AWS Lambda Deployment

Deploy GLACIS sidecars on AWS Lambda for event-driven, pay-per-use attestation infrastructure.

Why Lambda?

• Serverless: No infrastructure management
• Pay-per-use: Only pay for compute time used
• AWS integration: Native integration with API Gateway, secrets
• Global: Deploy to any AWS region

Prerequisites

• AWS CLI configured
• AWS SAM CLI installed
• GLACIS organization and API key

Quick Start

1. Clone the sidecar template

   git clone https://github.com/glacis-io/sidecar-lambda-template
   cd sidecar-lambda-template

2. Store secrets in Parameter Store

   aws ssm put-parameter --name /glacis/api-key --value "glc_your_api_key" --type SecureString
   aws ssm put-parameter --name /glacis/openai-key --value "sk-your-key" --type SecureString

3. Deploy with SAM

   sam build
   sam deploy --guided

4. Get API Gateway endpoint

   aws cloudformation describe-stacks --stack-name glacis-sidecar \
     --query 'Stacks[0].Outputs[?OutputKey==`ApiEndpoint`].OutputValue' --output text

SAM Template

template.yaml

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31

Resources:
  GlacisSidecar:
    Type: AWS::Serverless::Function
    Properties:
      Handler: index.handler
      Runtime: nodejs20.x
      Timeout: 30
      MemorySize: 512
      Environment:
        Variables:
          GLACIS_ORG_ID: !Ref OrgId
      Events:
        Api:
          Type: HttpApi

Performance

Metric	Value
Cold start	~100ms
Request overhead	~15ms
Memory	512MB recommended
Timeout	30s max

Note

Use provisioned concurrency to eliminate cold starts for latency-sensitive workloads.

Next Steps

• Configuration Reference
• Attestation Overview