TL;DR
API AWS Lambda memungkinkan developer mengotomasi deployment, pengelolaan, dan pemanggilan fungsi serverless secara terprogram. API ini menggunakan autentikasi IAM (SigV4), endpoint RESTful, mendukung pola pemanggilan sinkron/asinkron, serta kontrol konkurensi per akun. Panduan ini membahas praktik setup autentikasi, deployment fungsi, pemanggilan, pemetaan event source, hingga strategi arsitektur serverless siap produksi.
Pendahuluan
AWS Lambda memproses triliunan permintaan bulanan untuk jutaan pengguna aktif. Untuk developer yang membangun aplikasi serverless, pipeline CI/CD, atau otomatisasi berbasis event, integrasi API Lambda sangat krusial—baik untuk Infrastructure as Code maupun deployment otomatis.
Realitanya, tim dengan 50+ fungsi Lambda yang dikelola manual akan kehilangan banyak waktu hanya untuk deployment, update konfigurasi, dan monitoring. Automasi API Lambda dapat memangkas jam kerja, mendukung rilis blue-green, dan memungkinkan penskalaan dinamis.
Panduan ini akan memandu Anda secara step-by-step: autentikasi IAM, deploy fungsi, pola pemanggilan (sinkron/asinkron), pemetaan event source, arsitektur berlapis, serta strategi deployment produksi. Target: integrasi Lambda siap produksi.
Apa Itu API AWS Lambda?
AWS Lambda menyediakan API RESTful untuk pengelolaan fungsi komputasi serverless. API ini meliputi:
- CRUD fungsi Lambda
- Deployment dan versioning kode
- Pemanggilan sinkron & asinkron
- Pemetaan event source (SQS, Kinesis, DynamoDB, S3, dll)
- Pengelolaan Lambda Layer & alias
- Kontrol konkurensi
- Logging, monitoring, dan integrasi observability
Fitur Utama
| Fitur | Deskripsi |
|---|---|
| API RESTful | Endpoint HTTPS standar |
| Autentikasi IAM | AWS Signature Versi 4 |
| Pemanggilan Asinkron | Fire-and-forget event processing |
| Pemanggilan Sinkron | Request-response |
| Sumber Peristiwa | 200+ integrasi layanan AWS |
| Layer | Kode/dependensi bersama |
| Versi/Alias | Shift traffic, rollback |
| Konkurensi Terprovisi | Eliminasi cold start |
Dukungan Runtime Lambda
| Runtime | Versi | Use Case |
|---|---|---|
| Node.js | 18.x, 20.x | Backend API, event processing |
| Python | 3.9, 3.10, 3.11 | Data processing, ML inference |
| Java | 11, 17, 21 | Enterprise apps |
| Go | 1.x | High-perf API |
| Rust | 1.x | Low-latency functions |
| .NET | 6, 8 | Windows workloads |
| Ruby | 3.x | Web apps |
| Kustom | Apa saja | Custom runtime via container |
Ikhtisar Arsitektur API
Struktur endpoint Lambda:
https://lambda.{region}.amazonaws.com/2015-03-31/
Versi API
| Versi | Status | Use Case |
|---|---|---|
| 2015-03-31 | Saat ini | Semua operasi Lambda |
| 2018-01-31 | Runtime API | Custom runtime integration |
Memulai: Penyiapan Autentikasi
Langkah 1: Buat Akun AWS dan Pengguna IAM
- Kunjungi Konsol AWS
- Register akun AWS
- Masuk ke Konsol IAM → Pengguna → Buat Pengguna
- Lampirkan policy eksekusi Lambda
Langkah 2: Hasilkan Kredensial IAM
Buat access key untuk akses terprogram:
# Via AWS CLI
aws iam create-access-key --user-name lambda-deployer
# Output: Simpan baik-baik
{
"AccessKey": {
"AccessKeyId": "AKIAIOSFODNN7EXAMPLE",
"SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
}
}
Tips keamanan: Simpan kredensial di ~/.aws/credentials atau environment variable.
# ~/.aws/credentials
[lambda-deployer]
aws_access_key_id = AKIAIOSFODNN7EXAMPLE
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
# Atau pakai env
export AWS_ACCESS_KEY_ID="AKIAIOSFODNN7EXAMPLE"
export AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
export AWS_DEFAULT_REGION="us-east-1"
Langkah 3: Implementasi AWS Signature Versi 4
Seluruh request ke API Lambda wajib menggunakan Signature V4.
const crypto = require('crypto');
class AWSSigner {
constructor(accessKeyId, secretAccessKey, region, service = 'lambda') {
this.accessKeyId = accessKeyId;
this.secretAccessKey = secretAccessKey;
this.region = region;
this.service = service;
}
sign(request, body = null) {
const now = new Date();
const amzDate = now.toISOString().replace(/[:-]|\.\d{3}/g, '');
const dateStamp = amzDate.slice(0, 8);
// Canonical request
const hashedPayload = body ? crypto.createHash('sha256').update(body).digest('hex') : 'UNSIGNED-PAYLOAD';
const canonicalUri = request.path;
const canonicalQuerystring = request.query || '';
const canonicalHeaders = `host:${request.host}\nx-amz-date:${amzDate}\n`;
const signedHeaders = 'host;x-amz-date';
const canonicalRequest = `${request.method}\n${canonicalUri}\n${canonicalQuerystring}\n${canonicalHeaders}\n${signedHeaders}\n${hashedPayload}`;
// String to sign
const algorithm = 'AWS4-HMAC-SHA256';
const credentialScope = `${dateStamp}/${this.region}/${this.service}/aws4_request`;
const hash = crypto.createHash('sha256').update(canonicalRequest).digest('hex');
const stringToSign = `${algorithm}\n${amzDate}\n${credentialScope}\n${hash}`;
// Signature calculation
const kDate = this.hmac(`AWS4${this.secretAccessKey}`, dateStamp);
const kRegion = this.hmac(kDate, this.region);
const kService = this.hmac(kRegion, this.service);
const kSigning = this.hmac(kService, 'aws4_request');
const signature = this.hmac(kSigning, stringToSign, 'hex');
// Authorization header
const authorizationHeader = `${algorithm} Credential=${this.accessKeyId}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signature}`;
return {
'Authorization': authorizationHeader,
'X-Amz-Date': amzDate,
'X-Amz-Content-Sha256': hashedPayload
};
}
hmac(key, string, encoding = 'buffer') {
return crypto.createHmac('sha256', key).update(string).digest(encoding);
}
}
// Contoh pemakaian
const signer = new AWSSigner(
process.env.AWS_ACCESS_KEY_ID,
process.env.AWS_SECRET_ACCESS_KEY,
'us-east-1'
);
Langkah 4: Buat Klien API Lambda
const LAMBDA_BASE_URL = 'https://lambda.us-east-1.amazonaws.com/2015-03-31';
const lambdaRequest = async (path, options = {}) => {
const url = new URL(`${LAMBDA_BASE_URL}${path}`);
const method = options.method || 'GET';
const body = options.body ? JSON.stringify(options.body) : null;
const signer = new AWSSigner(
process.env.AWS_ACCESS_KEY_ID,
process.env.AWS_SECRET_ACCESS_KEY,
'us-east-1'
);
const headers = signer.sign({ method, host: 'lambda.us-east-1.amazonaws.com', path }, body);
const response = await fetch(url.toString(), {
method,
headers: {
'Content-Type': 'application/json',
...headers,
...options.headers
},
body
});
if (!response.ok) {
const error = await response.json();
throw new Error(`Lambda API Error: ${error.Message}`);
}
return response.json();
};
// List fungsi Lambda
const functions = await lambdaRequest('/functions');
console.log(`Ditemukan ${functions.Functions.length} fungsi`);
Alternatif: Pakai AWS SDK
Untuk produksi, gunakan AWS SDK agar proses signing otomatis.
const { LambdaClient, ListFunctionsCommand, CreateFunctionCommand, InvokeCommand } = require('@aws-sdk/client-lambda');
const lambda = new LambdaClient({ region: 'us-east-1' });
// Daftar fungsi
const listCommand = new ListFunctionsCommand({});
const result = await lambda.send(listCommand);
// Buat fungsi baru
const createCommand = new CreateFunctionCommand({
FunctionName: 'my-function',
Runtime: 'nodejs20.x',
Role: 'arn:aws:iam::123456789012:role/lambda-execution-role',
Handler: 'index.handler',
Code: {
S3Bucket: 'my-bucket',
S3Key: 'function.zip'
}
});
const fn = await lambda.send(createCommand);
Pengelolaan Fungsi
Membuat Fungsi
const createFunction = async (functionConfig) => {
const response = await lambdaRequest('/functions', {
method: 'POST',
body: {
FunctionName: functionConfig.name,
Runtime: functionConfig.runtime || 'nodejs20.x',
Role: functionConfig.roleArn,
Handler: functionConfig.handler || 'index.handler',
Code: {
S3Bucket: functionConfig.s3Bucket,
S3Key: functionConfig.s3Key
},
Description: functionConfig.description || '',
Timeout: functionConfig.timeout || 3,
MemorySize: functionConfig.memorySize || 128,
Environment: {
Variables: functionConfig.environment || {}
},
Tags: functionConfig.tags || {}
}
});
return response;
};
// Contoh
const fn = await createFunction({
name: 'order-processor',
roleArn: 'arn:aws:iam::123456789012:role/lambda-execution-role',
handler: 'index.handler',
runtime: 'nodejs20.x',
s3Bucket: 'my-deployments-bucket',
s3Key: 'order-processor/v1.0.0.zip',
description: 'Memproses pesanan dari antrean SQS',
timeout: 30,
memorySize: 512,
environment: {
DB_HOST: 'db.example.com',
LOG_LEVEL: 'info'
}
});
console.log(`Fungsi dibuat: ${fn.FunctionArn}`);
Upload Kode Langsung
Untuk fungsi kecil (<50MB terkompresi):
const fs = require('fs');
const path = require('path');
const createFunctionWithZip = async (functionName, zipPath) => {
const zipBuffer = fs.readFileSync(zipPath);
const base64Code = zipBuffer.toString('base64');
const response = await lambdaRequest('/functions', {
method: 'POST',
body: {
FunctionName: functionName,
Runtime: 'nodejs20.x',
Role: 'arn:aws:iam::123456789012:role/lambda-execution-role',
Handler: 'index.handler',
Code: {
ZipFile: base64Code
}
}
});
return response;
};
// Paket kode: zip -r function.zip index.js node_modules/
await createFunctionWithZip('my-function', './function.zip');
Update Kode Fungsi
const updateFunctionCode = async (functionName, updateConfig) => {
const response = await lambdaRequest(`/functions/${functionName}/code`, {
method: 'PUT',
body: {
S3Bucket: updateConfig.s3Bucket,
S3Key: updateConfig.s3Key,
Publish: updateConfig.publish || false
}
});
return response;
};
// Contoh update
const updated = await updateFunctionCode('order-processor', {
s3Bucket: 'my-deployments-bucket',
s3Key: 'order-processor/v1.1.0.zip',
publish: true // Buat versi baru
});
console.log(`Diperbarui ke versi: ${updated.Version}`);
Update Konfigurasi Fungsi
const updateFunctionConfig = async (functionName, config) => {
const response = await lambdaRequest(`/functions/${functionName}/configuration`, {
method: 'PUT',
body: {
Runtime: config.runtime,
Handler: config.handler,
Description: config.description,
Timeout: config.timeout,
MemorySize: config.memorySize,
Environment: {
Variables: config.environment
}
}
});
return response;
};
// Contoh update konfigurasi
const updated = await updateFunctionConfig('order-processor', {
timeout: 60,
memorySize: 1024,
environment: {
DB_HOST: 'new-db.example.com',
LOG_LEVEL: 'debug'
}
});
Hapus Fungsi
const deleteFunction = async (functionName, qualifier = null) => {
const path = qualifier
? `/functions/${functionName}?Qualifier=${qualifier}`
: `/functions/${functionName}`;
await lambdaRequest(path, { method: 'DELETE' });
console.log(`Fungsi ${functionName} dihapus`);
};
Pemanggilan Fungsi
Pemanggilan Sinkron (Request-Response)
const invokeFunction = async (functionName, payload, qualifier = null) => {
const path = qualifier
? `/functions/${functionName}/invocations?Qualifier=${qualifier}`
: `/functions/${functionName}/invocations`;
const response = await lambdaRequest(path, {
method: 'POST',
headers: {
'X-Amz-Invocation-Type': 'RequestResponse',
'X-Amz-Log-Type': 'Tail'
},
body: payload
});
const result = JSON.parse(Buffer.from(response.Payload).toString());
const logs = Buffer.from(response.LogResult, 'base64').toString();
return { result, logs };
};
// Contoh usage
const { result, logs } = await invokeFunction('order-processor', {
orderId: 'ORD-12345',
customerId: 'CUST-67890',
items: [
{ sku: 'PROD-001', quantity: 2 },
{ sku: 'PROD-002', quantity: 1 }
]
});
console.log(`Hasil: ${JSON.stringify(result)}`);
console.log(`Log:\n${logs}`);
Pemanggilan Asinkron (Fire-and-Forget)
const invokeAsync = async (functionName, payload) => {
const response = await lambdaRequest(`/functions/${functionName}/invocations`, {
method: 'POST',
headers: {
'X-Amz-Invocation-Type': 'Event',
'X-Amz-Log-Type': 'None'
},
body: payload
});
return {
statusCode: response.StatusCode,
executionId: response['X-Amz-Execution-Id']
};
};
// Contoh trigger async
const result = await invokeAsync('email-sender', {
to: 'customer@example.com',
template: 'order-confirmation',
data: { orderId: 'ORD-12345' }
});
console.log(`ID pemanggilan asinkron: ${result.executionId}`);
Pemanggilan Dry Run
const dryRunInvocation = async (functionName) => {
const response = await lambdaRequest(`/functions/${functionName}/invocations`, {
method: 'POST',
headers: {
'X-Amz-Invocation-Type': 'DryRun'
}
});
return response;
};
// Verifikasi izin IAM
try {
await dryRunInvocation('order-processor');
console.log('Izin pemanggilan OK');
} catch (error) {
console.error('Izin ditolak:', error.message);
}
Jenis Respons Pemanggilan
| Jenis | Perilaku | Use Case |
|---|---|---|
| RequestResponse | Sinkron, tunggu hasil | API call, CLI command |
| Event | Asinkron, fire-and-forget | Event, notifikasi |
| DryRun | Uji izin saja | Validasi, debugging |
Pengelolaan Versi & Alias
Menerbitkan Versi
const publishVersion = async (functionName, description = null) => {
const response = await lambdaRequest(`/functions/${functionName}/versions`, {
method: 'POST',
body: description ? { Description: description } : {}
});
return response;
};
// Publish versi
const version = await publishVersion('order-processor', 'v1.2.0 - Tambah perhitungan pajak');
console.log(`Versi yang diterbitkan: ${version.Version}`);
Membuat Alias
const createAlias = async (functionName, aliasName, version, description = null) => {
const response = await lambdaRequest(`/functions/${functionName}/aliases`, {
method: 'POST',
body: {
Name: aliasName,
FunctionVersion: version,
Description: description
}
});
return response;
};
// Alias produksi
const prodAlias = await createAlias('order-processor', 'prod', '5', 'Versi produksi');
console.log(`ARN Alias: ${prodAlias.AliasArn}`);
Pergeseran Lalu Lintas dengan RoutingConfig
const updateAliasWithRouting = async (functionName, aliasName, routingConfig) => {
const response = await lambdaRequest(`/functions/${functionName}/aliases/${aliasName}`, {
method: 'PUT',
body: {
RoutingConfig: {
AdditionalVersionWeights: routingConfig
}
}
});
return response;
};
// Shift 10% traffic ke versi 6, sisanya ke versi 5
await updateAliasWithRouting('order-processor', 'prod', { '6': 0.1 });
// Jika sudah stabil, geser sepenuhnya
await updateAliasWithRouting('order-processor', 'prod', {});
Contoh Alias
| Alias | Versi | Tujuan |
|---|---|---|
| dev | $LATEST | Pengujian dev |
| staging | Versi teruji | QA/validasi |
| prod | Versi stabil | Lalu lintas produksi |
| blue | Prod aktif | Blue-green deployment |
| green | Versi baru | Blue-green deployment |
Pemetaan Sumber Peristiwa
Membuat Pemicu SQS
const createSQSEventSource = async (functionName, queueArn, batchSize = 10) => {
const response = await lambdaRequest('/event-source-mappings', {
method: 'POST',
body: {
EventSourceArn: queueArn,
FunctionName: functionName,
BatchSize: batchSize,
Enabled: true
}
});
return response;
};
// Contoh
const mapping = await createSQSEventSource(
'order-processor',
'arn:aws:sqs:us-east-1:123456789012:orders-queue',
10
);
console.log(`Sumber peristiwa dibuat: ${mapping.UUID}`);
Membuat Pemicu DynamoDB Stream
const createDynamoDBEventSource = async (functionName, streamArn, startingPosition = 'LATEST') => {
const response = await lambdaRequest('/event-source-mappings', {
method: 'POST',
body: {
EventSourceArn: streamArn,
FunctionName: functionName,
StartingPosition: startingPosition,
BatchSize: 100,
BisectBatchOnFunctionError: true,
MaximumRetryAttempts: 3
}
});
return response;
};
// Contoh
await createDynamoDBEventSource(
'user-analytics',
'arn:aws:dynamodb:us-east-1:123456789012:table/Users/stream/2026-03-25T00:00:00.000'
);
Jenis Sumber Peristiwa
| Sumber | Use Case | Dukungan Batch |
|---|---|---|
| SQS | Antrean pesan | Ya (1–10) |
| Kinesis | Streaming realtime | Ya (1–10.000) |
| DynamoDB | Perubahan DB | Ya (1–1.000) |
| S3 | Event objek | Tidak |
| EventBridge | Event routing | Ya |
| API Gateway | HTTP API | Tidak |
| Jadwal | Cron job | Tidak |
Pengelolaan Layer
Membuat Layer
const createLayer = async (layerName, layerConfig) => {
const response = await lambdaRequest('/layers', {
method: 'POST',
body: {
LayerName: layerName,
Description: layerConfig.description,
CompatibleRuntimes: layerConfig.runtimes,
Content: {
S3Bucket: layerConfig.s3Bucket,
S3Key: layerConfig.s3Key
}
}
});
return response;
};
// Contoh
const layer = await createLayer('shared-utils', {
description: 'Utilitas dan dependensi bersama',
runtimes: ['nodejs20.x', 'nodejs18.x'],
s3Bucket: 'my-layers-bucket',
s3Key: 'shared-utils/v1.zip'
});
console.log(`ARN Layer: ${layer.LayerArn}`);
Menggunakan Layer di Fungsi
const createFunctionWithLayers = async (functionConfig) => {
const response = await lambdaRequest('/functions', {
method: 'POST',
body: {
FunctionName: functionConfig.name,
Runtime: functionConfig.runtime,
Role: functionConfig.roleArn,
Handler: functionConfig.handler,
Code: {
S3Bucket: functionConfig.s3Bucket,
S3Key: functionConfig.s3Key
},
Layers: functionConfig.layers // Array ARN layer
}
});
return response;
};
// Contoh
await createFunctionWithLayers({
name: 'api-handler',
roleArn: 'arn:aws:iam::123456789012:role/lambda-execution-role',
handler: 'index.handler',
runtime: 'nodejs20.x',
s3Bucket: 'my-deployments-bucket',
s3Key: 'api-handler/v1.0.0.zip',
layers: [
'arn:aws:lambda:us-east-1:123456789012:layer:shared-utils:1',
'arn:aws:lambda:us-east-1:123456789012:layer:aws-sdk:3'
]
});
Konkurensi & Penskalaan
Menyetel Konkurensi Cadangan
const putFunctionConcurrency = async (functionName, reservedConcurrentExecutions) => {
const response = await lambdaRequest(`/functions/${functionName}/concurrency`, {
method: 'PUT',
body: {
ReservedConcurrentExecutions: reservedConcurrentExecutions
}
});
return response;
};
// Cadangkan 100 eksekusi bersamaan
await putFunctionConcurrency('order-processor', 100);
Batas Konkurensi Akun
| Jenis Akun | Batas Default | Peningkatan |
|---|---|---|
| Free Tier | 1.000 | Ya |
| Pay-as-you-go | 1.000 | Ya |
| Enterprise | 1.000+ | Batas custom |
Daftar Periksa Deployment Produksi
Pastikan checklist berikut sebelum deployment:
- [ ] Gunakan AWS SDK untuk signing SigV4 otomatis
- [ ] Terapkan versioning & alias
- [ ] Konfigurasi reserved concurrency untuk fungsi penting
- [ ] Siapkan DLQ untuk async invocation
- [ ] Aktifkan X-Ray tracing
- [ ] Konfigurasi VPC jika perlu akses DB
- [ ] Implementasi logging terstruktur (JSON)
- [ ] Setup alarm CloudWatch
- [ ] Pakai layer untuk dependensi bersama
- [ ] Terapkan strategi blue/green deployment
Kasus Penggunaan Dunia Nyata
Backend API
Perusahaan SaaS membangun REST API tanpa server:
- Tantangan: Lonjakan traffic tidak terduga
- Solusi: Lambda + API Gateway, auto scaling
- Hasil: 99,99% uptime, biaya turun 60% vs EC2
Implementasi:
- Satu Lambda per resource
- API Gateway untuk routing/auth
- DynamoDB untuk storage
- Provisioned concurrency untuk latensi rendah
Pipeline Pemrosesan Event
Platform e-commerce untuk pemrosesan order:
- Tantangan: Lonjakan order saat big sale
- Solusi: SQS + Lambda batch processing
- Hasil: Tidak ada order hilang, mampu handle lonjakan 10x
Implementasi:
- SQS sebagai buffer order
- Lambda proses 10 pesan per batch
- DLQ untuk pesan gagal
- CloudWatch alarm pada kedalaman antrean
Kesimpulan
API AWS Lambda memberikan kapabilitas komputasi serverless yang powerful. Poin utama untuk implementasi:
- IAM auth dengan SigV4 signing (pakai AWS SDK)
- Pola pemanggilan sinkron & asinkron
- Versioning & alias untuk deployment
- Event source mapping untuk arsitektur serverless
- Layer untuk kode/dependensi bersama
- Apidog memudahkan pengujian API & kolaborasi tim
Bagian FAQ
Bagaimana cara saya melakukan autentikasi dengan API Lambda?
Gunakan kredensial AWS IAM dan signature versi 4. AWS SDK otomatis menghandle proses signing.
Apa perbedaan antara pemanggilan sinkron dan asinkron?
Pemanggilan sinkron (RequestResponse): menunggu hasil eksekusi fungsi.
Pemanggilan asinkron (Event): permintaan langsung diantrekan, tidak menunggu hasil.
Bagaimana cara kerja versi Lambda?
Setiap versi yang diterbitkan adalah snapshot immutable dari fungsi. Alias digunakan untuk menunjuk versi tertentu dan mengatur pergeseran lalu lintas.
Apa itu Lambda Layers?
Layer adalah bundel kode/dependensi yang dapat digunakan bersama lintas fungsi Lambda.
Bagaimana cara mengurangi cold start?
Pakai provisioned concurrency, deployment package kecil, dan runtime terkompilasi (Go, Rust) untuk fungsi latensi-sensitif.
Apa itu konkurensi cadangan?
Reserved concurrency menjamin slot eksekusi untuk fungsi tertentu, mencegah "noisy neighbor".
Bisakah saya memicu Lambda dari S3?
Bisa, cukup konfigurasikan event notification pada bucket S3 untuk invoke Lambda saat objek dibuat/dihapus.
Top comments (0)