How to use Gloo Edge to combine Amazon EKS with AWS Lambda

Kevin Shelaga
| August 4, 2021

AWS Lambda provides a lot of great use cases and benefits, such as not having any infrastructure to manage, being able to edit the code in a browser and quickly redeploy, and Lambda functions can be discovered and received traffic from an API gateway such as Gloo Edge so that you can get all the benefits of advanced routing and observability. It’s even better when you can combine Amazon EKS with AWS Lambda.

Gloo Edge receives requests from clients, and manages ingress by applying your routing rules and filters on traffic. Gloo Edge enforces zero-trust security and can handle high availability, load balancing, and failover.

In this blog, we show you how to set up an Amazon Elastic Kubernetes Service (EKS) cluster with Gloo Edge and route traffic to an AWS Lambda function.

For this walkthrough, we’ll assume you have an active AWS subscription with the appropriate permissions to create resources. If not, here’s how you can get started with a free trial.

Let’s install the tools we will need to get everything up and running. To install eksctl, find the install instructions for your particular operating system. For our example, we are using MacOS so we will install with brew:

/bin/bash -c "$(curl -fsSL"

brew tap weaveworks/tap

brew install weaveworks/tap/eksctl

Next, let’s install Glooctl, which we will use to install and interact with Gloo Edge:

curl -sL | sh

export PATH=$HOME/.gloo/bin:$PATH

Finally, let’s install the AWS CLI:

curl "" -o "AWSCLIV2.pkg"

sudo installer -pkg AWSCLIV2.pkg -target /

Configure the AWS CLI with your credentials by first creating an Access Key and Secret in the AWS console with My Security Credentials:

aws configure

AWS Access Key ID [None]: xxxxxxxxxxxx
AWS Secret Access Key [None]: xxxxxxxxxxxx
Default region name [None]: us-east-2
Default output format [None]: json

Now we can create our key pair and an EKS cluster:

aws ec2 create-key-pair --region us-east-2 --key-name gloo-key-pair

eksctl create cluster \                                                                               
--name lab-cluster-1 \
--region us-east-2 \
--with-oidc \
--ssh-access \
--ssh-public-key gloo-key-pair \

Cluster creation can take anywhere between 5-20 minutes depending on the region and other factors.

Next let’s connect to the cluster and install Gloo Edge:

#Install Gloo Edge Gateway

glooctl install gateway

Creating namespace gloo-system... Done.
Starting Gloo Edge installation...
Gloo Edge was successfully installed!

#Verify Gloo Edge status
glooctl check

Checking deployments... OK
Checking pods... OK
Checking upstreams... OK
Checking upstream groups... OK
Checking auth configs... OK
Checking rate limit configs... OK
Checking secrets... OK
Checking virtual services... OK
Checking gateways... OK
Checking proxies... OK
No problems detected.
Skipping Gloo Instance check -- Gloo Federation not detected

Now that we have an EKS cluster with Gloo Edge running, let’s deploy a Lambda function:

aws iam create-role --role-name lambda-ex \
--assume-role-policy-document '{"Version": "2012-10-17","Statement": [{ "Effect": "Allow", "Principal": {"Service": ""}, "Action": "sts:AssumeRole"}]}'

aws iam attach-role-policy --role-name lambda-ex --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole

mkdir my-math-function
cd my-math-function

Copy the contents of the sample Python code from GitHub and save it in a new file named


aws lambda create-function --function-name my-math-function \
--zip-file fileb:// --handler lambda_function.lambda_handler \
--runtime python3.8 --role arn:aws:iam::[your-account-id]:role/lambda-ex --region us-east-2

Test the Lambda function:

aws lambda invoke \
--function-name my-math-function \
--cli-binary-format raw-in-base64-out \
--payload '{"action": "square","number": 3}' output.txt

{"result": 9}

Now that we have a working Lambda function, let’s route traffic from Gloo Edge to it:

glooctl create secret aws \
--name 'my-aws' \
--namespace gloo-system \
--access-key 'xxxxxxxxxxxx' \
--secret-key 'xxxxxxxxxxxx'

glooctl create upstream aws \
--name 'my-aws-upstream' \
--namespace 'gloo-system' \
--aws-region 'us-east-2' \
--aws-secret-name 'my-aws' \
--aws-secret-namespace 'gloo-system'

glooctl add route \
--name 'default' \
--namespace 'gloo-system' \
--path-prefix '/my-math-function' \
--dest-name 'my-aws-upstream' \
--aws-function-name 'my-math-function'

As a last step, let’s test the route:

curl -H "Content-Type: application/json" --data '{"action": "square","number": 3}' --request POST $(glooctl proxy url)/my-math-function

{"result": 9}

Once you are done, to cleanup your environment and avoid any ongoing charges, run the following commands:

eksctl delete cluster --name lab-cluster-1

aws lambda delete-function --function my-math-function

As you can see, Gloo Edge makes it easy to route traffic to AWS Lambda functions from your EKS cluster. We touched on just one simple method of routing, but encourage you to spend some time in our docs and give Gloo Edge a try for yourself. 

Please feel free to reach out to us on Slack anytime as well, our experts are here to help you be successful faster.

Back to Blog