Get user's IP Address in Lambda (with API Gateway, and Python)
I was using this technique (How could I retrieve AWS Lambda public IP address by using Python?) but it gives the IPAddress of the Lambda Server within AWS.
Based on this: How can I retrieve a user's public IP address via Amazon API Gateway + Lambda (node), it looks like I should be able to use
ip_address = event['requestContext']['identity']['sourceIp'];
My handler starts like this:
def lambda_handler(event, context):
but if I do a pprint.pprint(event), I don't see any RequestContext in it, only the "body".
The last comment by FFXSam on the Jonathan answer says "It should be noted that event.requestContext.identity is not present if you're serving a page that's not behind an authorizer.". I'm not sure what that means or why it is true. I'm using API Gateway, and JavaScript code on the client side is calling it.
I could ask the client coder to send me the local IP Address in the body, but it seems like I should be able to get it in the Lambda function itself.
Someone ask for the events, even though I said it only had the fields being passed in a json element called "body":
code:
print("pprint event:")
pprint.pprint(event)
2021-06-06T13:30:01.231-05:00 pprint event:
2021-06-06T13:30:01.231-05:00 {'body': {'ResponseTimeMilliseconds': 2225,
2021-06-06T13:30:01.231-05:00 'authToken': '12312312',
2021-06-06T13:30:01.231-05:00 'handNumber': 7}}
I rewarded bounty to Muzaffar Shaikh, but here I will give a more thorough explanation, which seems to be lacking on StackOverflow. His answer got the IP Address, but dropped my "body" field, but it certainly pointed me in the right direction.
In the AWS API Gateway tool, click "Resources" then your method (mine was "Post"), then click on "Integration Request" as shown here.
Scroll down to the bottom, and if there are not any templates, type in "application/json" and click the checkbox (note, "application/json" is there in light gray letters, but just clicking the checkbox without typing it doesn't work).
Then I put in the following template:
{
"client_ip" : "$input.params('X-Forwarded-For')",
"user_agent" : "$input.params('User-Agent')",
"body" : $input.json('$.body')
}
NOTE: if I put $input.json('$') or $input.json('body'), I ended up with a "body" field inside my "body" field, which broke the current logic.
When the web page was completed, it looked like this:
The next step is to redeploy your template to the "deploy stage" (environment) you were using.
By the way, when entering the template, if you click "Method Request passthrough" in the "Generate template" drop down box, it will generate a template like this (I didn't use this option, but will read more about it soon):
## See http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html
## This template will pass through all parameters including path, querystring, header, stage variables, and context through to the integration endpoint via the body/payload
#set($allParams = $input.params())
{
"body-json" : $input.json('$'),
"params" : {
#foreach($type in $allParams.keySet())
#set($params = $allParams.get($type))
"$type" : {
#foreach($paramName in $params.keySet())
"$paramName" : "$util.escapeJavaScript($params.get($paramName))"
#if($foreach.hasNext),#end
#end
}
#if($foreach.hasNext),#end
#end
},
"stage-variables" : {
#foreach($key in $stageVariables.keySet())
"$key" : "$util.escapeJavaScript($stageVariables.get($key))"
#if($foreach.hasNext),#end
#end
},
"context" : {
"account-id" : "$context.identity.accountId",
"api-id" : "$context.apiId",
"api-key" : "$context.identity.apiKey",
"authorizer-principal-id" : "$context.authorizer.principalId",
"caller" : "$context.identity.caller",
"cognito-authentication-provider" : "$context.identity.cognitoAuthenticationProvider",
"cognito-authentication-type" : "$context.identity.cognitoAuthenticationType",
"cognito-identity-id" : "$context.identity.cognitoIdentityId",
"cognito-identity-pool-id" : "$context.identity.cognitoIdentityPoolId",
"http-method" : "$context.httpMethod",
"stage" : "$context.stage",
"source-ip" : "$context.identity.sourceIp",
"user" : "$context.identity.user",
"user-agent" : "$context.identity.userAgent",
"user-arn" : "$context.identity.userArn",
"request-id" : "$context.requestId",
"resource-id" : "$context.resourceId",
"resource-path" : "$context.resourcePath"
}
}
Two reference for mapping templates:
- https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html
- https://docs.aws.amazon.com/apigateway/latest/developerguide/models-mappings.html
I still have some research to do as to when to user "$input.params" vs "$context.some_value".
- Reporting AWS Tools RDS or Redshift?
- What does "eksctl create iamserviceaccount" do under the hood on an EKS cluster?
- Configure Selenium Nodes without a JSON file
- How to bypass expectation of S3 server 100-contiune response in Boto3 put_object method
- Deleting Perforce depot from AWS EC2 server does not free up space on EC2
- Middy is not getting a secret from Secret Manager in a NodeJS AWS Lambda
- Can I include a display name when sending email from the AWS SES Javascript v3 SDK?
- Is it possible to add fields to struct in an existing AWS Athena table?
- AWS SNS - Message missing a phone number
- How to run a one-off task on AWS ECS Fargate?
- AWS FIFO queues subscription with SNS: passing message group id
- Is it necessary to add health-check config for ecs.CfnTaskDefinition.ContainerDefinitionProperty?
- AWS CLI to get all matching CloudFronts using the "--query" option?
- What is the best way to read a csv and text file from S3 on AWS glue without having to read it as a Dynamic daataframe?
- Why is CloudFormation saying AlreadyExists when creating a AWS::ApiGateway::Authorizer
- AWS sts assume role in one command
- GetSecretValue, get identity: get credentials: failed to refresh cached credentials
- Does PutACLAsync make a copy of an object?
- How to use AWS CodeArtifact *within* A Dockerfile in AWSCodeBuild
- AWS CodeBuild: Accessing CodeCommit repository in another account?
- AWS Java SDK SSL Certificates
- How can I use AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY to perform actions in AWS through a Jenkins pipeline?
- Syntax error when executing Invoke-DDBQuery to fetch dynamodb record using Powershell
- How can I delete a specific record from my AWS Glue table?
- Start cfn-init in Ubuntu instance with cloudformation (yaml)
- How to check ephemeral storage that is allocated to EKS node
- Permission Error Running Container in AWS CodeBuild
- retrieve list of urls from Amazon S3 bucket using R
- New volume in ec2 instance not reflecting
- How to allocate GPUs on AWS Free Tier?