Tracing HTTP Request to Lambda Function Invocation - aws-lambda

The frontend developers at my company want to be able to see the lambda function logs of their requests.
Is there a way to pass something like a user created unique id in a header in an http request that will be passed from api gateway to the lambda function so that it easy to find the logs for that particular request?
It is an environment where there could be many requests happening simultaneously.

API Gateway will attach a unique ID to each request and this will filter through into Lambda. Each request should return a header with its response x-amzn-RequestId containing the request ID. In Lambda, you can access this request ID through the context object.
You're also free to create your own headers, x-correlation-id for example. In Lambda, you can access this header via the event.
Once you have you're value, you can attach that to your logs, directly as part of the log message or as metadata β€” depending on what logger you're using. If you're using CloudWatch, you might want to construct an object:
{ "requestId": "abc", "message": "This is a log entry." }
However you choose to do it, you should end up with a correlation ID which you can use to query your log entries.

Related

Invoking AWS Lambda Authorizer using Function URL

I have implemented an AWS Lambda Authorizer in Java (type=REQUEST). I would like to invoke the lambda using a Function URL. I need to pass the following fields to my Lambda AuthorizerEvent:
headers
type (REQUEST)
methodArn
I am sending the HTTP GET message using Postman. The headers get mapped correctly to the event object. However, type and methodARN are shown as null in the CloudWatch logs and the Function URL returns a 502 Bad Gateway error:
Received AuthorizerEvent(type=null, authorizationToken=null, headers={...}, methodArn=null)
I've tried putting type and methodArn in query parameters, headers and body (even though REQUEST authorizers don't use the body, see here). I also can't find complete documentation outlining how HTTP parameters are mapped to the lambda request event parameters for Authorizer Function URLs.
Any help would be greatly appreciated!

Azure Logic App - Get Response Body with 500 Internal Server Error

Is there any way to get the response body in Azure Logic App even when we get 500 Internal Server Error?
I have made the Logic App in a way that I'm setting the response code to 500 on an issue, and I'm adding some error related information in the response body. I tried returning 504 Gateway timeout as well, in case of a timeout issue I could face, but I'm always receiving a null response body in case of non-200 response codes.
If we are not able to see the response body in case of an error by design, is there a better way to set and fetch error related information from the response object?
Yes you can get the response body in Azure Logic App by adding the response action. According to this Add a Response action section of the Microsoft document.
When you use the Request trigger to handle inbound requests, you can model the response and send the payload results back to the caller by using the built-in Response action.
Following steps would help you to get the response body.
In the Logic App Designer, under the step where you want to add a Response action, select New step.
The under Choose an action, in the search box, enter response as your filter, and select the Response action.
Now add any values that are required for the response message. For the Body, you can select the trigger body output from the dynamic content list.
I would suggest to read the Receive and respond to inbound HTTPS requests in Azure Logic Apps document for more information.
Alternatively you can also create alerts whenever HTTP 500 errors occur in your App and use Application Insights to view it using Azure Monitor. I would also suggest to read this Handle errors and exceptions in Azure Logic Apps Microsoft document for more information.

How get AWS API Gateway & Lambda REST API to correctly handle a POST as application/x-www-form-urlencoded

I'm setting up a Lambda as a webhook handler that receive data POSTed from a remote API.
As per usual, the external webhook is POSTing the data in the form:
payload='SOME_JSON' for example payload='{"foo":"bar"}'
How can AWS API Gateway be configured to correctly handle application/x-www-form-urlencoded data POSTed from an external webhook, e.g., to correctly map the raw content string into a "form style" parameter name/value pair and pass the value (which is JSON) to the Lambda?
The problem is that AWS API Gateway, by default, tries to relay the entire raw string payload=JSONSTRING to the Lambda, but of course the payload= is not JSON, it's the form parameter name, so that generates a 400 error (body not in JSON format).
To test, I posted the same data to both the AWS API Gateway, and, so that I can see exactly what is POSTed from the webhook, also to webhook.site for debugging.
As shown below the in webhook.site screengrab, the raw data POSTed is in the usual webhook format, "parameter=value" eg payload=JSONSTRING, specifically: payload='{\"arg1\":\"val1\"}'
And as shown in the webhook.site screengrab, their site completely understood how to map that to a "parameter name" (payload) and the parameter value.
webhook.site screengrab:
The closest I've come is to get the API Gateway & Lambda to stop throwing 400 errors, by using API Gateway's "Body Mapping Template" to at least force the raw content "param=value" into JSON format using this body mapping:
{"body": "$input.body"}
as described in this helpful blog post: https://blog.summercat.com/using-aws-lambda-and-api-gateway-as-html-form-endpoint.html
(edit: that blog post was old, Body Mapping Template is not required, API Gateway now supports enabling "Use Lambda Proxy integration" on the Integration Request for the POST method which passed to the Lambda the full input object (headers, payload, etc) as JSON to get rid of the 400 errors. But the "body" key/value in the JSON is still not parse-able JSON, it is prefixed with the payload=")
But the problem is the the Lambda event hash still isn't in a usable format it still includes the "payload=...(escaped string)" e.g.
`{"body"=>"payload=%7B%22arg1%22%3A%22val1%22%7D"
So I hope there is some way to configure API Gateway to do what the rest of the world can do, and map the POSTed raw content "payload=JSONSTRING" to a JSON object that is passed to the Lambda, such as {"payload" : "JSONSTRING"} or perhaps just JSONSTRING?

AWS API Gateway - Lambda Proxy (Integration Request) - Internal Server Error

Have a simple Lambda POST integration with DynamoDB. Inserts one record into Dynamo upon execution. Works well when testing in AWS Lambda.
Response output is:
{
"isBase64Encoded": false,
"statusCode": 204,
"headers": {
"Content-Type": "application/json",
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Credentials": true
},
"body": "{}"
}
This response is programmatically defined as part of the Lambda response handling in accordance with the spec (afaict).
However, when run via a test in API Gateway, I receive a 502 Internal server error. Am using Lambda-Proxy integration as below:
Cloudwatch logs indicate:
{ ValidationException: Supplied AttributeValue is empty, must contain exactly one of the supported datatypes
at Request.extractError
with a limited use stacktrace (webpack has hashed the code pretty well). The above error would suggest DynamoDB is not receiving the payload correctly, or in a format it wants that honours required attributes. However, I have taken the same JSON used for the (successful) tests (tweaking the IDs to be unique between runs) from lambda, and believe my request header (Content-Type: application/json) is sensible.
Any thoughts / help on narrowing down the issue? I can post more info as requested if it helps.
Ok, solved this by logging all output (and inspecting in CloudWatch), in particular the event object. When running in a Lambda Test mode, the ID and other POST attributes were passed in the root of the event object. However, when using lambda-proxy mode, the integration remaps the event object hierarchy, and POST attributes are JSON stringified into the body attribute.
Just a quirk that makes sense once you understand what it's doing. That said, it's odd that the same payload fails when testing Lambda & API Gateway in turn.

Create function in Parse Cloud Code that does not require authorisation

I have my own instance of Parse Server running on AWS and until now Cloud Functions have been working great, but with one caveat: they cannot be successfully called publicly, i.e. they require an authorisation key be sent in the REST request header.
I want to set up a Slack Slash Command to my server, and it has to be able to POST a payload without any headers or extra parameters. As a result, my requests are currently unauthorised (returning 403 statuses).
Is there a way to create granular control over a Parse Cloud Function's authorisation (i.e. if it requires master-key header or not), and if not β€” is there a way of forwarding the request but still through the Parse server?β€”Or even a way of manipulating the headers of a Slack request? I would rather not have to use another service just for request forwarding.
Thanks!
Two options
Pass in the master key on the client request which should bypass authorization. It's a blunt approach but might be okay in your case (without knowing more details).
Or run a new express endpoint alongside parse and from there call the parse cloud function using the masker key.
var api = new ParseServer(...)
var app = express();
app.use('/parse', api);
app.get('/api/slack', function(req, res) {
//call cloud function passing in master key
// add X-Parse-Master-Key as http header
unirest.post("http://myhost.com:1337/parse/functions/mycloudfunction")
.headers({'X-Parse-Master-Key', MASTER_KEY)
.end(function(response) {
}

Resources