AWS Lambda Function URLs

The Before Times

Before Lambda Function URLs existed, if you wanted to expose your lambda to the public via the web, there were many options, but all of them were not free, and in fact, some could be quite expensive. Let's quickly review from most absurd to least absurd:

• Run an EC2 instance in a public subnet and proxy the calls - now you are paying for the EC2 instance, possibly paying for an Elastic IP so you don't have to keep changing where the DNS points, have multiple single points of failure (that EC2 instance runs in 1 AZ with 1 EBS volume), and manually managing DNS forever. Probably about $6/month minimum.
• Run multiple EC2 instances with a Load Balancer - at least the DNS issue goes away, and you have the reliability of multiple AZs (the balancer can spread requests across an entire region). And you don't need public IPs anymore, so that's a plus. But you're now paying for 2+ instances, and the load balancer. At least $13/month.
• Run an API Gateway - this was a common solution, and it was pretty good. AWS manages the entire infrastructure giving you a powerful tool to create REST APIs (or HTTP APIs) and charging $1.00/million or $3.50/million hits (HTTP vs REST). Certainly this made sense, but guaranteed a monthly cost.
• Lambda@Edge on CloudFront - if you could fit your router into an Edge Lambda (or didn't mind invoking another lambda from your edge lambda), you could attach the lambda directly to your CloudFront distribution that fronted your traffic. As long as you were already using CloudFront, this was pretty cost effective, certainly under $1 for a million hits. And CloudFront has a permanent free tier, which you may never exhaust. But you still have the overhead of managing CloudFront.

The New Hotness

Enter Lambda Function URLs. Now, you can expose your lambda directly to the internet with a dedicated URL with just a few clicks. Check a box and you can set up CORS so you can embed these calls directly into your web applications. The cost is rolled into the cost of Lambda, which means the free tier applies (1 million free requests and 400,000 GB-seconds free). No API gateway, no CloudFront, just a secure URL you can hit within seconds and execute your code. There is no faster way to get code running on the internet available in AWS (and among the fastest even outside of AWS).

Safe Proxies

One very good use case for this sort of thing is a proxy to an internal-only network. If you have a well-written, safe bit of code that only knows how to fire a webhook, or make an API call, with only safe tokens, instead of all the heavy lifting in exposing your private networks, you can use this to allow external tools to reach internal APIs without risking the security of the rest of the networking. AWS handles all the heavy lifting, and you just need a limited IAM role, and very simple and specific code to achieve your goal.