pubudu538 · October 27, 2022 12:18
diff --git a/envoy.yaml b/envoy.yaml
 admin:
  access_log_path: /tmp/admin_access.log
  address:
    socket_address: { address: 0.0.0.0, port_value: 9902 }

 static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address: { address: 0.0.0.0, port_value: 9000 }
    filter_chains:
    - filters:
      - name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          stat_prefix: ingress_http
          strip_matching_host_port: true
          codec_type: AUTO
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match: { prefix: "/" }
                route: { cluster: lambda_egress_gateway }
          http_filters:
          # - name: envoy.filters.http.aws_request_signing
          #   typed_config:
          #     "@type": type.googleapis.com/envoy.extensions.filters.http.aws_request_signing.v3.AwsRequestSigning
          #     service_name: lambda
          #     region: us-east-1
          #     host_rewrite: lambda.us-east-1.amazonaws.com
          #     use_unsigned_payload: false
          #     match_excluded_headers:
          #     - prefix: x-envoy
          #     - prefix: x-forwarded
          #     - exact: x-amzn-trace-id
          - name: envoy.filters.http.aws_lambda
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config
              arn: "arn:aws:lambda:us-east-1:xxxxx:function:RandomFunc"
              payload_passthrough: false
          - name: envoy.filters.http.router
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
  clusters:
  - name: lambda_egress_gateway
    connect_timeout: 10s
    type: LOGICAL_DNS
    dns_lookup_family: V4_ONLY
    lb_policy: ROUND_ROBIN
    metadata:
      filter_metadata:
        com.amazonaws.lambda:
          egress_gateway: true
    load_assignment:
      cluster_name: lambda_egress_gateway
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: lambda.us-east-1.amazonaws.com
                port_value: 443
    transport_socket:
      name: envoy.transport_sockets.tls
      typed_config:
        "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
        sni: "*.amazonaws.com"
	admin:
	access_log_path: /tmp/admin_access.log
	address:
	socket_address: { address: 0.0.0.0, port_value: 9902 }

	static_resources:
	listeners:
	- name: listener_0
	address:
	socket_address: { address: 0.0.0.0, port_value: 9000 }
	filter_chains:
	- filters:
	- name: envoy.filters.network.http_connection_manager
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
	stat_prefix: ingress_http
	strip_matching_host_port: true
	codec_type: AUTO
	route_config:
	name: local_route
	virtual_hosts:
	- name: local_service
	domains: ["*"]
	routes:
	- match: { prefix: "/" }
	route: { cluster: lambda_egress_gateway }
	http_filters:
	# - name: envoy.filters.http.aws_request_signing
	# typed_config:
	# "@type": type.googleapis.com/envoy.extensions.filters.http.aws_request_signing.v3.AwsRequestSigning
	# service_name: lambda
	# region: us-east-1
	# host_rewrite: lambda.us-east-1.amazonaws.com
	# use_unsigned_payload: false
	# match_excluded_headers:
	# - prefix: x-envoy
	# - prefix: x-forwarded
	# - exact: x-amzn-trace-id
	- name: envoy.filters.http.aws_lambda
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.http.aws_lambda.v3.Config
	arn: "arn:aws:lambda:us-east-1:xxxxx:function:RandomFunc"
	payload_passthrough: false
	- name: envoy.filters.http.router
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
	clusters:
	- name: lambda_egress_gateway
	connect_timeout: 10s
	type: LOGICAL_DNS
	dns_lookup_family: V4_ONLY
	lb_policy: ROUND_ROBIN
	metadata:
	filter_metadata:
	com.amazonaws.lambda:
	egress_gateway: true
	load_assignment:
	cluster_name: lambda_egress_gateway
	endpoints:
	- lb_endpoints:
	- endpoint:
	address:
	socket_address:
	address: lambda.us-east-1.amazonaws.com
	port_value: 443
	transport_socket:
	name: envoy.transport_sockets.tls
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
	sni: "*.amazonaws.com"