aws-lambdaalexa-skills-kitamazon-echo

How to lock my AWS lamda to my echo device only


I am trying to write a new echo (Alexa) skill for which there is an AWS lamda call for doing the processing. However I want the lamda to be accessible to my echo device only. Other devices should not be able to access the lamda even if they know the arn.

What are the parameters to set to achieve this?


Solution

  • As far as I know, your deviceId will change when you disable and re-enable your skill.

    Every skill has a unique applicationId which you will receive in every request from your skill. You can validate this id in your Lambda code before proceeding with any processing.

    "application": {
                "applicationId": "amzn1.ask.skill.xxxx-xxxx-xxxx-xxxx-xxxxxxxx"
            },
    

    The Lambda function is not directly accessed by your Echo device, instead your skill triggers your Lambda function and will include a deviceId and applicationId in its request.

    If somebody gets your ARN, even if they make another skill, they wont pass through your applicationId check in your Lambda.