A tool to run web applications on AWS Lambda
AWS Lambda Web Adapter allows developers to build web apps (http api) with familiar frameworks (e.g. Express.js, Next.js, Flask, SpringBoot, ASP.NET and Laravel, anything speaks HTTP 1.1/1.0) and run it on AWS Lambda. The same docker image can run on AWS Lambda, Amazon EC2, AWS Fargate, and local computers.
AWS Lambda Web Adapter work with Lambda functions packaged as both docker images and Zip packages.
To use Lambda Web Adapter with docker images, package your web app (http api) in a Dockerfile, and add one line to copy Lambda Web Adapter binary to /opt/extensions inside your container:
COPY --from=public.ecr.aws/awsguru/aws-lambda-adapter:0.8.4 /lambda-adapter /opt/extensions/lambda-adapter
Non-AWS base images may be used since the Runtime Interface Client ships with the Lambda Web Adapter.
By default, Lambda Web Adapter assumes the web app is listening on port 8080. If not, you can specify the port via configuration.
Pre-compiled Lambda Web Adapter binaries are provided in ECR public repo: public.ecr.aws/awsguru/aws-lambda-adapter. Multi-arch images are also provided in this repo. It works on both x86_64 and arm64 CPU architecture.
Below is a Dockerfile for an example nodejs application.
FROM public.ecr.aws/docker/library/node:20-slim
COPY --from=public.ecr.aws/awsguru/aws-lambda-adapter:0.8.4 /lambda-adapter /opt/extensions/lambda-adapter
ENV PORT=7000
WORKDIR "/var/task"
ADD src/package.json /var/task/package.json
ADD src/package-lock.json /var/task/package-lock.json
RUN npm install --omit=dev
ADD src/ /var/task
CMD ["node", "index.js"]
This works with any base images except AWS managed base images. To use AWS managed base images, you need to override the ENTRYPOINT to start your web app.
AWS Lambda Web Adapter also works with AWS managed Lambda runtimes. You need to do three things:
attach Lambda Web Adapter layer to your function.
arn:aws:lambda:${AWS::Region}:753240598075:layer:LambdaAdapterLayerX86:23
arn:aws:lambda:${AWS::Region}:753240598075:layer:LambdaAdapterLayerArm64:23
arn:aws-cn:lambda:cn-north-1:041581134020:layer:LambdaAdapterLayerX86:23
arn:aws-cn:lambda:cn-northwest-1:069767869989:layer:LambdaAdapterLayerX86:23
configure Lambda environment variable AWS_LAMBDA_EXEC_WRAPPER
to /opt/bootstrap
.
set function handler to your web application start up script. e.g. run.sh
.
For details, please check out the example Node.js application.
When a new Lambda Execution Environment starts up, Lambda Web Adapter will boot up as a Lambda Extension, followed by the web application.
By default, Lambda Web Adapter will send HTTP GET requests to the web application at http://127.0.0.1:8080/
. The port and path can be customized with two environment variables: AWS_LWA_READINESS_CHECK_PORT
and AWS_LWA_READINESS_CHECK_PATH
.
Lambda Web Adapter will retry this request every 10 milliseconds until the web application returns an HTTP response (status code >= 100 and < 500) or the function times out.
In addition, you can configure the adapter to preform readiness check with TCP connect, by setting AWS_LWA_READINESS_CHECK_PROTOCOL
to tcp
.
After passing readiness check, Lambda Web Adapter will start Lambda Runtime and forward the invokes to the web application.
The readiness check port/path and traffic port can be configured using environment variables. These environment variables can be defined either within docker file or as Lambda function configuration.
Environment Variable | Description | Default |
---|---|---|
AWS_LWA_PORT / PORT* | traffic port | "8080" |
AWS_LWA_READINESS_CHECK_PORT / READINESS_CHECK_PORT* | readiness check port, default to the traffic port | PORT |
AWS_LWA_READINESS_CHECK_PATH / READINESS_CHECK_PATH* | readiness check path | "/" |
AWS_LWA_READINESS_CHECK_PROTOCOL / READINESS_CHECK_PROTOCOL* | readiness check protocol: "http" or "tcp", default is "http" | "http" |
AWS_LWA_READINESS_CHECK_MIN_UNHEALTHY_STATUS | The minimum HTTP status code that is considered unhealthy | "500" |
AWS_LWA_ASYNC_INIT / ASYNC_INIT* | enable asynchronous initialization for long initialization functions | "false" |
AWS_LWA_REMOVE_BASE_PATH / REMOVE_BASE_PATH* | the base path to be removed from request path | None |
AWS_LWA_ENABLE_COMPRESSION | enable gzip compression for response body | "false" |
AWS_LWA_INVOKE_MODE | Lambda function invoke mode: "buffered" or "response_stream", default is "buffered" | "buffered" |
AWS_LWA_PASS_THROUGH_PATH | the path for receiving event payloads that are passed through from non-http triggers | "/events" |
AWS_LWA_AUTHORIZATION_SOURCE | a header name to be replaced to Authorization
|
None |
Note: We use "AWS_LWA_" prefix to namespacing all environment variables used by Lambda Web Adapter. The original ones will be supported until we reach version 1.0.
AWS_LWA_PORT / PORT - Lambda Web Adapter will send traffic to this port. This is the port your web application listening on. Inside Lambda execution environment, the web application runs as a non-root user, and not allowed to listen on ports lower than 1024. Please also avoid port 9001 and 3000. Lambda Runtime API is on port 9001. CloudWatch Lambda Insight extension uses port 3000.
AWS_LWA_ASYNC_INIT / ASYNC_INIT - Lambda managed runtimes offer up to 10 seconds for function initialization. During this period of time, Lambda functions have burst of CPU to accelerate initialization, and it is free.
If a lambda function couldn't complete the initialization within 10 seconds, Lambda will restart the function, and bill for the initialization.
To help functions to use this 10 seconds free initialization time and avoid the restart, Lambda Web Adapter supports asynchronous initialization.
When this feature is enabled, Lambda Web Adapter performs readiness check up to 9.8 seconds. If the web app is not ready by then,
Lambda Web Adapter signals to Lambda service that the init is completed, and continues readiness check in the handler.
This feature is disabled by default. Enable it by setting environment variable AWS_LWA_ASYNC_INIT
to true
.
AWS_LWA_REMOVE_BASE_PATH / REMOVE_BASE_PATH - The value of this environment variable tells the adapter whether the application is running under a base path. For example, you could have configured your API Gateway to have a /orders/{proxy+} and a /catalog/{proxy+} resource. Each resource is handled by a separate Lambda functions. For this reason, the application inside Lambda may not be aware of the fact that the /orders path exists. Use REMOVE_BASE_PATH to remove the /orders prefix when routing requests to the application. Defaults to empty string. Checkout SpringBoot example.
AWS_LWA_ENABLE_COMPRESSION - Lambda Web Adapter supports gzip compression for response body. This feature is disabled by default. Enable it by setting environment variable AWS_LWA_ENABLE_COMPRESSION
to true
.
When enabled, this will compress responses unless it's an image as determined by the content-type starting with image
or the response is less than 32 bytes. This will also compress HTTP/1.1 chunked streaming response.
AWS_LWA_INVOKE_MODE - Lambda function invoke mode, this should match Function Url invoke mode. The default is "buffered". When configured as "response_stream", Lambda Web Adapter will stream response to Lambda service blog. Please check out FastAPI with Response Streaming example.
AWS_LWA_READINESS_CHECK_MIN_UNHEALTHY_STATUS - allows you to customize which HTTP status codes are considered healthy and which ones are not
AWS_LWA_PASS_THROUGH_PATH - Path to receive events payloads passed through from non-http event triggers. The default is "/events".
AWS_LWA_AUTHORIZATION_SOURCE - When set, Lambda Web Adapter replaces the specified header name to Authorization
before proxying a request. This is useful when you use Lambda function URL with IAM auth type, which reserves Authorization header for IAM authentication, but you want to still use Authorization header for your backend apps. This feature is disabled by default.
Request Context is metadata API Gateway sends to Lambda for a request. It usually contains requestId, requestTime, apiId, identity, and authorizer. Identity and authorizer are useful to get client identity for authorization. API Gateway Developer Guide contains more details here.
Lambda Web Adapter forwards this information to the web application in a Http Header named "x-amzn-request-context". In the web application, you can retrieve the value of this http header and deserialize it into a JSON object. Check out Express.js in Zip on how to use it.
Lambda Context is an object that Lambda passes to the function handler. This object provides information about the invocation, function, and execution environment. You can find a full list of properties accessible through the Lambda Context here
Lambda Web Adapter forwards this information to the web application in a Http Header named "x-amzn-lambda-context". In the web application, you can retrieve the value of this http header and deserialize it into a JSON object. Check out Express.js in Zip on how to use it.
For a function with Lambda Extensions registered, Lambda enables shutdown phase for the function. When Lambda service is about to shut down a Lambda execution environment, it sends a SIGTERM signal to the runtime and then a SHUTDOWN event to each registered external extensions. Developers could catch the SIGTERM signal in the lambda functions and perform graceful shutdown tasks. The Express.js gives a simple example. More details in this repo.
Lambda Web Adapter allows developers to develop web applications locally with familiar tools and debuggers: just run the web app locally and test it. If you want to simulate Lambda Runtime environment locally, you can use AWS SAM CLI. The following command starts a local api gateway endpoint and simulate the Lambda runtime execution environment.
sam local start-api
Please note that sam local
starts a Lambda Runtime Interface Emulator on port 8080. So your web application should avoid port 8080
if you plan to use sam local
.
The Lambda Web Adapter also supports all non-HTTP event triggers, such as SQS, SNS, S3, DynamoDB, Kinesis, Kafka, EventBridge, and Bedrock Agents. The adapter forwards the event payload to the web application via http post to a path defined by the AWS_LWA_PASS_THROUGH_PATH
environment variable. By default, this path is set to /events
. Upon receiving the event payload from the request body, the web application should processes it and returns the results as a JSON response. Please checkout SQS Express.js and Bedrock Agent FastAPI in Zip examples.
This project was inspired by several community projects.
Several projects also provide similar capabilities as language specific packages/frameworks.
See CONTRIBUTING for more information.
This project is licensed under the Apache-2.0 License.