I built a simple HelloWorld API using a lambda function and APIGateway. I'm using Cloudformation.
The lambda function runs fine when I run it using aws lambda invoke.
The API runs locally using sam local start-api.
But when I deploy it using sam deploy (after using package of course), the API returns status code 500.
This is the log that I get when I try to test it.
Execution log for request 18523f73-c3b2-48f5-b550-bca5c4ca9323
Mon Feb 14 08:34:20 UTC 2022 : Starting execution for request: 18523f73-c3b2-48f5-b550-bca5c4ca9323
Mon Feb 14 08:34:20 UTC 2022 : HTTP Method: GET, Resource Path: /hello
Mon Feb 14 08:34:20 UTC 2022 : Method request path: {}
Mon Feb 14 08:34:20 UTC 2022 : Method request query string: {}
Mon Feb 14 08:34:20 UTC 2022 : Method request headers: {}
Mon Feb 14 08:34:20 UTC 2022 : Method request body before transformations:
Mon Feb 14 08:34:20 UTC 2022 : Endpoint request URI: https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-east-1:692288675106:function:helloWorldGolang/invocations
Mon Feb 14 08:34:20 UTC 2022 : Endpoint request headers: {X-Amz-Date=20220214T083420Z, x-amzn-apigateway-api-id=5ratem86ea, Accept=application/json, User-Agent=AmazonAPIGateway_5ratem86ea, Host=lambda.us-east-1.amazonaws.com, X-Amz-Content-Sha256=dc9f833e2240463386b876c17d53f8f7b618f362705869a4a798bf9adc677c9b, X-Amzn-Trace-Id=Root=1-620a140c-5a78dcfd5f1880c84c7c257b, x-amzn-lambda-integration-tag=18523f73-c3b2-48f5-b550-bca5c4ca9323, Authorization=*********************************************************************************************************************************************************************************************************************************************************************************************************************************************fd17a8, X-Amz-Source-Arn=arn:aws:execute-api:us-east-1:692288675106:5ratem86ea/test-invoke-stage/GET/hello, X-Amz-Security-Token=IQoJb3JpZ2luX2VjED8aCXVzLWVhc3QtMSJHMEUCIQDgrxEOKJmDynNl1FbYdO9XlvG5fcOaC/8rpb4LICtwwwIgVal+O0QHJvuAawTRQ3rb+a3ow2i10Hsti6xmQ9lMxlkqgwQIiP// [TRUNCATED]
Mon Feb 14 08:34:20 UTC 2022 : Endpoint request body after transformations: {"resource":"/hello","path":"/hello","httpMethod":"GET","headers":null,"multiValueHeaders":null,"queryStringParameters":null,"multiValueQueryStringParameters":null,"pathParameters":null,"stageVariables":null,"requestContext":{"resourceId":"5p6rov","resourcePath":"/hello","httpMethod":"GET","extendedRequestId":"NhgSDETfIAMF-OA=","requestTime":"14/Feb/2022:08:34:20 +0000","path":"/hello","accountId":"692288675106","protocol":"HTTP/1.1","stage":"test-invoke-stage","domainPrefix":"testPrefix","requestTimeEpoch":1644827660943,"requestId":"18523f73-c3b2-48f5-b550-bca5c4ca9323","identity":{"cognitoIdentityPoolId":null,"cognitoIdentityId":null,"apiKey":"test-invoke-api-key","principalOrgId":null,"cognitoAuthenticationType":null,"userArn":"arn:aws:iam::692288675106:user/Administrator","apiKeyId":"test-invoke-api-key-id","userAgent":"aws-internal/3 aws-sdk-java/1.12.154 Linux/5.4.156-94.273.amzn2int.x86_64 OpenJDK_64-Bit_Server_VM/25.322-b06 java/1.8.0_322 vendor/Oracle_Corp [TRUNCATED]
Mon Feb 14 08:34:20 UTC 2022 : Sending request to https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-east-1:692288675106:function:helloWorldGolang/invocations
Mon Feb 14 08:34:21 UTC 2022 : Received response. Status: 403, Integration latency: 79 ms
Mon Feb 14 08:34:21 UTC 2022 : Endpoint response headers: {Date=Mon, 14 Feb 2022 08:34:21 GMT, Content-Type=application/json, Content-Length=17, Connection=keep-alive, x-amzn-RequestId=bbbee38a-16ea-4b20-be26-018ae6ee7bc6, x-amzn-ErrorType=AccessDeniedException}
Mon Feb 14 08:34:21 UTC 2022 : Endpoint response body before transformations: {"Message":null}
Mon Feb 14 08:34:21 UTC 2022 : Lambda invocation failed with status: 403. Lambda request id: bbbee38a-16ea-4b20-be26-018ae6ee7bc6
Mon Feb 14 08:34:21 UTC 2022 : Execution failed due to configuration error:
Mon Feb 14 08:34:21 UTC 2022 : Method completed with status: 500
Note the x-amzn-ErrorType=AccessDeniedException in the Endpoint response headers.
I have given APIGateway the permission to execute the lambda. So that is why this question doesn't seem like a duplicate.
template.yaml resources:
HelloWorldAPI:
Type: AWS::ApiGateway::RestApi
Properties:
Name: HelloWorldApi
HelloWorldAPIResource:
Type: AWS::ApiGateway::Resource
Properties:
RestApiId: !Ref HelloWorldAPI
ParentId: !GetAtt HelloWorldAPI.RootResourceId
PathPart: hello
HelloWorldAPIMethod:
Type: AWS::ApiGateway::Method
Properties:
AuthorizationType: NONE
HttpMethod: GET
ResourceId: !Ref HelloWorldAPIResource
RestApiId: !Ref HelloWorldAPI
# RestApiId: "/"
Integration:
Type: AWS_PROXY
IntegrationHttpMethod: GET
Uri: !Sub
- arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${Arn}/invocations
- Arn: !GetAtt HelloWorldFunction.Arn
HelloWorldFunction:
Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
Properties:
FunctionName: helloWorldGolang
CodeUri: hello-world/
Handler: hello-world
Runtime: go1.x
Architectures:
- x86_64
HelloWorldFunctionPermission:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !GetAtt HelloWorldFunction.Arn
Action: lambda:InvokeFunction
Principal: apigateway.amazonaws.com
SourceArn: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':execute-api:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- ':'
- !Ref HelloWorldAPI
- /*/*/*
Using /*/* instead of /*/*/* during the end there didn't make a difference.
I am aware that instead of defining APIGateway in such detail, I should use the "SAM events" method here. But my organisation doesn't do that.
So I appreciate if someone can help me with this in this method.
