TIL: How to call IAM-secured AWS Lambda Function URLs with cURL

| 1 min read


In one of my recents posts, I shared how to create AWS Lambda Function URLs secured with AWS IAM. I also showed how we can then call these URLs from Python with proper AWS SigV4 signatures. Today I learned that our beloved cURL also supports AWS signatures. In this post I'd like to share how we can use cURL to call our secure function URLs.


First of all, you need to have cURL installed (I'm guessing that there's a pretty high chance that you already have it available). Second thing that we need is a IAM-secured Lambda Function URL that we will call. If you don't have any such Function URLs already deployed, please follow the steps from my previous post.

Calling our secured Function URL with cURL

Let's look at the documentation for cURL. It might be not clear at first sight what it exactly expects from us, but we need to provide a few things:

  • AWS Region where our function is deployed
  • AWS Access Key ID
  • AWS Secret Key
  • AWS Service that we want to call - lambda in our case

Example command to call your Lambda Function URL will look like this:

curl --aws-sigv4 "aws:amz:<your-aws-region>:lambda" --user "<your-access-key-id>:<your-secret-key-id>" <your-function-url>

If we assume that before running the command, we exported the following environment variables:

export AWS_ACCESS_KEY_ID=<your-access-key-id>
export AWS_SECRET_ACCESS_KEY=<your-secret-key>
export AWS_REGION=<your-aws-region>
export FURL=<your-function-url>

Then we can simplify the snippet and make it easy to copy-paste and use in your shell:

curl --aws-sigv4 "aws:amz:${AWS_REGION}:lambda" --user "${AWS_ACCESS_KEY_ID}:${AWS_SECRET_ACCESS_KEY}" $FURL


Today we learned how we can use the almighty cURL to call our IAM-secured Lambda Function URLs. It's a very handy way to quickly test them and what's important, it doesn't require any additional code in Python, Node.js, or other programming language. Thanks for reading and until next time!