# AWS Lambda ## KPN Things: Configure an AWS Lambda destination ### Naming Give your AWS Destination a nice name and optionally a description. ### Connection details First you need to create an AWS account (AWS Free Tier) on[ ](https://aws.amazon.com/free), or use an existing AWS account. \ Then follow the instructions below to create an integration in your AWS account. Keep your KPN Things Destination configuration screen open, as you will need to copy information from and to it later. *** ## AWS: Create an integration {% hint style="info" %} This is an example to integrate directly with an AWS Lambda function. There are other alternatives, like AWS API gateway combined with an Lambda Authorizer. {% endhint %} Log in to your AWS account and go to *Services* > *Lambda.* \ There, click the Create function button and follow the steps below.

#### 1. Basic information In the first step, enter the following information. * **Function name**\ Enter a name that describes the purpose of your function. * **Runtime**\ Choose the language to use to write your function. * **Architecture** Choose the instruction set architecture you want for your function code. Permissions and Advanced Settings can be left to default. Click *Create Function*. #### 2. Code Select *the Code tab to define your code.*

#### 3. Configuration In the Configuration tab choose the option Function URL.

Then Click *Create function URL* and choose your Auth type, in this case NONE.

Click *Save*. This result in Function URL. ## KPN Things: Continue with Configure a AWS destination In this step, you need to copy/paste information from AWS to Things. So pay attention, please. Go back to the KPN Things Destination configuration screen and fill the remain fields. * **HTTP endpoint URL**\ Copy the *Function URL* from AWS into the KPN Things Destination configuration. * **Shared secret**\ With the shared secret you have the possibility to verify that Things has sent the data and not someone else, because with the shared secret a unique [Things-Message-Token](https://docs.kpnthings.com/kpn-things/building-blocks/destinations/https-destination#things-message-token) is calculated for each message. Within the Lambda function you can repeat the calculation and check whether the calculated Things-Message-Token is the same as the received Things-Message-Token. Below you can find an example of a calculation and a check in Python. ``` def lambda_handler(event, context): # This is an example. # Make sure you store the sharedSecret in a safe place, # e.g. using AWS Secret Manager. sharedSecret='[Fill in your shared secret]' requestBody=event['body'] thingsMessageToken=event['headers']['things-message-token'] input = requestBody + sharedSecret; def calculate_sha256(data): # Convert data to bytes if it’s not already if isinstance(data, str): data = data.encode() # Calculate SHA-256 hash sha256_hash = hashlib.sha256(data).hexdigest() return sha256_hash if thingsMessageToken == calculate_sha256(input): # Define further action return { 'statusCode': 201, } else: return { 'statusCode': 401, } ``` Finally, go back to the KPN Things Destination configuration screen and press the *Add AWS destination* button to save the new Destination in KPN Things. Now, you are finished and good to go!