).
-
Choose Save.
This creates a function URL for the $LATEST
unpublished version of your function. The function URL
appears in the Function overview section of the console.
-
Open the Functions page
of the Lambda console. -
Choose the name of the function with the alias that you want to create the function URL for.
-
Choose the Aliases tab, and then choose the name of the alias that you want to create the function URL for.
-
Choose the Configuration tab, and then choose Function URL.
-
Choose Create function URL.
-
For Auth type, choose AWS_IAM or NONE. For more information about function URL authentication, see Access control.
-
(Optional) Select Configure cross-origin resource sharing (CORS), and then configure the CORS settings for your function URL. For more information about CORS, see Cross-origin resource sharing (CORS).
-
Choose Save.
This creates a function URL for your function alias. The function URL appears in the console's Function overview section for your alias.
To create a new function with a function URL (console)
-
Open the Functions page
of the Lambda console. -
Choose Create function.
-
Under Basic information, do the following:
-
For Function name, enter a name for your function, such as
my-function
. -
For Runtime, choose the language runtime that you prefer, such as Node.js 18.x.
-
For Architecture, choose either x86_64 or arm64.
-
Expand Permissions, then choose whether to create a new execution role or use an existing one.
-
-
Expand Advanced settings, and then select Function URL.
-
For Auth type, choose AWS_IAM or NONE. For more information about function URL authentication, see Access control.
-
(Optional) Select Configure cross-origin resource sharing (CORS). By selecting this option during function creation, your function URL allows requests from all origins by default. You can edit the CORS settings for your function URL after creating the function. For more information about CORS, see Cross-origin resource sharing (CORS).
-
Choose Create function.
This creates a new function with a function URL for the $LATEST
unpublished version of the function. The function URL appears in the Function
overview section of the console.
Creating a function URL (AWS CLI)
To create a function URL for an existing Lambda function using the AWS Command Line Interface (AWS CLI), run the following command:
aws lambda create-function-url-config \ --function-name
my-function
\ --qualifierprod
\ // optional --auth-typeAWS_IAM
--cors-config{AllowOrigins="https://example.com"}
// optional
This adds a function URL to the prod
qualifier for the function
my-function
. For more information about these configuration parameters, see
CreateFunctionUrlConfig in the API reference.
Note
To create a function URL via the AWS CLI, the function must already exist.
Adding a function URL to a CloudFormation template
To add an AWS::Lambda::Url
resource to your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::Lambda::Url", "Properties" : { "AuthType" : String, "Cors" : Cors, "Qualifier" : String, "TargetFunctionArn" : String } }
YAML
Type: AWS::Lambda::Url Properties: AuthType: String Cors: Cors Qualifier: String TargetFunctionArn: String
Parameters
(Required)
AuthType
– Defines the type of authentication for your function URL. Possible values are eitherAWS_IAM
orNONE
. To restrict access to authenticated users only, set toAWS_IAM
. To bypass IAM authentication and allow any user to make requests to your function, set toNONE
.-
(Optional)
Cors
– Defines the CORS settings for your function URL. To addCors
to yourAWS::Lambda::Url
resource in CloudFormation, use the following syntax.Example AWS::Lambda::Url.Cors (JSON)
{ "AllowCredentials" : Boolean, "AllowHeaders" : [ String, ... ], "AllowMethods" : [ String, ... ], "AllowOrigins" : [ String, ... ], "ExposeHeaders" : [ String, ... ], "MaxAge" : Integer }
Example AWS::Lambda::Url.Cors (YAML)
AllowCredentials: Boolean AllowHeaders: - String AllowMethods: - String AllowOrigins: - String ExposeHeaders: - String MaxAge: Integer
(Optional)
Qualifier
– The alias name.(Required)
TargetFunctionArn
– The name or Amazon Resource Name (ARN) of the Lambda function. Valid name formats include the following:Function name –
my-function
Function ARN –
arn:aws:lambda:us-west-2:123456789012:function:my-function
Partial ARN –
123456789012:function:my-function
Cross-origin resource sharing (CORS)
To define how different origins can access your function URL, use cross-origin resource sharing (CORS)
CORS header | CORS configuration property | Example values |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
When you configure CORS for a function URL using the Lambda console or the AWS CLI, Lambda automatically adds the CORS headers to all responses through the function URL. Alternatively, you can manually add CORS headers to your function response. If there are conflicting headers, the expected behavior depends on the type of request:
-
For preflight requests such as OPTIONS requests, the configured CORS headers on the function URL take precedence. Lambda returns only these CORS headers in the response.
-
For non-preflight requests such as GET or POST requests, Lambda returns both the configured CORS headers on the function URL, as well as the CORS headers returned by the function. This can result in duplicate CORS headers in the response. You may see an error similar to the following:
The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed
.
In general, we recommend configuring all CORS settings on the function URL, rather than sending CORS headers manually in the function response.
Throttling function URLs
Throttling limits the rate at which your function processes requests. This is useful in many situations, such as preventing your function from overloading downstream resources, or handling a sudden surge in requests.
You can throttle the rate of requests that your Lambda function processes through a function URL by configuring reserved concurrency. Reserved concurrency limits the number of maximum concurrent invocations for your function. Your function's maximum request rate per second (RPS) is equivalent to 10 times the configured reserved concurrency. For example, if you configure your function with a reserved concurrency of 100, then the maximum RPS is 1,000.
Whenever your function concurrency exceeds the reserved concurrency, your function URL returns an HTTP
429
status code. If your function receives a request that exceeds the 10x RPS maximum based on your
configured reserved concurrency, you also receive an HTTP 429
error. For more information about
reserved concurrency, see Configuring reserved concurrency for a function.
Deactivating function URLs
In an emergency, you might want to reject all traffic to your function URL. To deactivate your function URL,
set the reserved concurrency to zero. This throttles all requests to your function URL, resulting in HTTP
429
status responses. To reactivate your function URL, delete the reserved concurrency
configuration, or set the configuration to an amount greater than zero.
Deleting function URLs
When you delete a function URL, you can’t recover it. Creating a new function URL will result in a different URL address.
Note
If you delete a function URL with auth type NONE
, Lambda doesn't automatically delete the
associated resource-based policy. If you want to delete this policy, you must manually do so.
-
Open the Functions page
of the Lambda console. -
Choose the name of the function.
-
Choose the Configuration tab, and then choose Function URL.
-
Choose Delete.
-
Enter the word delete into the field to confirm the deletion.
-
Choose Delete.
Note
When you delete a function that has a function URL, Lambda asynchronously deletes the function URL. If you immediately create a new function with the same name in the same account, it is possible that the original function URL will be mapped to the new function instead of deleted.