# Task 2: Exposing an existing Lambda behind API Gateway for an Amplify frontend ### Overview * **API type:** Use API Gateway HTTP API for simpler setup and managed CORS. Choose REST API only if you need advanced features (usage plans, API keys, request transformations). * **Integration style:** Use Lambda proxy integration so your function receives the raw request and returns a simple statusCode/headers/body response. * **Route design:** POST /inference (or similar) to accept JSON payloads from your form. *** ### Prerequisites * **Existing Lambda:** Deployed in the target AWS account and region. * **Amplify app:** Local dev URL (e.g., ) and hosted domain (e.g., ). * **Schema clarity:** Input JSON you plan to send (partner, year, period, question) and output shape (answer, meta). *** ### Create the API and integrate Lambda #### Console steps (HTTP API, recommended) 1. **Create HTTP API** * **API type:** HTTP API. * **Name:** inference-api (or similar). 2. **Add integration** * **Integration type:** Lambda. * **Function:** Select your existing 10Q inference Lambda. * Confirm the console adds invoke permissions for API Gateway to your Lambda. 3. **Add a route** * **Method and path:** POST /inference. * **Integration target:** The Lambda integration from step 2. 4. **Create a stage** * **Stage name:** prod (or dev). * **Auto-deploy:** Enabled, so config changes go live without manual deployments. 5. **Note your invoke URL** * It looks like: * Your full endpoint is: #### AWS CLI steps (HTTP API) ```bash # 0) Variables REGION=us-east-1 LAMBDA_ARN=arn:aws:lambda:$REGION:123456789012:function:tenq-inference API_NAME=inference-api # 1) Create API API_ID=$(aws apigatewayv2 create-api \ --name "$API_NAME" \ --protocol-type HTTP \ --region $REGION \ --query 'ApiId' --output text) # 2) Create Lambda integration INTEGRATION_ID=$(aws apigatewayv2 create-integration \ --api-id $API_ID \ --integration-type AWS_PROXY \ --integration-uri arn:aws:apigateway:$REGION:lambda:path/2015-03-31/functions/$LAMBDA_ARN/invocations \ --payload-format-version 2.0 \ --region $REGION \ --query 'IntegrationId' --output text) # 3) Create route aws apigatewayv2 create-route \ --api-id $API_ID \ --route-key "POST /inference" \ --target integrations/$INTEGRATION_ID \ --region $REGION # 4) Grant invoke permission to API Gateway aws lambda add-permission \ --function-name $LAMBDA_ARN \ --statement-id apigw-$API_ID \ --action lambda:InvokeFunction \ --principal apigateway.amazonaws.com \ --source-arn arn:aws:execute-api:$REGION:123456789012:$API_ID/*/POST/inference \ --region $REGION # 5) Create stage with auto-deploy aws apigatewayv2 create-stage \ --api-id $API_ID \ --stage-name prod \ --auto-deploy \ --region $REGION # 6) Get URL aws apigatewayv2 get-apis --region $REGION --query "Items[?ApiId=='$API_ID'].ApiEndpoint" --output text ``` *** ### Test the endpoint and connect from Amplify #### Smoke test with curl ```bash ENDPOINT="https://abc123.execute-api.us-east-1.amazonaws.com/inference" curl -i -X POST "$ENDPOINT" \ -H "Content-Type: application/json" \ -d '{ "partner":"Contoso", "year":2023, "period":"Q2", "question":"Summarize revenue growth drivers." }' ``` * **Expect:** HTTP/1.1 200 and a JSON body. If you see 403 “Missing Authentication Token,” the route or method doesn’t match. If you see 500, log the Lambda error and confirm event.body parsing. ### Enable CORS and deploy #### CORS for HTTP API 1. **Open CORS settings** in your HTTP API. 2. **Allowed origins:** Add your dev and prod origins. * (and any branch previews you use) 3. **Allowed methods:** POST, OPTIONS. 4. **Allowed headers:** Content-Type, Authorization. 5. **Expose headers:** Content-Type (and any custom headers you need). 6. **Credentials:** Off unless you require cookies. 7. **Save:** With auto-deploy enabled, changes go live immediately. > Tip: Also return CORS headers from Lambda on success and error: > > * Access-Control-Allow-Origin: your domain (or “\*” for public) > * Access-Control-Allow-Headers: Content-Type > * Access-Control-Allow-Methods: POST, OPTIONS CURL will NO LONGER work after adding this check. This is the first step in securing your endpoint. We are limiting it to the front end. However this is not actual authorization. We will add that later. *** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://llm-aws.course.gspivey.com/optional-front-end-module-with-aws-amplify/optional-project-2-adapt-todo-app-to-llm-inference/task-2-exposing-an-existing-lambda-behind-api-gateway-for-an-amplify-frontend.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.