I have hosted some supporting REST API for a GPT as a AWS Lambda Function URL, but when it comes to authentication the requests need to be signed using AWS Signature Version 4 (SigV4) rather than Basic/Bearer Auth.
Any suggestion how to enable Auth in this scenario?
If I understand your use case correctly, have you looked at: axios and aws4-axios?
import axios from "axios";
import { aws4Interceptor } from "aws4-axios";
const functionUrl = process.env.STANDALONE_PYTHON_LAMBDA_AWS_FUNCTION_URL ?? "";
const interceptor = aws4Interceptor({
credentials: {
accessKeyId: process.env.MAIN_AWS_KEY,
secretAccessKey: process.env.MAIN_AWS_SECRET,
},
options: { region: "us-east-1", service: "lambda" },
});
axios.interceptors.request.use(interceptor);
export const handler = async (event) => {
console.log("this is the event==>", event);
try {
const response = await axios({
method: "GET",
url: functionUrl,
headers: {
"Content-Type": "application/json",
},
});
console.log(response.data);
return response.data;
} catch (error) {
console.error("Something went wrong: ", error);
throw error;
}
};
Hey Vince! No this doesn’t work, because OpenAI is supposed to call the lambda function url and I can’t modify how OpenAI is doing the call.
You’re correct in identifying that there’s no good way for ChatGPT to directly form valid SigV4s. I would create a second lambda, that doesn’t require authentication, to act as a proxy around your authenticated lambda. This second lambda would accept credentials in the Authorization header from ChatGPT, and use those credentials to create the SigV4, which it then sends to your authenticated lambda. You could also lock down the unauthenticated lambda to only accept requests from OpenAI’s IP ranges.