I've got an AWS Lambda function that's working great, but I've noticed an error in my CloudWatch logs: "[ERROR] ClientError: An error occurred (ValidationException) when calling the Scan operation: ExpressionAttributeValues contains invalid value: The parameter cannot be converted to a numeric value for key :nit_nature." It seems like GPTBot has somehow accessed my Lambda's private function URL and is attempting to crawl it like a site. I checked the user-agent string, and it's definitely GPTBot based on the info from OpenAI's bot documentation. I'm concerned about having GPTBot crawl my private endpoints. Is there a way to block it, or does AWS need to take action against this? If they won't help, I'm thinking of implementing a custom solution in my Lambda function to block this user-agent.
1 Answer
Lambda function URLs are public, which means they rely on your authentication settings to control access. It sounds like you have public access enabled, right? Just double-check your security settings to make sure everything is locked down as it should be, because that URL won't be truly private if it's accessible without restrictions.
Yes, you're right. It’s not really a 'private' URL, but it shouldn't be treated like a public website either.