> ## Documentation Index
> Fetch the complete documentation index at: https://docs.esperr.com/llms.txt
> Use this file to discover all available pages before exploring further.

# AWS Lambda

> Use the Lambda and API Gateway recipe when your application traffic already enters through API Gateway and Lambda — putting Esper at an AWS serverless boundary.

<Info>
  **Recipe Path**

  This guide corresponds to
  <a href="https://github.com/stonehedgelabs/esper/tree/main/recipes/aws" target="_blank" rel="noopener noreferrer">`recipes/aws`</a>.
</Info>

## What this integration does

The Lambda recipe extracts request context from the event, asks Esper for a
mitigation result, and either returns a mitigation response or forwards the
request onward.

It should call `POST /api/v1/runtime/mitigation` on the Esper API host.

Example from the recipe:

```js theme={null}
const clientIP =
  event.headers["X-Forwarded-For"] ||
  event.requestContext?.identity?.sourceIp ||
  "127.0.0.1";

const mitigationData = JSON.stringify({
  ip: clientIP,
  user_agent: event.headers["User-Agent"] || event.headers["user-agent"],
  path: event.path || event.rawPath,
  method: event.httpMethod || event.requestContext?.http?.method,
  aws_request_id: event.requestContext?.requestId,
});
```

## Environment variables

* `ESPER_API_KEY`
* `ESPER_API_URL`

## Deploy

```bash theme={null}
cd recipes/aws
sam build
sam deploy --guided
```

<Info>
  **Operational Fit**

  This recipe is a good fit for teams already standardized on AWS primitives and
  who want Esper enforcement or telemetry collection without introducing a
  separate always-on service.
</Info>

## Current behavior notes

* `Monitor` is the safest place to start.
* `Challenge` currently returns challenge data instead of redirecting into an
  Esper-hosted verification flow.
* `Block` returns an immediate deny response from Lambda.
