I'm developing several AWS serverless applications using Lambda and API gateway.
At one point, I tried to execute an API request on one application (using requests python lib) from code running inside a Lambda function in another application. I get 500 server error. From the logs it appears that the Lambda function behind the API gateway is not starting at all. I don't find any logs that can tell me what happened.
Additional details:
The API gateway is protected by IAM auth.
The calling lambda has permission to "execute_api"
The request is signed according to Signature V4 - I followed the example here: https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html#sig-v4-examples-post .
The issue was that the calling lambda needed permission to execute the second lambda behind the API gateway. I don't know why that is. I also still don't know how I should have debugged this - where are the logs that should tell me what was the issue. Eventually it was a lucky guess on my side.
Related
I'm trying to deploy an AWS Lambda app that I was handed, But I'm not sure whether I should connect to it using a function URL or an API gateway, it's my fist time working with Lambdas so I don't even know how to tell. Do apps work with both or is there something in the serverless.yml file that could tell me which one to use?
When I try the API gateway, I don't know whether to use HTTP or REST, or whether to use cors, and whichever one I choose I don't know how to expose the X-CSRF-Token header. When I try using the Function URL, I can do that, but I get a 502 bad gateway error and a KeyError: 'path' in the logs.
I have an api gateway that triggers a lambda method. I'm trying to hit the endpoint and I get a 500 returned, InternalServerErrorException. However, the lambda was never invoked.
When logging into the aws console, I run the test interface in the api gateway. I get a 502, InternalServerErrorException. Logs say the lambda timed out after 3 seconds. Viewing cloudwatch it's clear the lambda was invoked this time.
I can't find any documentation on why I would be getting a 500 InternalServerErrorException when hitting the endpoint and it would not invoke the lambda, but I would be able to invoke it with the test button.
Any help would be greatly appreciated. I've been struggling for a bit with this one. Thanks!
If your API is working properly with the test button, but, you are receiving this error, looks like your API is not deployed.
To deploy your API go to Actions > Deploy API:
I've recently gotten into AWS Serverless Architecture with .NET Core 1.0. In my application we use Elasticsearch on its own machine in order to maintain it. What I am trying to do is use AWS Elasticsearch Service from AWS API Gateway which is being proxied by AWS Lambda. (I believe I have typed this correctly)
When ever my code accesses my Elasticsearch domain I receive a timeout error. As of right now, my Elasticsearch domain is left wide open so anyone can access the information. I would like to lock it down for only the API Gateway and Lamda function.
I've tried messing with the policies and roles to no success. Has anyone tried to do what I am trying to do, if so, how were they able to connect it? Or is there a better way?
The simple solution is to put all of your services out of the VPC they are in right now (I believe they are not in the same one, as your IO calls get timed out).
My answer here would give you a nice background on AWS Lambda with VPC and why external IO calls time out.
AWS lambda invoke not calling another lambda function - Node.js
note: the answer is not related to NodeJS.
I am fairly new to AWS Lambda but sure can see the benefits of it and stumbled upon the superb framework Serverless to help me built solutions on Lambda.
I started out building solutions using AWS API Gateway but really need "internal" VPC API's and not public Internet facing API's like API GW creates.
I found that Servless indeed can expose a HTTP endpoint but I can't figure out how this is done and how the URL is created.
When I deploy the Lambda from Serverless it gives me the URL, e.g.:
https://uxezd6ry8z.execute-api.eu-west-1.amazonaws.com/dev/ping
I would like to be able to find (or create) this same http listener for already existing Lambdas so my question is how is the URL created and where is teh actual HTTP listener deployed?
You might be looking for the invoke url,
1. go to https://console.aws.amazon.com/apigateway
2. select api link (which you have deployed on aws lambda).
3. select stages in left side panel and
see the invoke url.
Adding a http listener can be done by going to your lambda function, selecting the 'triggers' tab and 'add trigger', finally selecting API Gateway - but as others mentioned this does create a public facing url.
Duh, I was in the wrong AWS logon previously so the API GW was not showing any matching Serverless API and that was why I couldn't understand how they did it...
Once I logged into the AWS account that hosts the Serverless structure I can see the API GW GET API's for the Serverless HTTP listener.
I created an API using AWS API gateway and deployed it following the steps similar to the tutorial for AWS API gateway. I Connected the API with AWS lambda function on the backend. Everything works fine from inside API gateway's test method but when I access the API from Postman, I get the following error
"message": "Signature expired: 20160917T171647Z is now earlier than 20160917T200334Z (20160917T200834Z - 5 min.)"
Searching on stackoverflow question
AWS SDK Error - Signature not yet current
says it may be a problem with system timing. As I am using AWS lambda and API gateway, I don't have control of the system time. What should I debug?
Figured out the solution. The error message is misleading. I was not accessing the full url to the API.
I was accessing something like
https://someChars.execute-api.us-west-2.amazonaws.com/prod/
while the full url is
https://someChars.execute-api.us-west-2.amazonaws.com/prod/myUrlName