Chalice

class Chalice(app_name)

This class represents a chalice application. It provides:

  • The ability to register routes using the route() method.
  • Within a view function, the ability to introspect the current request using the current_request attribute which is an instance of the Request class.
current_request

An object of type Request. This value is only set when a view function is being called. This attribute can be used to introspect the current HTTP request.

api

An object of type APIGateway. This attribute can be used to control how apigateway interprets Content-Type headers in both requests and responses.

lambda_context

A Lambda context object that is passed to the invoked view by AWS Lambda. You can find out more about this object by reading the lambda context object documentation.

debug

A boolean value that enables debugging. By default, this value is False. If debugging is true, then internal errors are returned back to the client. Additionally, debug log messages generated by the framework will show up in the cloudwatch logs. Example usage:

from chalice import Chalice

app = Chalice(app_name="appname")
app.debug = True
route(path, **options)

Register a view function for a particular URI path. This method is intended to be used as a decorator for a view function. For example:

from chalice import Chalice

app = Chalice(app_name="appname")

@app.route('/resource/{value}', methods=['PUT'])
def viewfunction(value):
    pass
Parameters:
  • path (str) – The path to associate with the view function. The path should only contain [a-zA-Z0-9._-] chars and curly braces for parts of the URL you would like to capture. The path should not end in a trailing slash, otherwise a validation error will be raised during deployment.
  • methods (list) – Optional parameter that indicates which HTTP methods this view function should accept. By default, only GET requests are supported. If you only wanted to support POST requests, you would specify methods=['POST']. If you support multiple HTTP methods in a single view function (methods=['GET', 'POST']), you can check the app.current_request.method attribute to see which HTTP method was used when making the request.
  • name (str) – Optional parameter to specify the name of the view function. You generally do not need to set this value. The name of the view function is used as the default value for the view name.
  • authorizer (Authorizer) – Specify an authorizer to use for this view. Can be an instance of CognitoUserPoolAuthorizer, CustomAuthorizer or IAMAuthorizer.
  • content_types (str) – A list of content types to accept for this view. By default application/json is accepted. If this value is specified, then chalice will reject any incoming request that does not match the provided list of content types with a 415 Unsupported Media Type response.
  • api_key_required (boolean) – Optional parameter to specify whether the method required a valid API key.
  • cors – Specify if CORS is supported for this view. This can either by a boolean value or an instance of CORSConfig. Setting this value is set to True gives similar behavior to enabling CORS in the AWS Console. This includes injecting the Access-Control-Allow-Origin header to have a value of * as well as adding an OPTIONS method to support preflighting requests. If you would like more control over how CORS is configured, you can provide an instance of CORSConfig.
authorizer(name, **options)

Register a built-in authorizer.

from chalice import Chalice, AuthResponse

app = Chalice(app_name="appname")

@app.authorizer(ttl_seconds=30)
def my_auth(auth_request):
    # Validate auth_request.token, and then:
    return AuthResponse(routes=['/'], principal_id='username')

@app.route('/', authorizer=my_auth)
def viewfunction(value):
    pass
Parameters:
  • ttl_seconds – The number of seconds to cache this response. Subsequent requests that require this authorizer will use a cached response if available. The default is 300 seconds.
  • execution_role – An optional IAM role to specify when invoking the Lambda function associated with the built-in authorizer.
schedule(expression, name=None)

Register a scheduled event that’s invoked on a regular schedule. This will create a lambda function associated with the decorated function. It will also schedule the lambda function to be invoked with a scheduled CloudWatch Event.

See Scheduled Events for more information.

@app.schedule('cron(15 10 ? * 6L 2002-2005)')
def cron_handler(event):
    pass

@app.schedule('rate(5 minutes)')
def rate_handler(event):
    pass

@app.schedule(Rate(5, unit=Rate.MINUTES))
def rate_obj_handler(event):
    pass

@app.schedule(Cron(15, 10, '?', '*', '6L', '2002-2005'))
def cron_obj_handler(event):
    pass
Parameters:
  • expression – The schedule expression to use for the CloudWatch event rule. This value can either be a string value or an instance of type ScheduleExpression, which is either a Cron or Rate object. If a string value is provided, it will be provided directly as the ScheduleExpression value in the PutRule API call.
  • name – The name of the function to use. This name is combined with the chalice app name as well as the stage name to create the entire lambda function name. This parameter is optional. If it is not provided, the name of the python function will be used.
on_s3_event(bucket, events=None, prefix=None, suffix=None, name=None)

Create a lambda function and configure it to be automatically invoked whenever an event happens on an S3 bucket.

Warning

You can’t use the chalice package command when using the on_s3_event decorator. This is because CFN does not support configuring an existing S3 bucket.

See S3 Events for more information.

This example shows how you could implement an image resizer that’s triggered whenever an object is uploaded to the images/ prefix of an S3 bucket (e.g s3://mybucket/images/house.jpg).

@app.on_s3_event('mybucket', events=['s3:ObjectCreated:Put'],
                 prefix='images/', suffix='.jpg')
def resize_image(event):
    with tempfile.NamedTemporaryFile('w') as f:
        s3.download_file(event.bucket, event.key, f.name)
        resize_image(f.name)
        s3.upload_file(event.bucket, 'resized/%s' % event.key, f.name)
Parameters:
  • bucket – The name of the S3 bucket. This bucket must already exist.
  • events – A list of strings indicating the events that should trigger the lambda function. See Supported Event Types for the full list of strings you can provide. If this option is not provided, a default of ['s3:ObjectCreated:*'] is used, which will configure the lambda function to be invoked whenever a new object is created in the S3 bucket.
  • prefix – An optional key prefix. This specifies that the lambda function should only be invoked if the key matches this prefix (e.g. prefix='images/').
  • suffix – An optional key suffix. This specifies that the lambda function should only be invoked if the key name ends with this suffix (e.g. suffix='.jpg').
  • name – The name of the function to use. This name is combined with the chalice app name as well as the stage name to create the entire lambda function name. This parameter is optional. If it is not provided, the name of the python function will be used.
on_sns_message(topic, name=None)

Create a lambda function and configure it to be automatically invoked whenever an SNS message is published to the specified topic.

See SNS Events for more information.

This example prints the subject and the contents of the message whenever something publishes to the sns topic of mytopic. In this example, the input parameter is of type SNSEvent.

app.debug = True

@app.on_sns_message(topic='mytopic')
def handler(event):
    app.log.info("SNS subject: %s", event.subject)
    app.log.info("SNS message: %s", event.message)
Parameters:
  • topic – The name of the SNS topic you want to subscribe to. This is the name of the topic, not the topic ARN.
  • name – The name of the function to use. This name is combined with the chalice app name as well as the stage name to create the entire lambda function name. This parameter is optional. If it is not provided, the name of the python function will be used.
on_sqs_message(queue, batch_size=1, name=None)

Create a lambda function and configure it to be automatically invoked whenever a message is published to the specified SQS queue.

The lambda function must accept a single parameter which is of type SQSEvent.

If the decorated function returns without raising any exceptions then Lambda will automatically delete the SQS messages associated with the SQSEvent. You don’t need to manually delete messages. If any exception is raised, Lambda won’t delete any messages, and the messages will become available once the visibility timeout has been reached. Note that for batch sizes of more than one, either the entire batch succeeds and all the messages in the batch are deleted by Lambda, or the entire batch fails. The default batch size is 1. See the Using AWS Lambda with Amazon SQS for more information on how Lambda integrates with SQS.

See the SQS Events topic guide for more information on using SQS in Chalice.

app.debug = True

@app.on_sqs_message(queue='myqueue')
def handler(event):
    app.log.info("Event: %s", event.to_dict())
    for record in event:
        app.log.info("Message body: %s", record.body)
Parameters:
  • queue – The name of the SQS queue you want to subscribe to. This is the name of the queue, not the ARN or Queue URL.
  • batch_size – The maximum number of messages to retrieve when polling for SQS messages. The event parameter can have multiple SQS messages associated with it. This is why the event parameter passed to the lambda function is iterable. The batch size controls how many messages can be in a single event.
  • name – The name of the function to use. This name is combined with the chalice app name as well as the stage name to create the entire lambda function name. This parameter is optional. If it is not provided, the name of the python function will be used.
lambda_function(name=None)

Create a pure lambda function that’s not connected to anything.

See Pure Lambda Functions for more information.

Parameters:name – The name of the function to use. This name is combined with the chalice app name as well as the stage name to create the entire lambda function name. This parameter is optional. If it is not provided, the name of the python function will be used.

Request

class Request

A class that represents the current request. This is mapped to the app.current_request object.

@app.route('/objects/{key}', methods=['GET', 'PUT'])
def myobject(key):
    request = app.current_request
    if request.method == 'PUT':
        # handle PUT request
        pass
    elif request.method == 'GET':
        # handle GET request
        pass
query_params

A dict of the query params for the request.

headers

A dict of the request headers.

uri_params

A dict of the captured URI params.

method

The HTTP method as a string.

json_body

The parsed JSON body (json.loads(raw_body)). This value will only be non-None if the Content-Type header is application/json, which is the default content type value in chalice.

raw_body

The raw HTTP body as bytes. This is useful if you need to calculate a checksum of the HTTP body.

context

A dict of additional context information.

stage_vars

A dict of configuration for the API Gateway stage.

to_dict()

Convert the Request object to a dictionary. This is useful for debugging purposes. This dictionary is guaranteed to be JSON serializable so you can return this value from a chalice view.

Response

class Response(body, headers=None, status_code=200)

A class that represents the response for the view function. You can optionally return an instance of this class from a view function if you want complete control over the returned HTTP response.

from chalice import Chalice, Response

app = Chalice(app_name='custom-response')


@app.route('/')
def index():
    return Response(body='hello world!',
                    status_code=200,
                    headers={'Content-Type': 'text/plain'})

New in version 0.6.0.

body

The HTTP response body to send back. This value must be a string.

headers

An optional dictionary of HTTP headers to send back. This is a dictionary of header name to header value, e.g {'Content-Type': 'text/plain'}

status_code

The integer HTTP status code to send back in the HTTP response.

Authorization

Each of these classes below can be provided using the authorizer argument for an @app.route(authorizer=...) call:

authorizer = CognitoUserPoolAuthorizer(
    'MyPool', header='Authorization',
    provider_arns=['arn:aws:cognito:...:userpool/name'])

@app.route('/user-pools', methods=['GET'], authorizer=authorizer)
def authenticated():
    return {"secure": True}
class CognitoUserPoolAuthorizer(name, provider_arns, header='Authorization')

New in version 0.8.1.

name

The name of the authorizer.

provider_arns

The Cognito User Pool arns to use.

header

The header where the auth token will be specified.

class IAMAuthorizer

New in version 0.8.3.

class CustomAuthorizer(name, authorizer_uri, ttl_seconds, header='Authorization')

New in version 0.8.1.

name

The name of the authorizer.

authorizer_uri

The URI of the lambda function to use for the custom authorizer. This usually has the form arn:aws:apigateway:{region}:lambda:path/2015-03-01/functions/{lambda_arn}/invocations.

ttl_seconds

The number of seconds to cache the returned policy from a custom authorizer.

header

The header where the auth token will be specified.

Built-in Authorizers

These classes are used when defining built-in authorizers in Chalice.

class AuthRequest(auth_type, token, method_arn)

An instance of this class is passed as the first argument to an authorizer defined via @app.authorizer(). You generally do not instantiate this class directly.

auth_type

The type of authentication

token

The authorization token. This is usually the value of the Authorization header.

method_arn

The ARN of the API gateway being authorized.

class AuthResponse(routes, principal_id, context=None)
routes

A list of authorized routes. Each element in the list can either by a string route such as “/foo/bar” or an instance of AuthRoute. If you specify the URL as a string, then all supported HTTP methods will be authorized. If you want to specify which HTTP methods are allowed, you can use AuthRoute. If you want to specify that all routes and HTTP methods are supported you can use the wildcard value of "*": AuthResponse(routes=['*'], ...)

principal_id

The principal id of the user.

context

An optional dictionary of key value pairs. This dictionary will be accessible in the app.current_request.context in all subsequent authorized requests for this user.

class AuthRoute(path, methods)

This class be used in the routes attribute of a AuthResponse instance to get fine grained control over which HTTP methods are allowed for a given route.

path

The allowed route specified as a string

methods

A list of allowed HTTP methods.

APIGateway

class APIGateway

This class is used to control how API Gateway interprets Content-Type headers in both requests and responses.

There is a single instance of this class attached to each Chalice object under the api attribute.

default_binary_types

The value of default_binary_types are the Content-Types that are considered binary by default. This value should not be changed, instead you should modify the binary_types list to change the behavior of a content type. Its value is: application/octet-stream, application/x-tar, application/zip, audio/basic, audio/ogg, audio/mp4, audio/mpeg, audio/wav, audio/webm, image/png, image/jpg, image/jpeg, image/gif, video/ogg, video/mpeg, video/webm.

binary_types

The value of binary_types controls how API Gateway interprets requests and responses as detailed below.

If an incoming request has a Content-Type header value that is present in the binary_types list it will be assumed that its body is a sequence of raw bytes. You can access these bytes by accessing the app.current_request.raw_body property.

If an outgoing response from Chalice has a header Content-Type that matches one of the binary_types its body must be a bytes type object. It is important to note that originating request must have the Accept header for the same type as the Content-Type on the response. Otherwise a 400 error will be returned.

This value can be modified to change what types API Gateway treats as binary. The easiest way to do this is to simply append new types to the list.

app.api.binary_types.append('application/my-binary-data')

Keep in mind that there can only be a total of 25 binary types at a time and Chalice by default has a list of 16 types. It is recommended if you are going to make extensive use of binary types to reset the list to the exact set of content types you will be using. This can easily be done by reassigning the whole list.

app.api.binary_types = [
    'application/octet-stream',
    'application/my-binary-data',
]

Implementation Note: API Gateway and Lambda communicate through a JSON event which is encoded using UTF-8. The raw bytes are temporarily encoded using base64 when being passed between API Gateway and Lambda. In the worst case this encoding can cause the binary body to be inflated up to 4/3 its original size. Lambda only accepts an event up to 6mb, which means even if your binary data was not quite at that limit, with the base64 encoding it may exceed that limit. This will manifest as a 502 Bad Gateway error.

CORS

class CORSConfig(allow_origin='*', allow_headers=None, expose_headers=None, max_age=None, allow_credentials=None)

CORS configuration to attach to a route.

from chalice import CORSConfig
cors_config = CORSConfig(
    allow_origin='https://foo.example.com',
    allow_headers=['X-Special-Header'],
    max_age=600,
    expose_headers=['X-Special-Header'],
    allow_credentials=True
)

@app.route('/custom_cors', methods=['GET'], cors=cors_config)
def supports_custom_cors():
    return {'cors': True}

New in version 0.8.1.

allow_origin

The value of the Access-Control-Allow-Origin to send in the response. Keep in mind that even though the Access-Control-Allow-Origin header can be set to a string that is a space separated list of origins, this behavior does not work on all clients that implement CORS. You should only supply a single origin to the CORSConfig object. If you need to supply multiple origins you will need to define a custom handler for it that accepts OPTIONS requests and matches the Origin header against a whitelist of origins. If the match is successful then return just their Origin back to them in the Access-Control-Allow-Origin header.

allow_headers

The list of additional allowed headers. This list is added to list of built in allowed headers: Content-Type, X-Amz-Date, Authorization, X-Api-Key, X-Amz-Security-Token.

expose_headers

A list of values to return for the Access-Control-Expose-Headers:

max_age

The value for the Access-Control-Max-Age

allow_credentials

A boolean value that sets the value of Access-Control-Allow-Credentials.

Scheduled Events

New in version 1.0.0b1.

class Rate(value, unit)

An instance of this class can be used as the expression value in the Chalice.schedule() method:

@app.schedule(Rate(5, unit=Rate.MINUTES))
def handler(event):
    pass

Examples:

# Run every minute.
Rate(1, unit=Rate.MINUTES)

# Run every 2 hours.
Rate(2, unit=Rate.HOURS)
value

An integer value that presents the amount of time to wait between invocations of the scheduled event.

unit

The unit of the provided value attribute. This can be either Rate.MINUTES, Rate.HOURS, or Rate.DAYS.

MINUTES, HOURS, DAYS

These values should be used for the unit attribute.

class Cron(minutes, hours, day_of_month, month, day_of_week, year)

An instance of this class can be used as the expression value in the Chalice.schedule() method.

@app.schedule(Cron(15, 10, '?', '*', '6L', '2002-2005'))
def handler(event):
    pass

It provides more capabilities than the Rate class. There are a few limits:

  • You can’t specify day_of_month and day_of_week fields in the same Cron expression. If you specify a value in one of the fields, you must use a ? in the other.
  • Cron expressions that lead to rates faster than 1 minute are not supported.

For more information, see the API docs page.

Examples:

# Run at 10:00am (UTC) every day.
Cron(0, 10, '*', '*', '?', '*')

# Run at 12:15pm (UTC) every day.
Cron(15, 12, '*', '*', '?', '*')

# Run at 06:00pm (UTC) every Monday through Friday.
Cron(0, 18, '?', '*', 'MON-FRI', '*')

# Run at 08:00am (UTC) every 1st day of the month.
Cron(0, 8, 1, '*', '?', '*')

# Run every 15 minutes.
Cron('0/15', '*', '*', '*', '?', '*')

# Run every 10 minutes Monday through Friday.
Cron('0/10', '*', '?', '*', 'MON-FRI', '*')

# Run every 5 minutes Monday through Friday between
# 08:00am and 5:55pm (UTC).
Cron('0/5', '8-17', '?', '*', 'MON-FRI', '*')
class CloudWatchEvent

This is the input argument for a scheduled event.

@app.schedule('rate(1 hour)')
def every_hour(event: CloudWatchEvent):
    pass

In the code example above, the event argument is of type CloudWatchEvent, which will have the following attributes.

version

By default, this is set to 0 (zero) in all events.

account

The 12-digit number identifying an AWS account.

region

Identifies the AWS region where the event originated.

detail

For scheduled events, this will be an empty dictionary.

detail_type

For scheduled events, this value will be "Scheduled Event".

source

Identifies the service that sourced the event. All events sourced from within AWS will begin with “aws.” Customer-generated events can have any value here as long as it doesn’t begin with “aws.” We recommend the use of java package-name style reverse domain-name strings.

For scheduled events, this will be aws.events.

time

The event timestamp, which can be specified by the service originating the event. If the event spans a time interval, the service might choose to report the start time, so this value can be noticeably before the time the event is actually received.

event_id

A unique value is generated for every event. This can be helpful in tracing events as they move through rules to targets, and are processed.

resources

This JSON array contains ARNs that identify resources that are involved in the event. Inclusion of these ARNs is at the discretion of the service.

For scheduled events, this will include the ARN of the CloudWatch rule that triggered this event.

to_dict()

Return the original event dictionary provided from Lambda. This is useful if you need direct access to the lambda event, for example if a new key is added to the lambda event that has not been mapped as an attribute to the CloudWatchEvent object. Example:

{'account': '123457940291',
 'detail': {},
 'detail-type': 'Scheduled Event',
 'id': '12345678-b9f1-4667-9c5e-39f98e9a6113',
 'region': 'us-west-2',
 'resources': ['arn:aws:events:us-west-2:123457940291:rule/testevents-dev-every_minute'],
 'source': 'aws.events',
 'time': '2017-06-30T23:28:38Z',
 'version': '0'}
class S3Event

This is the input argument for an S3 event.

@app.on_s3_event(bucket='mybucket')
def event_handler(event: S3Event):
    app.log.info("Event received for bucket: %s, key %s",
                 event.bucket, event.key)

In the code example above, the event argument is of type S3Event, which will have the following attributes.

bucket

The S3 bucket associated with the event.

key

The S3 key name associated with the event. The original key name in the S3 event payload is URL encoded. However, this key attribute automatically URL decodes the key name for you. If you need access to the original URL encoded key name, you can access it through the to_dict() method.

to_dict()

Return the original event dictionary provided from Lambda. This is useful if you need direct access to the lambda event, for example if a new key is added to the lambda event that has not been mapped as an attribute to the S3Event object. Note that this event is not modified in any way. This means that the key name of the S3 object is URL encoded, which is the way that S3 sends this value to Lambda.

class SNSEvent

This is the input argument for an SNS event handler.

@app.on_sns_message(topic='mytopic')
def event_handler(event: SNSEvent):
    app.log.info("Message received with subject: %s, message: %s",
                 event.subject, event.message)

In the code example above, the event argument is of type SNSEvent, which will have the following attributes.

subject

The subject of the SNS message that was published.

message

The string value of the SNS message that was published.

to_dict()

Return the original event dictionary provided from Lambda. This is useful if you need direct access to the lambda event, for example if a new key is added to the lambda event that has not been mapped as an attribute to the SNSEvent object.

class SQSEvent

This is the input argument for an SQS event handler.

@app.on_sqs_message(queue='myqueue')
def event_handler(event: SQSEvent):
    app.log.info("Event: %s", event.to_dict())

In the code example above, the event argument is of type SQSEvent. An SQSEvent can have multiple sqs messages associated with it. To access the multiple messages, you can iterate over the SQSEvent.

__iter__()

Iterate over individual SQS messages associated with the event. Each element in the iterable is of type SQSRecord.

to_dict()

Return the original event dictionary provided from Lambda. This is useful if you need direct access to the lambda event, for example if a new key is added to the lambda event that has not been mapped as an attribute to the SQSEvent object.

class SQSRecord

Represents a single SQS record within an SQSEvent.

body

The body of the SQS message.

receipt_handle

The receipt handle associated with the message. This is useful if you need to manually delete an SQS message to account for partial failures.

to_dict()

Return the original dictionary associated with the given message. This is useful if you need direct access to the lambda event.