class Chalice(app_name)

This class represents a chalice application. It provides:

  • The ability to register routes using the route() method.
  • Within a view function, the ability to introspect the current request using the current_request attribute which is an instance of the Request class.

An object of type Request. This value is only set when a view function is being called. This attribute can be used to introspect the current HTTP request.


An object of type APIGateway. This attribute can be used to control how apigateway interprets Content-Type headers in both requests and responses.


A Lambda context object that is passed to the invoked view by AWS Lambda. You can find out more about this object by reading the lambda context object documentation.


A boolean value that enables debugging. By default, this value is False. If debugging is true, then internal errors are returned back to the client. Additionally, debug log messages generated by the framework will show up in the cloudwatch logs. Example usage:

from chalice import Chalice

app = Chalice(app_name="appname")
app.debug = True
route(path, **options)

Register a view function for a particular URI path. This method is intended to be used as a decorator for a view function. For example:

from chalice import Chalice

app = Chalice(app_name="appname")

@app.route('/resource/{value}', methods=['PUT'])
def viewfunction(value):
  • path (str) -- The path to associate with the view function. The path should only contain [a-zA-Z0-9._-] chars and curly braces for parts of the URL you would like to capture. The path should not end in a trailing slash, otherwise a validation error will be raised during deployment.
  • methods (list) -- Optional parameter that indicates which HTTP methods this view function should accept. By default, only GET requests are supported. If you only wanted to support POST requests, you would specify methods=['POST']. If you support multiple HTTP methods in a single view function (methods=['GET', 'POST']), you can check the app.current_request.method attribute to see which HTTP method was used when making the request.
  • name (str) -- Optional parameter to specify the name of the view function. You generally do not need to set this value. The name of the view function is used as the default value for the view name.
  • authorizer (Authorizer) -- Specify an authorizer to use for this view. Can be an instance of CognitoUserPoolAuthorizer, CustomAuthorizer or IAMAuthorizer.
  • content_types (str) -- A list of content types to accept for this view. By default application/json is accepted. If this value is specified, then chalice will reject any incoming request that does not match the provided list of content types with a 415 Unsupported Media Type response.
  • api_key_required (boolean) -- Optional parameter to specify whether the method required a valid API key.
  • cors -- Specify if CORS is supported for this view. This can either by a boolean value or an instance of CORSConfig. Setting this value is set to True gives similar behavior to enabling CORS in the AWS Console. This includes injecting the Access-Control-Allow-Origin header to have a value of * as well as adding an OPTIONS method to support preflighting requests. If you would like more control over how CORS is configured, you can provide an instance of CORSConfig.
authorizer(name, **options)

Register a built-in authorizer.

from chalice import Chalice, AuthResponse

app = Chalice(app_name="appname")

def my_auth(auth_request):
    # Validate auth_request.token, and then:
    return AuthResponse(routes=['/'], principal_id='username')

@app.route('/', authorizer=my_auth)
def viewfunction(value):
  • ttl_seconds -- The number of seconds to cache this response. Subsequent requests that require this authorizer will use a cached response if available. The default is 300 seconds.
  • execution_role -- An optional IAM role to specify when invoking the Lambda function associated with the built-in authorizer.
schedule(expression, name=None)

Register a scheduled event that's invoked on a regular schedule. This will create a lambda function associated with the decorated function. It will also schedule the lambda function to be invoked with a scheduled CloudWatch Event.

See events for more information.

@app.schedule('cron(15 10 ? * 6L 2002-2005)')
def cron_handler(event):

@app.schedule('rate(5 minutes)')
def rate_handler(event):

@app.schedule(Rate(5, unit=Rate.MINUTES))
def rate_obj_handler(event):

@app.schedule(Cron(15, 10, '?', '*', '6L', '2002-2005'))
def cron_obj_handler(event):
  • expression -- The schedule expression to use for the CloudWatch event rule. This value can either be a string value or an instance of type ScheduleExpression, which is either a Cron or Rate object. If a string value is provided, it will be provided directly as the ScheduleExpression value in the PutRule API call.
  • name -- The name of the function to use. This name is combined with the chalice app name as well as the stage name to create the entire lambda function name. This parameter is optional. If it is not provided, the name of the python function will be used.

Create a pure lambda function that's not connected to anything.

See purelambda for more information.

name -- The name of the function to use. This name is combined with the chalice app name as well as the stage name to create the entire lambda function name. This parameter is optional. If it is not provided, the name of the python function will be used.


class Request

A class that represents the current request. This is mapped to the app.current_request object.

@app.route('/objects/{key}', methods=['GET', 'PUT'])
def myobject(key):
    request = app.current_request
    if request.method == 'PUT':
        # handle PUT request
    elif request.method == 'GET':
        # handle GET request

A dict of the query params for the request.


A dict of the request headers.


A dict of the captured URI params.


The HTTP method as a string.


The parsed JSON body (json.loads(raw_body)). This value will only be non-None if the Content-Type header is application/json, which is the default content type value in chalice.


The raw HTTP body as bytes. This is useful if you need to calculate a checksum of the HTTP body.


A dict of additional context information.


A dict of configuration for the API Gateway stage.


Convert the Request object to a dictionary. This is useful for debugging purposes. This dictionary is guaranteed to be JSON serializable so you can return this value from a chalice view.


class Response(body, headers=None, status_code=200)

A class that represents the response for the view function. You can optionally return an instance of this class from a view function if you want complete control over the returned HTTP response.

from chalice import Chalice, Response

app = Chalice(app_name='custom-response')

def index():
    return Response(body='hello world!',
                    headers={'Content-Type': 'text/plain'})

New in version 0.6.0.


The HTTP response body to send back. This value must be a string.


An optional dictionary of HTTP headers to send back. This is a dictionary of header name to header value, e.g {'Content-Type': 'text/plain'}


The integer HTTP status code to send back in the HTTP response.


Each of these classes below can be provided using the authorizer argument for an @app.route(authorizer=...) call:

authorizer = CognitoUserPoolAuthorizer(
    'MyPool', header='Authorization',

@app.route('/user-pools', methods=['GET'], authorizer=authorizer)
def authenticated():
    return {"secure": True}
class CognitoUserPoolAuthorizer(name, provider_arns, header='Authorization')

New in version 0.8.1.


The name of the authorizer.


The Cognito User Pool arns to use.


The header where the auth token will be specified.

class IAMAuthorizer

New in version 0.8.3.

class CustomAuthorizer(name, authorizer_uri, ttl_seconds, header='Authorization')

New in version 0.8.1.


The name of the authorizer.


The URI of the lambda function to use for the custom authorizer. This usually has the form arn:aws:apigateway:{region}:lambda:path/2015-03-01/functions/{lambda_arn}/invocations.


The number of seconds to cache the returned policy from a custom authorizer.


The header where the auth token will be specified.

Built-in Authorizers

These classes are used when defining built-in authorizers in Chalice.

class AuthRequest(auth_type, token, method_arn)

An instance of this class is passed as the first argument to an authorizer defined via @app.authorizer(). You generally do not instantiate this class directly.


The type of authentication


The authorization token. This is usually the value of the Authorization header.


The ARN of the API gateway being authorized.

class AuthResponse(routes, principal_id, context=None)

A list of authorized routes. Each element in the list can either by a string route such as "/foo/bar" or an instance of AuthRoute. If you specify the URL as a string, then all supported HTTP methods will be authorized. If you want to specify which HTTP methods are allowed, you can use AuthRoute. If you want to specify that all routes and HTTP methods are supported you can use the wildcard value of "*": AuthResponse(routes=['*'], ...)


The principal id of the user.


An optional dictionary of key value pairs. This dictionary will be accessible in the app.current_request.context in all subsequent authorized requests for this user.

class AuthRoute(path, methods)

This class be used in the routes attribute of a AuthResponse instance to get fine grained control over which HTTP methods are allowed for a given route.


The allowed route specified as a string


A list of allowed HTTP methods.


class APIGateway

This class is used to control how API Gateway interprets Content-Type headers in both requests and responses.

There is a single instance of this class attached to each Chalice object under the api attribute.


The value of default_binary_types are the Content-Types that are considered binary by default. This value should not be changed, instead you should modify the binary_types list to change the behavior of a content type. Its value is: application/octet-stream, application/x-tar, application/zip, audio/basic, audio/ogg, audio/mp4, audio/mpeg, audio/wav, audio/webm, image/png, image/jpg, image/gif, video/ogg, video/mpeg, video/webm.


The value of binary_types controls how API Gateway interprets requests and responses as detailed below.

If an incoming request has a Content-Type header value that is present in the binary_types list it will be assumed that its body is a sequence of raw bytes. You can access these bytes by accessing the app.current_request.raw_body property.

If an outgoing response from Chalice has a header Content-Type that matches one of the binary_types its body must be a bytes type object. It is important to note that originating request must have the Accept header for the same type as the Content-Type on the response. Otherwise a 400 error will be returned.

Implementation note: API Gateway and Lambda communicate through a JSON event which is encoded using UTF-8. The raw bytes are temporarily encoded using

base64 when being passed between API Gateway and Lambda. In the worst case this encoding can cause the binary body to be inflated up to 4/3 its original size. Lambda only accepts an event up to 6mb, which means even if your binary data was not quite at that limit, with the base64 encoding it may exceed that limit. This will manifest as a 502 Bad Gateway error.


class CORSConfig(allow_origin='*', allow_headers=None, expose_headers=None, max_age=None, allow_credentials=None)

CORS configuration to attach to a route.

from chalice import CORSConfig
cors_config = CORSConfig(

@app.route('/custom_cors', methods=['GET'], cors=cors_config)
def supports_custom_cors():
    return {'cors': True}

New in version 0.8.1.


The value of the Access-Control-Allow-Origin to send in the response. Keep in mind that even though the Access-Control-Allow-Origin header can be set to a string that is a space separated list of origins, this behavior does not work on all clients that implement CORS. You should only supply a single origin to the CORSConfig object. If you need to supply multiple origins you will need to define a custom handler for it that accepts OPTIONS requests and matches the Origin header against a whitelist of origins. If the match is successful then return just their Origin back to them in the Access-Control-Allow-Origin header.


The list of additional allowed headers. This list is added to list of built in allowed headers: Content-Type, X-Amz-Date, Authorization, X-Api-Key, X-Amz-Security-Token.


A list of values to return for the Access-Control-Expose-Headers:


The value for the Access-Control-Max-Age


A boolean value that sets the value of Access-Control-Allow-Credentials.

Scheduled Events

New in version 1.0.0b1.

class Rate(value, unit)

An instance of this class can be used as the expression value in the Chalice.schedule() method:

@app.schedule(Rate(5, unit=Rate.MINUTES))
def handler(event):


# Run every minute.
Rate(1, unit=Rate.MINUTES)

# Run every 2 hours.
Rate(2, unit=Rate.HOURS)

An integer value that presents the amount of time to wait between invocations of the scheduled event.


The unit of the provided value attribute. This can be either Rate.MINUTES, Rate.HOURS, or Rate.DAYS.


These values should be used for the unit attribute.

class Cron(minutes, hours, day_of_month, month, day_of_week, year)

An instance of this class can be used as the expression value in the Chalice.schedule() method.

@app.schedule(Cron(15, 10, '?', '*', '6L', '2002-2005'))
def handler(event):

It provides more capabilities than the Rate class. There are a few limits:

  • You can't specify day_of_month and day_of_week fields in the same Cron expression. If you specify a value in one of the fields, you must use a ? in the other.
  • Cron expressions that lead to rates faster than 1 minute are not supported.

For more information, see the API docs page.


# Run at 10:00am (UTC) every day.
Cron(0, 10, '*', '*', '?', '*')

# Run at 12:15pm (UTC) every day.
Cron(15, 12, '*', '*', '?', '*')

# Run at 06:00pm (UTC) every Monday through Friday.
Cron(0, 18, '?', '*', 'MON-FRI', '*')

# Run at 08:00am (UTC) every 1st day of the month.
Cron(0, 8, 1, '*', '?', '*')

# Run every 15 minutes.
Cron('0/15', '*', '*', '*', '?', '*')

# Run every 10 minutes Monday through Friday.
Cron('0/10', '*', '?', '*', 'MON-FRI', '*')

# Run every 5 minutes Monday through Friday between
# 08:00am and 5:55pm (UTC).
Cron('0/5', '8-17', '?', '*', 'MON-FRI', '*')
class CloudWatchEvent

This is the input argument for a scheduled event.

@app.schedule('rate(1 hour)')
def every_hour(event: CloudWatchEvent):

In the code example above, the event argument is of type CloudWatchEvent, which will have the following attributes.


By default, this is set to 0 (zero) in all events.


The 12-digit number identifying an AWS account.


Identifies the AWS region where the event originated.


For scheduled events, this will be an empty dictionary.


For scheduled events, this value will be "Scheduled Event".


Identifies the service that sourced the event. All events sourced from within AWS will begin with "aws." Customer-generated events can have any value here as long as it doesn't begin with "aws." We recommend the use of java package-name style reverse domain-name strings.

For scheduled events, this will be


The event timestamp, which can be specified by the service originating the event. If the event spans a time interval, the service might choose to report the start time, so this value can be noticeably before the time the event is actually received.


A unique value is generated for every event. This can be helpful in tracing events as they move through rules to targets, and are processed.


This JSON array contains ARNs that identify resources that are involved in the event. Inclusion of these ARNs is at the discretion of the service.

For scheduled events, this will include the ARN of the CloudWatch rule that triggered this event.


Return the original event dictionary provided from Lambda. This is useful if you need direct access to the lambda event, for example if a new key is added to the lambda event that has not been mapped as an attribute to the CloudWatchEvent object. Example:

{'account': '123457940291',
 'detail': {},
 'detail-type': 'Scheduled Event',
 'id': '12345678-b9f1-4667-9c5e-39f98e9a6113',
 'region': 'us-west-2',
 'resources': ['arn:aws:events:us-west-2:123457940291:rule/testevents-dev-every_minute'],
 'source': '',
 'time': '2017-06-30T23:28:38Z',
 'version': '0'}