3

Recently, I used the Amazon API Gateway .I created an api ,but the API failed all the time. At the beginning,I didn't add request headers.The result that API responsed is as follows: 

HTTP/1.1 403 Forbidden    
{"message":null, "type": "ACCESS_DENIED", "status":"", "other":"" }

Then ,I added a header which named host,the result changed.

HTTP/1.1 403 Forbidden
{"message":"Forbidden"}

I didn't use other AWS. I set the authorization is none and the API key required is false. enter image description here Could you help me? Thanks!

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
jenny
  • 31
  • 1
  • 4
  • it seems that you are using wrong access/secret key – Sasikumar Murugesan Jul 13 '18 at 02:22
  • Two common errors are: 1) not calling the correct resource in the url (e.g. wrong/missing resource name, wrong stage, etc). 2) incorrect call to backend service (e.g. something is getting mapped incorrectly in API GW). Have you tested your API from the GW console? If so, does it work from there? – K Mo Jul 13 '18 at 07:36
  • @SasikumarMurugesan The authorization is seted to none and the API Key is false.So ,I don't use access/secret key to request.Is the access/secret key necessary? – jenny Jul 13 '18 at 07:52
  • @KMo I have tested my API in the console.The api returns successfuly. The status is 200. – jenny Jul 13 '18 at 08:11
  • @jenny and you have double checked you are calling the correct invoke URL, which would be in this format https://{restapi_id}.execute-api.{region}.amazonaws.com/{stage_name}/{resourcePath}, with the correct method e.g. GET, POST or whatever you set up – K Mo Jul 13 '18 at 08:17
  • @KMo Now,I set API which the integration type is seted to mock and no query params.The resourse name is test.In the stage page,the Invoke URL is https://g06f5oxxxx.execute-api.cn-north-1.amazonaws.com.cn/beta.I call https://g06f5oxxxx.execute-api.cn-north-1.amazonaws.com.cn/beta/test. Where is the problem? thanks! – jenny Jul 13 '18 at 08:22
  • @jenny That all looks good. I can't see why that wouldn't work. My last question would be to check you have actually deployed the API. If so, I'm out of suggestions – K Mo Jul 13 '18 at 09:33
  • @KMo I am sure I have deployed my API to the "beta" stage.I don't know wheather I need to configure other settings in the AWS console. – jenny Jul 13 '18 at 10:00
  • Are you sure your method is a GET (assuming you are accessing it in a browser)? – Mark Hayward Jul 14 '18 at 22:18
  • @MarkHayward The method is GET.In the browser,I enter the url,the result is ACCESS_DENIED.I also try to invoke it in the IDE(such as Eclipse),the result is the description. – jenny Jul 16 '18 at 01:22

1 Answers1

0

A cause of {"message":"Forbidden"} which I had which had me stumped was that I had not deployed my API.

For anyone having this issue, check if your gateway has been deployed. First you will need a Stage, with which you can click Deploy API from the Actions dropdown, selecting your stage.

Deploying will give you an invoke_url, (which ends in /{stage-name}.

For those using Terraform....

You can define an aws_api_gateway_stage which depends on aws_api_gateway_deployment. There is a known issue, at the time of writing, where the deployment doesn't re-trigger, which was the original cause of my forbidden error.

To fix this and get the deployment to run everytime a change has been made, add to aws_api_gateway_deployment:

resource "aws_api_gateway_deployment" "gateway-deployment" {
  ...

  stage_description = "Terraform hash ${md5(join(",", local.all_resources))}"

  lifecycle {
    create_before_destroy = true
  }
}

locals {
  all_resources = [
    "${aws_api_gateway_resource.simulator-gateway-resource.path}:${aws_api_gateway_method.simulator-gateway-method.http_method}:${aws_api_gateway_integration.simulator-gateway-integration.uri}",
  ]
}```
tjheslin1
  • 1,378
  • 6
  • 19
  • 36