(lambda): Return domain name for Lambda Function Url

[MarkusWendorf]

Describe the feature

I've tried to connect my Lambda with a function url endpoint to a CloudFront origin, but the function url only returns the url itself but not the domain name, which is required for an http origin.

Because the url is a token only resolved at synth time, it cannot be modified easily (to return only the domain name).
I had to use a workaround: https://github.com/MarkusWendorf/cdk-function-url

Gist:

const apiDomain = Lazy.uncachedString({
  produce: (context) => {
    const resolved = context.resolve(functionUrl.url);
    return { "Fn::Select": [2, { "Fn::Split": ["/", resolved] }] } as any;
  },
});

That's why I would propose that the FunctionUrl resource also returns the domain name.

Use Case

I've tried to connect my Lambda with a function url endpoint to a CloudFront origin, but the function url only returns the url itself but not the domain name, which is required for a http origin.

Proposed Solution

Return the domainName in addition to the url from the FunctionUrl resource.

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CDK version used

2.21.1

Environment details (OS name and version, etc.)

Macos 12.3.1

[kaizencc]

The function url is an attribute returned by cloudformation according to their documentation. I'm not sure that this is achievable on our end as we are bound to cloudformation. We'd have to parse the url as a Lazy string just as you've done, and I'm not sure that's feasible to maintain at the moment.

[Misfits09]

I encountered the same problem and figured out a similar "trick" to make it work... I ended up using :

origin: new HttpOrigin(Fn.select(2, Fn.split('/', lambdaUrl.url)))

Do you still believe it shouldn't be a feature ? @kaizencc
It should, I think, at least be mentionned somewhere in the documentation of FunctionUrl or HttpOrigin as it is not that uncommon nowadays to want to point Cloudfront to a lambda endpoint...

[Dav3rs]

@Misfits09 I was able to move forward with your trick, but now I'm stuck with a forbidden when calling the function, how can I grant permissions to make the invocation?

[tylerhcarter]

@Dav3rs You've probably figured this out, but the 403 is likely being caused by the AUTH_TYPE for the URL being defaulted to AWS_IAM, meaning its looking for an AWS Signature in the request.

You can either open up the URL by setting the authentication to none, or you can implement a CloudFront request signer to sign outgoing requests with a role the has been granted the ability to invoke your lambda url.

[watany-dev]

As this ticket has been resolved, it would be appropriate to close it.
#29101

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.