docs: improve `aws-lambda` plugin docs (#11211)
diff --git a/docs/en/latest/plugins/aws-lambda.md b/docs/en/latest/plugins/aws-lambda.md
index 1b80dc9..2cfca46 100644
--- a/docs/en/latest/plugins/aws-lambda.md
+++ b/docs/en/latest/plugins/aws-lambda.md
@@ -29,11 +29,11 @@
## Description
-The `aws-lambda` Plugin is used for integrating APISIX with [AWS Lambda](https://aws.amazon.com/lambda/) as a dynamic upstream to proxy all requests for a particular URI to the AWS Cloud.
+The `aws-lambda` Plugin is used for integrating APISIX with [AWS Lambda](https://aws.amazon.com/lambda/) and [Amazon API Gateway](https://aws.amazon.com/api-gateway/) as a dynamic upstream to proxy all requests for a particular URI to the AWS Cloud.
When enabled, the Plugin terminates the ongoing request to the configured URI and initiates a new request to the AWS Lambda Gateway URI on behalf of the client with configured authorization details, request headers, body and parameters (all three passed from the original request). It returns the response with headers, status code and the body to the client that initiated the request with APISIX.
-This Plugin supports authorization via AWS API key and AWS IAM secrets.
+This Plugin supports authorization via AWS API key and AWS IAM secrets. The Plugin implements [AWS Signature Version 4 signing](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html) for IAM secrets.
## Attributes
@@ -43,21 +43,16 @@
| authorization | object | False | | | Authorization credentials to access the cloud function. |
| authorization.apikey | string | False | | | Generated API Key to authorize requests to the AWS Gateway endpoint. |
| authorization.iam | object | False | | | Used for AWS IAM role based authorization performed via AWS v4 request signing. See [IAM authorization schema](#iam-authorization-schema). |
+| authorization.iam.accesskey | string | True | | Generated access key ID from AWS IAM console. |
+| authorization.iam.secretkey | string | True | | Generated access key secret from AWS IAM console. |
+| authorization.iam.aws_region | string | False | "us-east-1" | AWS region where the request is being sent. |
+| authorization.iam.service | string | False | "execute-api" | The service that is receiving the request. For Amazon API gateway APIs, it should be set to `execute-api`. For Lambda function, it should be set to `lambda`. |
| timeout | integer | False | 3000 | [100,...] | Proxy request timeout in milliseconds. |
| ssl_verify | boolean | False | true | true/false | When set to `true` performs SSL verification. |
| keepalive | boolean | False | true | true/false | When set to `true` keeps the connection alive for reuse. |
| keepalive_pool | integer | False | 5 | [1,...] | Maximum number of requests that can be sent on this connection before closing it. |
| keepalive_timeout | integer | False | 60000 | [1000,...] | Time is ms for connection to remain idle without closing. |
-### IAM Authorization Schema
-
-| Name | Type | Required | Default | Description |
-|------------|--------|----------|---------------|-------------------------------------------------------------------------------------|
-| accesskey | string | True | | Generated access key ID from AWS IAM console. |
-| secret_key | string | True | | Generated access key secret from AWS IAM console. |
-| aws_region | string | False | "us-east-1" | AWS region where the request is being sent. |
-| service | string | False | "execute-api" | The service that is receiving the request. For HTTP trigger, it is `"execute-api"`. |
-
## Enable Plugin
The example below shows how you can configure the Plugin on a specific Route:
@@ -78,7 +73,7 @@
"aws-lambda": {
"function_uri": "https://x9w6z07gb9.execute-api.us-east-1.amazonaws.com/default/test-apisix",
"authorization": {
- "apikey": "<Generated API Key from aws console>",
+ "apikey": "<Generated API Key from aws console>"
},
"ssl_verify":false
}
diff --git a/docs/zh/latest/plugins/aws-lambda.md b/docs/zh/latest/plugins/aws-lambda.md
index 1f543b5..7b23a35 100644
--- a/docs/zh/latest/plugins/aws-lambda.md
+++ b/docs/zh/latest/plugins/aws-lambda.md
@@ -29,11 +29,11 @@
## 描述
-`aws-lambda` 插件用于将 [AWS Lambda](https://aws.amazon.com/lambda/) 作为动态上游集成至 APISIX,从而实现将访问指定 URI 的请求代理到 AWS 云。
+`aws-lambda` 插件用于将 [AWS Lambda](https://aws.amazon.com/lambda/) 和 [Amazon API Gateway](https://aws.amazon.com/api-gateway/) 作为动态上游集成至 APISIX,从而实现将访问指定 URI 的请求代理到 AWS 云。
启用 `aws-lambda` 插件后,该插件会终止对已配置 URI 的请求,并代表客户端向 AWS Lambda Gateway URI 发起一个新的请求。这个新请求中携带了之前配置的授权详细信息,包括请求头、请求体和参数(以上参数都是从原始请求中传递的),然后 `aws-lambda` 插件会将带有响应头、状态码和响应体的响应信息返回给使用 APISIX 发起请求的客户端。
-该插件支持通过 AWS API key 和 AWS IAM secrets 进行授权。
+该插件支持通过 AWS API key 和 AWS IAM secrets 进行授权。当使用 AWS IAM secrets 时,该插件支持 [AWS Signature Version 4 signing](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html)。
## 属性
@@ -43,21 +43,16 @@
| authorization | object | 否 | | | 访问云函数的授权凭证。 |
| authorization.apikey | string | 否 | | | 生成的 API 密钥,用于授权对 AWS Gateway 端点的请求。 |
| authorization.iam | object | 否 | | | 用于通过 AWS v4 请求签名执行的基于 AWS IAM 角色的授权。请参考 [IAM 授权方案](#iam-授权方案)。 |
+| authorization.iam.accesskey | string | 是 | | 从 AWS IAM 控制台生成的访问密钥 ID。 |
+| authorization.iam.secretkey | string | 是 | | 从 AWS IAM 控制台生成的访问密钥。 |
+| authorization.iam.aws_region | string | 否 | "us-east-1" | 发出请求的 AWS 区域。有关更多 AWS 区域代码的信息请参考 [AWS 区域代码表](https://docs.aws.amazon.com/zh_cn/general/latest/gr/rande.html#region-names-codes)。 |
+| authorization.iam.service | string | 否 | "execute-api" | 接收该请求的服务。若使用 Amazon API gateway APIs, 应设置为 `execute-api`。若使用 Lambda function, 应设置为 `lambda`。 |
| timeout | integer | 否 | 3000 | [100,...] | 代理请求超时(以毫秒为单位)。 |
| ssl_verify | boolean | 否 | true | true/false | 当设置为 `true` 时执行 SSL 验证。 |
| keepalive | boolean | 否 | true | true/false | 当设置为 `true` 时,保持连接的活动状态以便重复使用。 |
| keepalive_pool | integer | 否 | 5 | [1,...] | 在关闭该连接之前,可以在该连接上发送的最大请求数。 |
| keepalive_timeout | integer | 否 | 60000 | [1000,...] | 当连接空闲时,保持该连接处于活动状态的时间,以毫秒为单位。 |
-### IAM 授权方案
-
-| 名称 | 类型 | 必选项 | 默认值 | 描述 |
-| ---------- | ------ | -------- | ------------- | ------------------------------------------------------------ |
-| accesskey | string | 是 | | 从 AWS IAM 控制台生成的访问密钥 ID。 |
-| secret_key | string | 是 | | 从 AWS IAM 控制台生成的访问密钥。 |
-| aws_region | string | 否 | "us-east-1" | 发出请求的 AWS 区域。有关更多 AWS 区域代码的信息请参考 [AWS 区域代码表](https://docs.aws.amazon.com/zh_cn/general/latest/gr/rande.html#region-names-codes)。 |
-| service | string | 否 | "execute-api" | 接收该请求的服务。请注意,对于 HTTP 触发器是 `"execute-api"`。 |
-
## 启用插件
你可以通过以下命令在指定路由中启用该插件:
@@ -80,7 +75,7 @@
"aws-lambda": {
"function_uri": "https://x9w6z07gb9.execute-api.us-east-1.amazonaws.com/default/test-apisix",
"authorization": {
- "apikey": "<Generated API Key from aws console>",
+ "apikey": "<Generated API Key from aws console>"
},
"ssl_verify":false
}
