AWSGlossary

Lambda Function URL: What It Is and When to Use It

Definition

An AWS Lambda Function URL is a dedicated HTTPS endpoint that allows direct invocation of a single AWS Lambda function. It provides a simple, built-in way to expose a function to the web without the need to configure and manage an intermediary service like Amazon API Gateway or an Application Load Balancer.

How It Works

A Lambda Function URL is a feature of the AWS Lambda service itself, not a separate resource. When enabled for a specific function, Lambda creates a unique, globally available URL. This endpoint is dual-stack, supporting both IPv4 and IPv6 clients.

The request and response flow is straightforward:

  1. An HTTP client (like a web browser, curl, or a third-party service) sends an HTTPS request to the generated Function URL.
  2. The Lambda service front-end receives the request.
  3. Based on the Function URL's configuration, the service performs authentication. It either checks for valid AWS Identity and Access Management (IAM) credentials (AWS_IAM auth type) or allows the request through without authentication (NONE auth type).
  4. The Lambda service converts the incoming HTTPS request into a JSON event payload. This payload structure is compatible with the Amazon API Gateway payload format version 2.0, which simplifies potential migrations between the two services.
  5. The Lambda service invokes the target function, passing the JSON event as input.
  6. The function code executes, processes the event, and returns a response object.
  7. Lambda maps this response object back into an HTTP response, including the status code, headers, and body, and sends it back to the original client.

You can associate a Function URL with either the $LATEST unpublished version of a function or a specific function alias. Using an alias is a best practice for production workloads, as it allows you to safely deploy and test new function versions before routing traffic to them.

Key Features and Limits

  • Authentication Modes: Two options are available: AWS_IAM, which restricts access to authenticated IAM principals, and NONE, which creates a public endpoint. Resource-based policies can be used with either type to further refine access control.
  • CORS Support: Built-in Cross-Origin Resource Sharing (CORS) configuration allows you to control which domains, HTTP methods, and headers are permitted when the URL is called from a web browser.
  • Invocation Modes: Supports two modes:
    • BUFFERED (Default): The entire response payload is generated and buffered in memory before being sent to the client.
    • RESPONSE_STREAM: Allows the function to stream parts of the response back to the client as they become available. This is ideal for large payloads or improving Time to First Byte (TTFB) for dynamic content like responses from Large Language Models (LLMs).
  • Timeout: The request timeout is directly tied to the Lambda function's timeout, which can be set to a maximum of 15 minutes. This is a significant advantage over Amazon API Gateway's 29-second integration timeout.
  • Payload Size: The maximum request and response payload size for synchronous invocations (like Function URLs) is 6 MB. For larger responses, the RESPONSE_STREAM invocation mode can be used, which supports payloads up to 200 MB as of late 2025.
  • Cost: There are no additional charges for using a Function URL itself. You only pay for the standard AWS Lambda request and duration costs.

Common Use Cases

Function URLs are best suited for scenarios that require a simple, single-function endpoint without the advanced features of a full API management solution.

  1. Webhooks: A primary use case is creating handlers for webhooks from services like Stripe, Slack, or GitHub. The simplicity and direct invocation path make Function URLs a cost-effective and efficient choice.
  2. Simple Form Processors: For processing web forms, where a single backend function handles validation and data submission, a Function URL is an easy-to-deploy solution.
  3. Single-Function Microservices: When you need to expose a single piece of business logic as an HTTP endpoint, such as for mobile payment processing or a machine learning inference endpoint.
  4. Long-Running Tasks: For operations that might exceed API Gateway's 29-second timeout, like generating large reports or processing data, the 15-minute timeout of a Function URL is a key advantage.
  5. Development and Prototyping: It provides the fastest way to get a public HTTPS endpoint for a Lambda function during development and testing, without needing to configure other services.

Pricing Model

Using a Lambda Function URL is highly cost-effective as there is no additional fee for the endpoint itself. You are billed based on the standard AWS Lambda pricing model, which consists of two main components:

  • Requests: A flat fee is charged per million requests.
  • Compute Duration: This is calculated based on the amount of memory allocated to your function and the time it takes to execute, measured in gigabyte-seconds (GB-seconds).

AWS provides a perpetual free tier for Lambda that includes 1 million free requests and 400,000 GB-seconds of compute time per month. Standard AWS data transfer charges apply for data sent out to the internet. For detailed and up-to-date pricing, always refer to the official AWS Lambda Pricing page.

Pros and Cons

Pros:

  • Simplicity and Speed: Can be enabled with a single click or a few lines of Infrastructure as Code (IaC), providing an instant HTTPS endpoint.
  • Cost-Effective: Eliminates the per-request costs associated with Amazon API Gateway, making it cheaper for many workloads.
  • Higher Timeout: Supports the full 15-minute Lambda execution timeout, ideal for long-running processes.
  • Lower Latency: The direct integration path can result in slightly lower latency compared to routing requests through API Gateway.

Cons:

  • No Custom Domains: Function URLs are assigned a system-generated URL and do not natively support custom domain names. A workaround is to use Amazon CloudFront in front of the Function URL.
  • Limited Authentication: Only supports IAM-based authentication or public access. It lacks support for more advanced authorization mechanisms like Amazon Cognito user pools, Lambda authorizers, or JWT authorizers that are available in API Gateway.
  • Fewer Features: Lacks the advanced API management capabilities of API Gateway, such as request validation, response transformation, API keys, usage plans, throttling, and built-in AWS WAF integration.
  • Single Endpoint: A Function URL maps to a single Lambda function. Building a complex API with multiple routes (/users, /products) would require routing logic within the function code, a task for which API Gateway is better suited.

Comparison with Alternatives

Lambda Function URL vs. Amazon API Gateway

This is the most common comparison. The choice depends entirely on the complexity of your requirements.

| Feature | Lambda Function URL | Amazon API Gateway | | :--- | :--- | :--- | | Primary Use Case | Simple, single-function endpoints, webhooks, long-running tasks. | Building robust, multi-route RESTful or HTTP APIs. | | Cost | No additional cost; only Lambda charges apply. | Per-request fees in addition to Lambda charges. | | Timeout | Up to 15 minutes (Lambda limit). | 29 seconds for Lambda integrations. | | Authentication | AWS_IAM or public (NONE). | IAM, Cognito, Lambda authorizers, JWT authorizers, API keys. | | Custom Domain | No. Requires CloudFront. | Yes, natively supported. | | Advanced Features| Basic CORS. | Request/response validation, transformation, caching, usage plans, WAF integration. |

Decision Rule: Use a Lambda Function URL for simplicity and cost-savings when you need a single, dedicated endpoint. Choose Amazon API Gateway when you need to build a full-featured API with multiple routes, advanced security, and management capabilities.

Exam Relevance

Lambda Function URLs are a relevant topic for several AWS certifications, particularly those focused on development and serverless architectures.

  • AWS Certified Developer - Associate (DVA-C02): Expect questions that test your ability to choose the most appropriate and cost-effective solution for exposing a Lambda function. You should know when to use a Function URL versus API Gateway.
  • AWS Certified Solutions Architect - Associate (SAA-C03): Scenario-based questions may require you to design a simple, serverless solution for a webhook or a basic API, where a Function URL would be the optimal choice.
  • AWS Certified Serverless - Specialty (SCS-C02): A deep understanding of the trade-offs between Function URLs and API Gateway is crucial, including performance, cost, security, and feature differences.

Key exam topics include understanding the two authentication types (AWS_IAM and NONE), the use cases for each, and the key differences from API Gateway.

Frequently Asked Questions

Q: Can I use a custom domain name with a Lambda Function URL?

A: No, Lambda Function URLs do not natively support custom domain names; they are assigned a unique, system-generated URL. To use a custom domain, you must place a service like Amazon CloudFront in front of your Function URL and configure the custom domain on the CloudFront distribution.

Q: How is a Lambda Function URL different from an Amazon API Gateway endpoint?

A: A Lambda Function URL is a lightweight, built-in feature of Lambda for exposing a single function via a dedicated HTTPS endpoint with basic security. Amazon API Gateway is a comprehensive, fully-managed service for building, deploying, and managing complex APIs with features like custom domains, routing, request validation, multiple authentication mechanisms, caching, and usage plans.

Q: How do I secure a public Lambda Function URL?

A: If you configure a Function URL with the NONE authentication type, the endpoint is publicly accessible. Security must then be handled inside your function's code. Common patterns include validating a pre-shared secret passed in an HTTP header (for webhooks), validating a JSON Web Token (JWT) passed in the Authorization header, or implementing other custom authorization logic. For managed authentication, it is recommended to use the AWS_IAM auth type or use Amazon API Gateway for its advanced options.

This article reflects AWS features and pricing as of 2026. AWS services evolve rapidly — always verify against the official AWS documentation before making production decisions.

Published: 4/25/2026 / Updated: 4/25/2026

This article is for informational purposes only. AWS services, pricing, and features change frequently — always verify details against the official AWS documentation before making production decisions.

More in Compute

Lambda SnapStart: Reduce Cold Starts & Improve Performance

AWS Lambda SnapStart optimizes function startup time by caching initialized states. Learn how it works and when to use this performance feature.

AWS App Runner: Deploy Containerized Apps Easily

AWS App Runner is a fully managed service for deploying containerized web apps and APIs. Go from source code to scalable apps in minutes. Learn when to use it.

Elastic GPUs: How It Worked & When to Use It

Amazon Elastic GPUs (now Elastic Graphics) offered network-based graphics acceleration for EC2. Learn about its features and historical use cases.

EC2 Instance Store: High Performance Temporary Storage

EC2 Instance Store offers temporary, block-level storage physically attached to your EC2 instance for high I/O performance. Learn when to use it.

EC2 Reserved Instance: Save Up to 72% on Compute

An EC2 Reserved Instance offers significant savings (up to 72%) on compute costs for steady-state workloads. Commit to a 1 or 3-year term for lower pricing. Learn when to choose it.

View all Computeterms →