introduce invoke mode for Lambda proxy; block invocations in read_only

whummer · claude · whummer · commit ea3cea5e17e4 · 2026-03-22T13:13:21.000+01:00
Lambda Invoke operations have side-effects and should not be treated as
read operations. Removes them from _is_read_request and introduces a
new 'invoke' config flag that explicitly allows invocations alongside
read_only mode. Updates tests and README accordingly.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/aws-proxy/README.md b/aws-proxy/README.md
@@ -85,6 +85,9 @@ services:
       - 'Put.*'
     # optionally, specify that only read requests should be allowed (Get*/List*/Describe*, etc)
     read_only: false
+    # optionally, allow invoke/execute operations (e.g., Lambda invocations) alongside read_only mode.
+    # execute operations have side-effects and are deliberately excluded from read_only by default.
+    execute: false
 ```
 
 Store the configuration above to a file named `proxy_config.yml`, then we can start up the proxy via:
diff --git a/aws-proxy/aws_proxy/server/aws_request_forwarder.py b/aws-proxy/aws_proxy/server/aws_request_forwarder.py
@@ -88,8 +88,12 @@ def select_proxy(self, context: RequestContext) -> Optional[ProxyInstance]:
 
             # check if only read requests should be forwarded
             read_only = service_config.get("read_only")
-            if read_only and not self._is_read_request(context):
-                return
+            if read_only:
+                allow_invoke = service_config.get("execute")
+                if not self._is_read_request(context) and not (
+                    allow_invoke and self._is_execute_request(context)
+                ):
+                    return
 
             # check if any operation name pattern matches
             operation_names = ensure_list(service_config.get("operations", []))
@@ -277,12 +281,6 @@ def _is_read_request(self, context: RequestContext) -> bool:
             "PartiQLSelect",
         }:
             return True
-        if context.service.service_name == "lambda" and operation_name in {
-            "Invoke",
-            "InvokeAsync",
-            "InvokeWithResponseStream",
-        }:
-            return True
         if context.service.service_name == "appsync" and operation_name in {
             "EvaluateCode",
             "EvaluateMappingTemplate",
@@ -303,6 +301,21 @@ def _is_read_request(self, context: RequestContext) -> bool:
         # TODO: add more rules
         return False
 
+    def _is_execute_request(self, context: RequestContext) -> bool:
+        """
+        Function to determine whether a request is an invoke/execute request.
+        Invoke operations have side-effects and are not considered read operations.
+        They can be explicitly allowed alongside read_only mode via the 'execute' config flag.
+        """
+        operation_name = context.service_operation.operation
+        if context.service.service_name == "lambda" and operation_name in {
+            "Invoke",
+            "InvokeAsync",
+            "InvokeWithResponseStream",
+        }:
+            return True
+        return False
+
     def _extract_region_from_domain(self, context: RequestContext):
         """
         If the request domain name contains a valid region name (e.g., "us-east-2.cognito.localhost.localstack.cloud"),
diff --git a/aws-proxy/aws_proxy/shared/models.py b/aws-proxy/aws_proxy/shared/models.py
@@ -11,6 +11,9 @@ class ProxyServiceConfig(TypedDict, total=False):
     operations: List[str]
     # whether only read requests should be forwarded
     read_only: bool
+    # whether invoke/execute operations (e.g., Lambda invocations) should be forwarded
+    # (only relevant when read_only is True, since execute has side-effects and is not a read operation)
+    execute: bool
 
 
 class ProxyConfig(TypedDict, total=False):
diff --git a/aws-proxy/tests/proxy/test_lambda.py b/aws-proxy/tests/proxy/test_lambda.py
@@ -211,8 +211,52 @@ def _list_contains_function():
 
     retry(_list_contains_function, retries=5, sleep=2)
 
-    # Invoke is classified as a read operation for proxy purposes
-    # (it executes the function but doesn't modify it)
+    # Invoke has side-effects and is NOT a read operation - should be blocked in read_only mode
+    with pytest.raises(ClientError) as ctx:
+        lambda_client.invoke(
+            FunctionName=function_name,
+            Payload=json.dumps({"key": "value"}),
+        )
+    assert ctx.value.response["Error"]["Code"] == "ResourceNotFoundException"
+
+    # UpdateFunctionConfiguration is a write operation - should be blocked
+    with pytest.raises(ClientError) as ctx:
+        lambda_client.update_function_configuration(
+            FunctionName=function_name,
+            Description="updated via proxy - should not work",
+        )
+    assert ctx.value.response["Error"]["Code"] == "ResourceNotFoundException"
+
+
+def test_lambda_invoke_mode(start_aws_proxy, cleanups, lambda_execution_role):
+    """Test Lambda proxy with read_only + invoke mode: reads and invocations proxied, writes blocked."""
+    function_name = f"test-fn-inv-{short_uid()}"
+
+    # start proxy with read_only + invoke flags
+    config = ProxyConfig(
+        services={"lambda": {"resources": ".*", "read_only": True, "execute": True}}
+    )
+    start_aws_proxy(config)
+
+    # create clients
+    region_name = "us-east-1"
+    lambda_client = connect_to(region_name=region_name).lambda_
+    lambda_client_aws = boto3.client("lambda", region_name=region_name)
+
+    # create function in real AWS (direct, not through proxy)
+    _create_lambda_function(
+        lambda_client_aws, function_name, lambda_execution_role, cleanups
+    )
+
+    # read operations should be proxied
+    fn_local = lambda_client.get_function(FunctionName=function_name)
+    fn_aws = lambda_client_aws.get_function(FunctionName=function_name)
+    assert (
+        fn_local["Configuration"]["FunctionArn"]
+        == fn_aws["Configuration"]["FunctionArn"]
+    )
+
+    # Invoke should be proxied when execute: True is set alongside read_only
     response = lambda_client.invoke(
         FunctionName=function_name,
         Payload=json.dumps({"key": "value"}),
@@ -222,7 +266,7 @@ def _list_contains_function():
     body = json.loads(payload["body"])
     assert body["message"] == "hello"
 
-    # UpdateFunctionConfiguration is a write operation - should be blocked
+    # UpdateFunctionConfiguration is a write operation - should still be blocked
     with pytest.raises(ClientError) as ctx:
         lambda_client.update_function_configuration(
             FunctionName=function_name,
