AWS API Gateway remove response headers - amazon-web-services

I have created an API using AWS api gateway which contains a mock endpoint /test.
In my response, I get the headers x-amzn-RequestId and x-amz-apigw-id. In case of an error, e.g. using a non existing endpoint /test2, I also get the x-amazn-ErrorType header.
I don't want these aws headers to be in my api response. How can these be removed?

Add CloudFront in front of your API Gateway. Then add a Lambda#Edge function for either origin response or viewer response to remove these attributes from the array.

Related

AWS API Gateway - lambda integration missing authorization header

My API includes various GET, POST and DELETE endpoints set up in AWS API Gateway. Each endpoint is integrated with Lambda and calls its own Lambda python function.
I have set up authorization manually (not through AWS authorizers): I call the endpoints with a bearer token in the "Authorization" header, and the Lambda functions access event["headers"]["Authorization"] to obtain the token. This works fine for POST and DELETE endpoints. However, when calling GET endpoints, the "Authorization" header is missing from the event["headers"] object (only other headers added by AWS are present).
I have tried calling the GET endpoints through various methods. Also worth mentioning that this is not a case sensitivity issue - the token I provide is not found anywhere in the events object.
All my endpoints are configured like this in API Gateway:
Method Request:
Integration Request:
Does API Gateway or Lambda remove the "Authorization" automatically for GET calls?
As you've mentioned that you use CloudFront in front of your API gateway, I believe I know what the problem is.
By default, CloudFront strips away params and headers from the request before forwarding it to origin. You need to modify your cache behaviour to forward the Authorization header to origin.
Go to your CloudFront distribution, and edit the behaviour for that distribution. Then, scroll down to 'Cache key and origin requests'.
You need to create a new cache policy that forwards the Authorization header, like so:

AWS API Gateway. Origin has been blocked by CORS Policy

Framework: Vue.js
Sending DELETE request(axios) to aws api gateway, that triggers a lambda function.
In API Gateway, I have created the DELETE method
screenshot
I have created/configured the OPTIONS method, where Gateway Responses DEFAULT 4XX AND DEFAULT 5XX are checked. Methods: DELETE and OPTIONS are checked, Access-Control-Allow-Headers: 'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token' and Access-Control-Allow-Origin were manually set. i.e. a list of origins.
I confirm configuration was saved by taking a look at Gateway Responses
screenshot
Lambda Function created, responds with the following headers.
screenshot
Code on client side
screenshot
Executing program - Request Response does not include the Access-Control-Allow-Origins.
I've been stuck for a couple of days now, I don't know where else I should look into.
I have tried adding headers to request e.g. Access-Control-Allow-Origin: '*' ,and tried the list of specific origins that will ping the api.
set Access-Control-Allow-Origin in api gateway to '*'
uncheck Lambda Proxy Integration in Delete Method, Any Method in api gateway
lambda function response with 'Access-Control-Allow-Methods': 'list of methods'
use fetch

set-cookie header Is removed by AWS HTTP API Gateway

I writing a serverless website using Amazon Web Services S3, Lambda, and the HTTP API Gateway, not the REST API Gateway. I am trying to set a cookie with one of my lambda functions and it works when I hit the lambda function directly using the lambda function url, but when I hit the url using the HTTP API Gateway, the Set-Cookie header is stripped off. The body, and all other custom headers are present, but the set-cookie header is just gone.
I've tried with and without the domain=***.com in the header and that doesn't make a difference.
I've tried messing with CORS and enabling Access-Control-Allow-Credentials. I've set Access-Control-Allow-Origin to the correct domain name. I've tried both set-cookie and * for Access-Control-Allow-Headers and Access-Control-Expose-Headers. Although I don't think CORS really matters because I'm using Postman and my understanding is it doesn't require CORS.
Does the HTTP API Gateway just not support setting cookies? It would be great if that was documented somewhere.
I forgot that I was using CloudFront. By default CloudFront does not forward cookies to or from the origin, so I had to set the CloudFront caching policy to allow that. More information here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html

Using the request body as cache key in AWS API Gateway

I am trying to put an API Gateway in front of an external GraphQL API to cache its responses. I am currently facing the issue that GraphQL queries usually work by the client sending POST requests with the query in the request body in JSON format. If I was to enable caching, API Gateway would use the same cache key for every request because the request path stays the same even for different queries.
Is there a way to use the request body as cache key in AWS API Gateway?
I believe, at least for REST API Gw (Integration request) that you can specify a header bodyValue mapped from method.request.body and there you can specify Caching enable or disable.

Default Response Headers: AWS API Gateway w/ Proxy Integration

We have an Angular SPA front end, which communicates through an AWS API Gateway to a .Net Web API hosted in a Lambda function. This configuration mandates that our API Gateway uses proxy intgeration with the Lambda.
Generally, this works well. We have enabled CORS in our API, and normal requests and responses flow as expected.
However, when something happens that breaks the API Gateway or .Net Lambda Wrapper, such as exceeding the Gateway's (non-configurable) 30-second timeout, or exceeding Lambda's max response size, the response message from the API Gateway does not contain a CORS header. As a result, regardless of the actual error, our front end registers a CORS error.
Is there some way to configure the API Gateway to always return a default CORS header?
Please note that this is happening outside of our code - there is nothing I can do inside of the C# lambda function, as this relates to errors happening above that level.
Yes, you can set it at AWS API Gateway Level
Login to AWS Console, Open API Gateway Service, Select your desired gateway.
On the left-hand side panel, select "Gateway Responses" (this will appear under your selected gateway)
now on the right-hand side, select "Default 5XX"
Add Default Headers for Cors like Access-Control-Allow-Headers, Access-Control-Allow-Methods, Access-Control-Allow-Origin
Save the changes and re-deploy the gateway.
Please refer this image to navigate to the desired section
Hope it helps.