I want to call the AWS IOT AttachPolicy API (doc) and I set my API gateway as below.
method execution:
method setting
integration request:
integration setting
integration setting2
I am getting error of "No method found matching route" and status 200 by
link: https://xxxxxxxx.execute-api.us-east-2.amazonaws.com/test/attachiotpolicy/
and body:
{
"identityId":"us-east-2:xxxx",
"target-policies":"policy_A"
}
How to set up correctly?
Related
I have a custom domain linked to my test stage in the AWS API gateway.
I have a method as seen in the attached picture and have enabled cors (as also attached in the picture.
The endpoint will call my lambda function (with proxy lambda enabled as well)
I call the api endpoint from my Ionic angular application like so:
axios.defaults.headers.post['Content-Type'] = 'application/json';
return axios.post(url, {
data
}).then((response) => {
if (response.data.status == 'success') {
});
but in my console I get the following error:
Access to XMLHttpRequest at 'https://test.mycustomendpoint.com/auth/v1/?action=login' from origin 'http://localhost' has been blocked by CORS policy: Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response.
I am wondering what I may be doing wrong.
Image11
Image22
This problem only happens when you run the app using serve to solve it just install this chrome extension on your device from here
I am currently playing around a bit with AWS AppSync and I am trying to use the Lambda authoriser feature to do some custom auth for the GraphQL API.
I have the Lambda function set up with the correct resource-based policy to allow AppSync to invoke the function and I have AppSync's Default authorization mode set to invoke my Lambda.
This is my lambda code:
exports.handler = (event) => {
console.log(JSON.stringify(event));
const response = {
isAuthorized: true,
};
console.log(JSON.stringify(response));
return response;
};
Now I am facing the issue that the Lambda authoriser is always giving me the following error when I attempt to run a GraphQL quarry:
Error: Request failed with status code 401
After debugging this problem for two hours I can say the following things:
The GraphQL endpoint is working fine, because if I set the Default authorization mode to API key or Amazon cognito user pool without changing anything else my Query executes successfully.
The lambda function is definitely being invoked whenever I make a request to the API and the lambda also receives the correct event from AppSync.
The Lambda returns {"isAuthorized":true} which means no Authorization Token would result in a 401.
So as far as I can tell everything is as it should but I am still getting the 401 no matter what I do and im getting pretty frustrated.
Whenever you receive an Error: Request failed with status code 401 in your AWS AppSync Console and you were using Lambda Authorizer as your custom Authorizer for your API. Irrespective of what are the frameworks you used to create the Infrastructure i.e., CDK or SAM or Serverless Framework. Check whether you have added these correctly for your Lanbda Authorizer
Check you have added proper policystatement to your Lambda Authorizer
Check you have added permission for your Lambda Authorizer to your API
Eg:
If you are using AWS CDK to create all your AppSync and Lambda Authorizer, Add these two things to solve the above error
lambdaAuth.addToRolePolicy("your policy statement"),
lambdaAuth.addPermission("appsync",{
principal: new ServicePrincipal("appsync.amazonaws.com"),
action: "lambda:InvokeFunction"
})
After some very frustrating debugging I finally figured out that the problem was the Lambda handler function. As it turns out a Node.js lambda handlers should be async.
So changing the lambda to the following code fixes the issue:
exports.handler = async (event) => {
console.log(JSON.stringify(event));
const response = {
isAuthorized: true,
};
console.log(JSON.stringify(response));
return response;
};
I didn't know this, since until no I only used Python for Lambdas, and the problem was hard to spot since the console.log's where still running correctly so I though the function was returning the correct data where as in fact it was returning null.
I am using an AWS Websocket API Gateway that has the following routes:
I've been able to connect to my websocket and send requests and receive responses from /SendMessage with the following json: {"action": "SendMessage", "message": "Hello, World"} however, when I tried adding a new route /Register. Sending the json {"action": "Register", "message": "Hello, World"} AWS API Gateway routes the request to $default.
The following request appears on CloudWatch:
The request should be routed to /Register and not /default. Do I need to do some kind of redeployment of the API Gateway when I add a new route?
First, make sure you have re-deployed your API Gateway.
Second, make sure you have re-deployed your Lambda functions
Last, you have to Stringify your request like this:
socket.send(JSON.stringify({
"action": "SendMessage",
"message": "Hello, World"
}))
I'm trying to execute API calls from ReactNative AWS Amplify to API Gateway endpoint using AWS_IAM authorization.
I do it by calling (all Amplify initialization params are set):
import { API, Auth } from "aws-amplify";
...
API.get("MyApiName", "/resource")
.then(resp => { ... })
.catch(e => console.log(JSON.stringify(e));
I have console printout like:
{
"message":"Request failed with status code 403",
"name":"Error",
"stack": "...",
"headers":{
"Accept":"application/json, text/plain, */*",
"User-Agent":"aws-amplify/3.8.23 react-native",
"x-amz-date":"20210908T172556Z",
"X-Amz-Security-Token":"IQoJb3...",
"Authorization":"AWS4-HMAC-SHA256 Credential=ASIA23GCUWEDETN632PS/20210908/us-east-1/execute-api/aws4_request, SignedHeaders=host;user-agent;x-amz-date;x-amz-security-token, Signature=2a06fb4d8eb672164bfd736790fb1658edef1240d12a38afb599a9e33020c3cd"
...
}
So, it looks like the request is Signed!
I use Cognito User Pool and appropriate Identity Pool. They both are set properly, becuase these settings work with successfull authorization access to S3 storage using AWS Amplify S3.
Authenticated role for Cognito Identity Pool has permission to for ExecuteApi to invoke the API resource method. Also, it has permission to invoce the Lambda that is linked to the API's resource method.
All looks fine, but I am still getting the 403 Forbidden error.
What's missing here?
I created a API gateway with websocket. And I added request/response integration to my lambda in $connect route. Then I deploy the API to staging and I can see there is a wss and https URL generated on staging page.
Then I am using wscat command to test the websocket connection:
wscat -c wss://xxxx.execute-api.ap-southeast-2.amazonaws.com/dev
But I get an error response: error: Unexpected server response: 500.
I don't have any authentication on the API. And I have checked my lambda log, it is not called. That means the request failed on API gateway. What could be the error in my API Gateway?
The lambda you're integrating the $connect route to needs permission to be invoked by apigateway.
Add the following permission:
Principal: apigateway.amazonaws.com
Effect: Allow
Action: lambda:InvokeFunction
Also enable Cloudwatch logs for API Gateway to get a better idea what's going on if it's failing before hitting your lambda.
Stages -> Logs/Tracing -> CloudWatch Settings -> Enable CloudWatch Logs