I am trying to use SAM to configure an api gateway and a lambda. However, looking at the event passed to the Lambda, Authorization header is missing. Authorization is suppose to be the JWT from Cognito. When using standard Cloudformation templates, this token is passed as part of the event.
I cannot find anything in SAM documentation or examples, that points me on how to solve this issue.
Related
I am using AWS API Gateway for Communicating with Action on Google Console to AWS Lambda. In this scenario I am making a post call and I want to find the user in this call. I came to know that this is sent in the header. So I did the Following Steps:
Created a resource and method and that's working fine data is being passed successfuly between each other.
Now I want to pass the header to find the user so what I did was I use the authorizer from AWS API gateway console and then clicked on Create a authorizer.
Now I am confused in this scenario I want a header and body so what should I send it has in Lambda Event Payload.
Either Token or payload in case of token it's only sending the authorization part as a header.
So According to my understanding In my scenario I'll be needing Request. But in request what should I add as Identity Sources for header in the console.
Actually for the Above Problem We need to do the Implementation in Integration request in the AWS API Console. Go to the Mapping template in Integration request.
For Futher references use this article
To start off with, i am pretty new to AWS. Started with pretty basic API Gateway + Lambda integration. Below are my use cases.
Created a Lambda proxy Integration request with API Gateway, GET request which outputs the addition of 2 numbers passed through query parameters. Now if i access this API Gateway endpoint I am getting the desired result.
Now I have created custom authorizer, which is in turn a call to another lambda.
So a request will be validated by authorizer lambda prior hitting API Gateway endpoint. In this case authorizer is not invoked at all.
I have enabled Cloudwatch logs for API gateway & lambda, so below are issues i am facing,
Cloudwatch logs to API Gateway end point does not show the call to custom authorizer lambda.
Logs to end point lambda is seen correctly in lambda group, but unable to see the same for authorizer lambda.
I have followed the below AWS documentation nothing seems to help.
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-api-as-simple-proxy-for-lambda.html
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html
Below is the API Gateway config. The authorizer configured is having a header token called 'Authorization', consumer of the API should provide the Authorization token while calling the endpoint, which is supposed to validated by Authorizer.
API Gateway Logs - Lambda configured was called directly without invoking Authorizer.
As mentioned by #Anup in the comments, you probably need to re-deploy the stage for the changes to take effect.
In my case I setup everything in terraform and couldn't figure out why the custom authenticater wasn't being called.
After adding variables to the deployment to trigger a redeployment, the custom authenticater was properly called as expected.
Make sure your lambda and gateway authorizer are correctly configured. A couple suggestions:
Verify if your lambda has the API gateway trigger. The trigger is created automatically when you assign your authorizer to a valid lambda function in the API gateway authorizer settings.
Verify if your lambda has a valid handler. The current assigned handler can be seen in your lambda's configuration page.
Make sure the Method Request Authorization of your resource is set to the correct authorizer
Deploy the gateway to guarantee the current API stage is using the displayed settings.
Even if your authorizer code doesn't work properly you should at least see an execution log in CloudWatch.
Just managed to solve the same problem. The request invoke authorizer sometimes but sometimes not.
When you create a custom authorizer, it automatically turns on the authorization caching. The default TTL is 300s.
https://docs.aws.amazon.com/apigateway/latest/developerguide/configure-api-gateway-lambda-authorization-with-console.html
I'm trying to set up a very basic API, before taking the additional step of integrating Cognito. Testing the API endpoint within the AWS console works fine. However, I'm not able to get things working in Postman.
In API Gateway, I've connected an endpoint with no parameters to a Lambda function. The Lambda function returns a hard-coded, static JavaScript object. Clicking the test button here works as expected.
In the Method Execution screen, I've selected AWS_IAM for authorization and don't require an API key.
In IAM I created a user named postman and attached the AmazonAPIGatewayInvokeFullAccess policy (covering all ExecuteAPI resources, for now).
The API seems to be published correctly, since it complains when I try to access it without an Authorization header.
But when I use the AWS Signature Authoriztion type and enter postman's AccessKey and SecretKey, I get no response at all.
I'm trying to find access logs to debug, but I'm new to this part of AWS and haven't found anything yet... What am I missing? Thanks in advance.
I'm facing a little problem with my custom authorizer AWS lambda function. In my Header request I have my Authorization token and I have an other data 'My-Internal-Integer' and I was wondering if it is possible to get 'My-Internal-Integer' value in my custom authorizer AWS lambda function thanks to event or context maybe, I don't know. From this topic : How to access http headers in custom authorizer AWS lambda function it seems that it's not possible, but do you know if there is a workaround to get 'My-Internal-Integer' value please ?
Alex
I've created a Lambda function, and connected it to an API Gateway endpoint. My users are authenticating using Facebook via Cognito (so, obviously using a Federated Identity Pool). In my iOS app, I am able to authenticate properly, receive a Cognito Id back, and also properly execute my Lambda function by way of API Gateway.
Where I'm stuck now is attempting to access the user's identity in my lambda. I understand from other threads & the AWS docs that I should use able to access the identity via context.identity.cognitoIdentityId in JS. However, the context is always null.
Further digging suggested that the context is passed in the X-Amz-Client-Context header -- when I look at packets for the API Gateway call, I do not see that header being passed through. I am using the automatically generated SDK (ObjC) from Gateway for my endpoints.
What am I missing here?
I apologize for the confusion. You have 2 options for getting this value into your lambda function:
By passing via API Gateway. If you are using the Lambda Proxy, it should already be available in event.requestContext.identity.cognitoIdentityId.
By enabling use caller credentials in your integration. If you use this method, you will also need to add lambda:Invoke permissions to your Cognito role.