"internal server error" with API gateway and lambda on AWS - amazon-web-services

There are tons of similar questions both on this site and on the web, which leads me to believe there is something really wrong with AWS' documentation due to this causing grief to so many people.
So, I decided to post the most basic example step by step.
First, we create a new function:
It has default "everything", I don't touch a single line of code.
(the red error message is AWS not playing nice with Firefox)
The default code passes the test:
Now I add a trigger:
This gives me the link for the trigger:
I can go to the API endpoint: https://spy3z1jvu8.execute-api.ap-northeast-1.amazonaws.com/default/test
And it works:
Now, the problems will start. I open the API gateway that was created:
and try the default link: https://spy3z1jvu8.execute-api.ap-northeast-1.amazonaws.com
And...
Most of the people having similar questions seem to be having an issue with the gateway expecting some json content, etc, but here is an untouched AWS sample and the gateway link doesn't work.
The troubleshooting steps say to add logging and troubleshoot it that way, but there is nothing of interest in the logs.
What could be the origin of that problem?

What could be the origin of that problem?
You are correct. This is AWS/console fault. Specifically, it provides wrong permissions in the lambda's resource-based permissions for the default route to work. To fix that you have to edit the permissions.
Specifically, go to your function's Resource-based policy (this is different then execution role). You should find one Policy statement there which you have to edit. Then change in Source ARN from something like:
arn:aws:execute-api:ffffff:xxxx:api-id/*/*/function-name
to
arn:aws:execute-api:ffffff:xxxx:api-id/*/*

Related

AWS S3 - Getting 400 error when trying to access from aws web console; Also getting lots of errors in devtools at AWS home

just noticed this and am worried. Looking for advice on the cause and possible solutions.
S3 does not open on either sub-admin or root account. Getting 400 error.
haven't noticed any other resources that aren't loading.. I can access lambda, ddb, apigateway, etc. just fine.
Not sure if it's related but I noticed a bunch of errors in dev tools console when I sign into AWS. Not sure if those are normal as I've never taken notice before.. but thought it might be worth including.
Included screenshots of both below.
400 Error when attempting to access S3
Errors in devtools at AWS home page
Seems that the request your submitting has a header which is too large.
Have you tried using a different browser?
If that works you may just need to clear the cache in the current.
Assuming it still happens let us know what you tried.
The error 413 means Request entity too large.

Error when trying to access Lambda logs on CloudWatch?

I created some Lambda-Edge functions but I'm unable to set up the logs for it. When trying to access them I am seeing the error message:
There was an error loading Log Streams. Please try again by refreshing
this page.
I have gone to everything I could find on google, but as far as I can see my permissions are set up fine. I've created a custom role for them like this.
The role contains the following permissions:
I can't really figure out, what else could cause this error. It has been around 2h since setting up the functions and permissions.
For anyone experiencing the same problem. There is a weird quirk to LambdaEdge.
The logs will be stored in the AWS location closest to the user that executes it.
Even if you've deployed your functions in us-east-1, switch location to the destination that is closest to you.

Dialogflow using AWS Lambda webhook

I am trying to leverage AWS Lambda as the webhook for dialogflow call.
I want to use all the agent/google actions libraries.
So I copied the sample code and pasted it to Lambda what we get in Dialogflow console. I installed all the npm libraries. But when testing I am getting this issue:
TypeError: Cannot read property 'result' of undefined
at new WebhookClient (/var/task/node_modules/dialogflow-fulfillment/src/dialogflow-fulfillment.js:84:27)
at exports.dialogflowFirebaseFulfillment.functions.https.onRequest (/var/task/index.js:13:17)
at cloudFunction (/var/task/node_modules/firebase-functions/lib/providers/https.js:57:9)
I have exposed Lambda earlier but as the requirement is for the Dialogflow, I am not able to do so.
Note: I am passing the same request payload in Google Cloud and AWS Lambda, Google Cloud is returning correct but Lambda is returning error as mentioned above.
Not sure if I am missing any step or my understanding is wrong here.
Please help.
Can you please post some code here as well for more reference?
If you've installed the required npm libraries for dialog-flow then it should work as far as I can understand.
Also please note if you're trying to access input request parameters of DialogFlow such as {"userId": string,"idToken " string} it will not be accessible by default in the lambda events & hence you may face errors like Cannot read property 'result.originalRequest.user.idToken' of undefined.
You'll have to first enable google integrations on the fulfillment intents so that google can ask users the permission to send these attributes in the request body.
Also since this was asked many months ago please let me know if your issue was resolved.

Choosing active SES ReceiptRuleSet in CloudFormation / Troposphere

I am creating a ReceipRuleSet with troposphere like this :
ReceiptRuleSet(
title="SesRuleset",
RuleSetName="ses-ruleset"
)
However, when I upload the stack with the generated CloudFormation template, the RuleSet appears as inactive in SES.
Does anyone knows if there is a way to set the created RuleSet as active without having to interact with the online console nor the CLI ?
troposphere maintaner here. I don't actually know a ton about SES, but have you included the ReceiptRuleSet in a ReceiptRule? My guess is that if a RuleSet is not used by a Rule, it's probably inactive, since I can't see anything in either cloudformation or the API that would indicate you can set it to "active".
Unfortunately, this doesn't seem to be supported by Cloudformation. I found the following blog post leveraging a lambda doing an API call to activate the RuleSet after creation: https://binx.io/blog/2019/11/25/how-to-set-the-active-receipt-rule-set-in-ses-using-cloudformation/
This seemed one moving piece too many for me, so I'm currently activating the RuleSet through the console.

Serverless Framework AWS 403 Forbidden Error with Domain Only

I am working on a serverless setup for a project and ran into a strange error. This was working fine before I had to delete my old certificates and make a new one.
In short, I am following the tutorial series at serverless-stack.com for reference, and when running the apig-test command I get the following error.
{ status: 403,
statusText: 'Forbidden',
data: { message: 'Forbidden' } }
This screams to me policy error. So I went to check my policy to make sure it allows execution for the AuthRole and indeed it does. I verified this in IAM section under Roles and looked my services Auth_Role that I created when I set up Cognito.
I don't want to give information overload here, but if anyone has any ideas for where to look next I would be much appreciative and I'll give any details you want to see here.
One thing I want to note is that if I run the apig-test command with the direct URL to the Lambda function instead of my domain it works perfectly fine.
This proves that nothing is wrong with my code but more a policy setting regarding how I setup the domain.
I ran sls create_domain accordingly and I see the entries in the Route53 & API Gateway and they have finished their 40 minutes many hours ago. I insured its using correct certificate since I wiped out the other one.
My custom domains have worked in the past thanks to a plugin I found and this tutorial here (https://serverless.com/blog/serverless-api-gateway-domain/), its only recently that it stopped working when I realized I needed to add some more domains to my SSL cert.
So I assume the policy error is somewhere around this but not sure where to look?
Ok I found the answer. In the API Gateway under custom domains there is a section called Base Path Mappings This MUST be set to one of your functions with the default path of / (or just enter nothing for the path) and then the destination to your lambda service. This seemed to make it work for me.