I have been putting together and deploying Lambda functions using Apex and the functions, where I have been using GET method through AWS API Gateway are working fine.
I now need to create an API to call into a Lambda function using POST and pass in a JSON object. To get the basics of POST working I created a simple Lambda function that just does the following
console.log("!!!!!!! Received request");
callback(null, {data: "Success"});
return;
When I call this Lambda function using a GET method from API Gateway and test the API, it works fine - the API Gateway Test mechanism gives the "success" message while "Received Request" is logged in a successful call in CloudWatch.
However when I use the POST request to call the same Lambda function from API Gateway I get the following
"message": "Internal server error"
And I also see "Execution failed due to configuration error: Invalid permissions on Lambda function"
So what I am wondering is whether the role by which Lambda functions are called require any additional privileges when that function is invoked through a POST method. If so what is that privilege that I need to assign to the role being used?
Thanks,
Sanjay.
If you want to call POST method through API gateway level, that post method you have to deploy. Go to AWS API Gateway console. then select your POST API name and on the top of the grid (screen) you will find a drop down called Actions, there one option called deploy. That you have to select then only your POST API will work.
API Gateway needs permissions to invoke your Lambda function. It prompts you to add the permission automatically if you configure your API via the web console, and the Lambda function is not specified with a stage variable.
So if you're using a tool like CloudFormation or Swagger import to create or update your APIs, or the Lambda function is specified with a stage variable, you'll need issue a aws lambda add-permission command manually to set the permission.
See these posts for more details:
Lambda function -> Api Gateway stage variable permission manually
AWS API Gatewat with proxy Lambda: Invalid permissions on Lambda function
Related
I am working on a project and trying to use API Gateway to invoke a lambda function. The lambda function is used to update a DynamoDB item. The DynamoDB table is used to keep a running count of visitors to a web page. I need to create an API to invoke the lambda function but I'm not sure how to create the API. Any assistance is appreciated.
General steps would be:
Create AWS_PROXY integration between API Gateway and your Lambda function. The example of this is in the AWS tutorials: Set up Lambda proxy integrations in API Gatewa and in Tutorial: Build a REST API with HTTP proxy integration
Add/amend execution role to your function allowing it to access DynamoDB. This is exemplified in the AWS tutorial: Using AWS Lambda with Amazon DynamoDB.
Test the API. It can be done directly in API gateway console, or using external tools such as curl or Postman.
I figured out my issue. In my lamdba function, I needed to change the output to a JSON object. Once I made the change, I was able to get my API working. Here is a link to the fix.
I have a lambda function exposed via API gateway but when I try to request it using fetch it is saying that I am forbidden to access it. How do I allow my function to call another function via API gateway?
There can be multiple reasons for it.
Check whether your API gateway endpoint is open or not. While specifying trigger for lambda you must have selected one option for security. You can edit this in API gateway Method Execution tab under Authorization Settings, select Authorization : None and API key required: false
You might not have enabled CORS on your api and due to that your api is not available on cross regions.
Your api gateway is not having access to lambda function. You can do that by attaching IAM role to your API gateway API which can trigger your lambda function.
To start off with, i am pretty new to AWS. Started with pretty basic API Gateway + Lambda integration. Below are my use cases.
Created a Lambda proxy Integration request with API Gateway, GET request which outputs the addition of 2 numbers passed through query parameters. Now if i access this API Gateway endpoint I am getting the desired result.
Now I have created custom authorizer, which is in turn a call to another lambda.
So a request will be validated by authorizer lambda prior hitting API Gateway endpoint. In this case authorizer is not invoked at all.
I have enabled Cloudwatch logs for API gateway & lambda, so below are issues i am facing,
Cloudwatch logs to API Gateway end point does not show the call to custom authorizer lambda.
Logs to end point lambda is seen correctly in lambda group, but unable to see the same for authorizer lambda.
I have followed the below AWS documentation nothing seems to help.
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-api-as-simple-proxy-for-lambda.html
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html
Below is the API Gateway config. The authorizer configured is having a header token called 'Authorization', consumer of the API should provide the Authorization token while calling the endpoint, which is supposed to validated by Authorizer.
API Gateway Logs - Lambda configured was called directly without invoking Authorizer.
As mentioned by #Anup in the comments, you probably need to re-deploy the stage for the changes to take effect.
In my case I setup everything in terraform and couldn't figure out why the custom authenticater wasn't being called.
After adding variables to the deployment to trigger a redeployment, the custom authenticater was properly called as expected.
Make sure your lambda and gateway authorizer are correctly configured. A couple suggestions:
Verify if your lambda has the API gateway trigger. The trigger is created automatically when you assign your authorizer to a valid lambda function in the API gateway authorizer settings.
Verify if your lambda has a valid handler. The current assigned handler can be seen in your lambda's configuration page.
Make sure the Method Request Authorization of your resource is set to the correct authorizer
Deploy the gateway to guarantee the current API stage is using the displayed settings.
Even if your authorizer code doesn't work properly you should at least see an execution log in CloudWatch.
Just managed to solve the same problem. The request invoke authorizer sometimes but sometimes not.
When you create a custom authorizer, it automatically turns on the authorization caching. The default TTL is 300s.
https://docs.aws.amazon.com/apigateway/latest/developerguide/configure-api-gateway-lambda-authorization-with-console.html
I have a lambda function that I'd like to trigger via HTTP request.
When I click add trigger to a lambda function, I get an API Gateway API set up with:
method: ANY
Great. Now, when viewing this lambda function, I see a trigger has been configured.
However, I would like to restrict the trigger to only allow POST requests.
So I deleted the API Gateway method ANY, and created a new method POST, under the same resource, using an integration type of Lambda Function. I select my region, and sure enough, my existing lambda function is autocompleted.
However, when I view the triggers tab on the lambda function itself, it shows that there are no triggers.
What am I missing?
If you need flexible control of the API, I would suggest to use the API Gateway console to mange your API. Lambda triggers should only be used for simple use-cases - API methods configured through API Gateway will not show up in the Lambda triggers list.
I already had an API Gateway API as the trigger for my AWS Lambda function. However when I tried to add another API as a trigger to the same AWS Lambda, it threw an error saying that
There was an error creating the trigger: An integration is already present on this method.
Even when I delete the trigger already present from the configuration window of Lambda, it still shows that the trigger is present.
How can I add multiple API Gateway APIs as triggers for the same lambda function ?
You can setup it via API Gateway console.
Create the Lambda function via Lambda without providing a trigger
Go to API Gateway Console
Create an API.
Create a resource and method
Select the Lambda function you want to trigger by the method
Create an other API/method
Select the Lambda function you want to trigger by the method
Since you are creating the trigger/integration via API Gateway Console, API Gateway will setup the proper permission to allow API Gateway to invoke your Lambda function on multiple APIs/methods.
In the API Gateway, we cannot make entries with the same resource name. When you have created a trigger it's already created and again you are trying to create another one. So we have to clear the previous one and then try again or else we can update it going into the API Gateway interface.