1

I'm trying to setup multi-region for our Typescript application that supports websockets.

I've created Route53 records that are weighted evenly to distribute requests to the different regions. When I try to call the postToConnection function, I get the following error message (when I try to call cross-region):

{
  "code": "InvalidSignatureException",
  "message": "Credential should be scoped to a valid region, not 'us-east-1'. ",
  "statusCode": 403,
  ...
}

Referenced here: https://docs.aws.amazon.com/general/latest/gr/signature-v4-troubleshooting.html

I then tried to create separate clients (ApiGatewayManagementApi[]) that are region specific, and received this error message:

{
  "code": "ForbiddenException",
  "message": "Forbidden",
  "statusCode": 403,
  ...
}

The lambda function that is called for the $default route (which is throwing the above errors) has the following permissions:

{
  "effect": "allow",
  "actions": ["execute-api:*"],
  "resources": ["arn:aws:execute-api:*:${ACCOUNT-ID}:*/*"],
}

Any ideas on how to get these calls working?

Brian Anderson
  • 621
  • 7
  • 22

1 Answers1

0

The problem was in my instantiation of the ApiGatewayManagementApi array that was meant to be region specific. I was not setting the region of the client (just the region specific endpoint). Once I ensured that the region was set properly, then I was able to get the cross-region websockets working!

** I also found this solution, which would've been a lot more effort for my configuration, but if you're just getting started, it may be better to follow as it is well documented: https://aws.amazon.com/blogs/compute/building-serverless-multi-region-websocket-apis/

Brian Anderson
  • 621
  • 7
  • 22