Reference alexa forge skill lambda relay
Forge Alexa Skill¶
Skill ID: amzn1.ask.skill.593d6144-a080-4a17-aaf5-1085d185d944
Endpoint architecture: AWS Lambda relay (forge-alexa-relay, us-east-1) proxies Alexa POST requests to https://homeassistant.justinsforge.com/api/alexa using a long-lived HA Bearer token stored in Lambda env vars (HA_URL, HA_TOKEN).
Why Lambda instead of direct HTTPS: Amazon's Alexa runtime hard-rejects wildcard SSL certs (*.justinsforge.com). Cloudflare's default cert for subdomains is wildcard, blocked both in dev console simulator and at real Echo runtime. Lambda terminates on an AWS-issued cert, bypassing the validator entirely.
Region constraint: Alexa Skills Kit trigger only supports Lambda in us-east-1 (N. Virginia) for US English skills. us-east-2 and other regions cannot be invoked by the skill.
SSL type setting in dev console: Endpoint SSL type must be set to "My development endpoint is a sub-domain of a domain that has a wildcard certificate" but this alone does NOT fix the wildcard rejection at runtime; Lambda relay is required.
Status as of 2026-05-20: Lambda deployed + ASK trigger added + env vars set. ARN wiring back into Alexa skill endpoint was in progress at session end.
[Claude Code]
[auto-memory session 17941bc1-d82e-4781-a129-fee53cb899c4, confidence 0.78, mode staged]