Is it possible to setup Lambda authorizer to sit in front of ECS application?

Question

I have a serverless application that currently consists of a few lambdas sitting behind an API Gateway - pretty standard. For authorization, I use a custom authorizer for API Gateway (which is basically another lambda that is called before the request goes through to the intended lambda, assuming request is authorized).

This setup, however, does not work for me, because the application needs in some requests a longer timeout than the 29s from API Gateway. My solution was to setup a long running application using ECS and Load Balancer.

I was wondering if it is possible to reuse the authorizer lambda that I was using in the serverless setup - I have other serverless applications running within the system and they all share the authorizer, so it would be useful to keep it that way.

Some links I found in researching this:

• https://aws.amazon.com/blogs/compute/better-together-amazon-ecs-and-aws-lambda/
• Amazon API Gateway in front of ELB and ECS Cluster
• https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html

But I haven't found anything specific to this problem (maybe I'm looking at it wrong).Any ideas?

Answer 1

This may not have been a possibility at the time the question was asked, but the pattern of APIGateway > ALB is supported by API Gateway integrations with ECS:

https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-private-integration.html

With this setup, you would be switching the lambda integration for the VPC/ALB integration, while keeping the existing lambda authorizer.