AWS API Gateway to Simple Notification Service - amazon-web-services

I'm trying to use the AWS console to pass a message straight from an API Gateway into an SNS queue. All the examples I've seen seem to go via a Lambda, but all the documentation and settings seem to suggest this step isn't necessarily needed.
I've got the below setup, but keep getting the error of
Execution failed due to configuration error: No match for output mapping and no default output mapping configured. Endpoint Response Status Code: 400
The mapping template section has: "When no template matches the request Content-Type header" set which the "Help" section suggests the body (which is where the json string is posted) is passed through if I've got no template set up, but maybe I'm misunderstanding this.
What am I missing?

Related

Using AWS EC2 API (https) with EC2 Launch Templates - The parameter LaunchTemplate is not recognized

I am extremely new with APIs and can not figure this out.
I have a use case where I want to call the AWS EC2 Rest API over https to start an instance from a Launch Template. I am using "RunInstances" 1 to attempt this. I have scrolled through the document and included all of the required parameters.
I then added "ImageId" to the test and got a good run (no issues with authentication, etc). The default instance was created.
The issue is that I cannot figure out how to get the API to accept the "LaunchTemplate" option. I either get "The parameter LaunchTemplate is not recognized" or a "400 - bad request" error.
In postman I have:
Postman Screenshot with the RunInstances call set up and the full URL visable
This is the link to the "LaunchTemplateSpecification" object documentation (linked from 1 also) 3
Can someone help me figure out how to construct the API request for the "LaunchTemplate" parameter?
Also, my web searches have not revealed HTTPS (web url) examples only CLI examples (none for this paramater in the docs either). If someone found a link that I could not, please send it my way.
Thanks!
#stdunbar was correct so far as the LaunchTemplate.LaunchTemplateName parameter was concerned.
I submitted a case to AWS support and received a response. I was missing a "version" parameter.
The correct parameter set is as follows:
https://us-east-1.ec2.amazonaws.com/?
Action=RunInstances&
MaxCount=1&
MinCount=1&
LaunchTemplate.LaunchTemplateName=Testing-Template&
Version=2016-11-15
Here is an updated Image of Postman (for learners like me) 1

How to get fixedresponseconfig on boto3 to work?

I am trying to create an integration between EC2-ALB and Lambda functions and in a part of my code I am trying to use the method:
modify_listener() documentation available here: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/elbv2.html#ElasticLoadBalancingv2.Client.modify_listener
in that part I am using the DefaultAction: FixedResponseConfig where I am trying to display a simple hello world on html. the way this gets triggered in the code is, if my target group is unhealthy display the fixed response permissions have been setup everything looks fine because when I run the function I get a successful message but when I ask for the application from my okta portal I don't get that response (hello world) I get a normal 503 service temporary unavailable.
How can I direct that fixed response to the frontend of the app when is not working? the purpose of this is to display a maintenance page when the target group is down.
Thanks for the responses please feel free to make any question.
You can't customize ALB's error messages through fixed response. Instead you should consider two options:
use CloudFront in front of your ALB to setup Custom Error Page for Specific HTTP Status Codes
use Route53 DNS failover when your ALB becomes unhealthy.

API Gateway - Get StatusCode

This should have been such a simple issue and I don't understand why it hasn't come up through all my searching (maybe it's just been a long day).
I have an API Gateway API setup, and I am adding a Body Mapping Template to my Integration Response for a 400* error group: see image -
All I would like to get is the StatusCode of the current response (as this is a 400* group - e.g. 401 / 403 / 404 etc.)
The closest I came was through this site: AWS help documentation and I thought I would be able to use something like $context.statusCode - but no luck.
Am I going crazy, or is this just not something required often?
PS - Making changes to any Lambda functions being called, is not an option.
Thanks
There's currently no mapping template variable in API Gateway dedicated to the integration response status code.
We will certainly add this as a feature request.
At current time you are limited to hardcoding the status code value in your response templates. You would either need to define generic status codes (i.e "4XX") or define integration responses for every status code you want to capture. While this seems tedious, this could be managed relatively easily in a Swagger template.
At current time the only way to see the integration response status code is via CloudWatch Logs.
Thanks,
Ryan / Amazon API Gateway
If you are sending error codes from your server then you can easily map them.
I have done something similar but I have used different trick to do. I used to send my own error entities and codes from server.
You have to map those error entities and error codes coming from server to the response that comes from amazon servers. I will try and explain what I mean by this. Api Gateway doesn't send response coming from your own server to the client automatically. You have to map those responses. For example, map 200 as a SUCESS and response entity will be default, that is whatever coming from server.
Now, we default success response is managed but what about error codes and error entities. You have to map them manually.
There are two ways you can do this,
One is manual, go to your api. Create error entities or models. Map them manually for each response code.
This one uses swaggger,
Solution is to import swagger specification of error entities. Add response templates to the swagger specification and let amazon do their job.
I can help you more with swagger. It depends how you are setting up your api on amazon.
Visit this for amazon extenstions to swagger,
http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions.html#api-gateway-swagger-extensions-integration-response

API Gateway CORS Issue

So I have CORS enabled going through the basic setup given by AWS Gateway. However for this API I need to allow Control Origins for all requests and allow credentials.
Here is what it looks like
The issue as you may have guessed is this setup is not allowed by CORS, you can not have a wildcard for Origin and have credentials as true. Normally the work around for this is to just grab the requesting domain and add it into the Origin Header. Which is more or less what I want to do. But I don't know how to get that information and add it as a mapping value. Where does API Gateway store that information and how do i get it?
UPDATE:
I have to pass through HTTP Header Host to my Lambda Function which I should have mentioned earlier, I have tried implementing the Answer below but I cannot access the header to pass it to the Lambda function using the instructions provided. Any more assistance with this is greatly appreciated.
Okay After hours of research and finding bits of information across the internet I have a solution and hopefully it is useful for other people.
To pass an HTTP Header that is not a default value provided by AWS API Gateway and then access that data via a Lambda Function and return that data in the Response Header follow the steps below
In "Method Request" go to "HTTP Request Headers" and add your desired header to capture. ie. if we want to get the host value of the API url you can enter "Host" here. if you want to get the website host of the caller use "Origin"
In "Integration Request" go to mapping templates and create a new template if an "application/json" does not exist, if it does just update it.
This is the important part, pass the header value you set in step 1. To do that write something similar to the following in the Template Box.
{
"origin" : "$input.params().header.Origin",
"host" : "$input.params().header.Host"
}
You can also pass in any url parameters you have defined in the same JSON.
Access the data from Lambda, The integration request passed the information into the "Event" parameter if using Node as the Lambda Backend code. to retrieve the value of any header just use the following within your handler.
event.origin;
When sending back your response from Lambda to API Gateway, it is best to format the response in JSON. Something similar to this.
{
"origin" : event.origin,
"host" : event.host,
"nonHeaderOutput" : "Hello World"
}
In "Integration Response" go to "Header Mappings", if the header you need is not listed you may add it in "Method Response" and it will then appear here. For this example I used "Access-Control-Allow-Origin" and edited the Mapping Value to be integration.response.body.origin
now go to "Mapping Templates and select the content type you want to use, and then edit the template to access the non header responses by adding this to the Template Box
$input.path("$.nonHeaderOutput")
That is it now the header that was sent to the API can be used in your method Response.
Jurgen from API Gateway here.
Thanks for reporting this issue. There is currently no simple way to set it up via the "Enable CORS" feature in the console. However, we are looking into it to improve the user experience for this use case.
As a potential workaround, you could passthrough the Origin header from the client to your backend and parse / create the value for the Access-Control-Allow-Origin header there. Then you would map the Header in the Integration Response from 'integration.response.header.Access-Control-Allow-Origin' to Access-Control-Allow-Origin and return it to the client.
Hope this helps.
Best,
Jurgen

AWS API Gateway won't open up

I created a "hello world" lambda function and then deployed it to an end-point using AWS's API Gateway:
All very much basic settings but I was sure to change the security to "open" and while i was told that it could take up for 15 minutes for the domain to resolve I found that even after 30 I was getting the following response from the "open" end-point:
{"message":"Missing Authentication Token"}
Am I missing something obvious? Shouldn't this have been available with what I did?
Note, it was pointed out that this image is of a PUT not a GET. I tried both and both came back errors. Just to check I've run GET and PUT through Postman and get a similar but not identical response:
and then GET ...
When I test the lambda function in the console it runs successfully but running it in the API Gateway it gives me a different articulation of the same error:
Tue Sep 29 20:57:43 UTC 2015 : Execution failed due to configuration error: Invalid permissions on Lambda function
and yet I used the default permissions that the console suggested. The lambda function itself is very basic and can be found here: code
I was having the exact some problem today. Whatever I did didn't work but finally figured out. turns out in order for the changes to take effect, you need to Deploy API.
So first go to Resources and click on Deploy API button. It will ask for a deployment stage. Once deployed I could call my API without any issues.
I know it's been a while since you posted the question, but thought it might come in handy for other people as well.
I had this same issue with a deployed API that was being hit frequently around midday the requests would stop working and fail with { Missing Authentication Token }
My issue was not the URL or a stage that was not deployed but I do know AWS throws that error for both of those reasons.
However I found a command to invalidate the cache of apigateway because in my case I was using a custom domain attached to cloudfront.
aws apigateway flush-stage-cache --rest-api-id 97y41psdkg --stage-name dev
After running this I stopped getting the { Missing Authentication Token }
You need to use "AWS Signature" under the Authorization tab in Postman. See this AWS guide on what to enter into those fields:
http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-use-postman-to-call-api.html
Please use your resource name end of your api URL.
https://***********.execute-api.us-east-1.amazonaws.com/Stag/number
Here number is my resource name