I'm new to API Gateway. I try to use the "custom authorizer". I followed below document and used sample code that website provided.
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html
The "Lambda Authorizer of the TOKEN type" is work.
curl -v -H 'x-custom-auth: xxxxx" https://xxxxx.execute-api.us-west-1.amazonaws.com/Prod/
For the "Lambda Authorizer of the REQUEST type", I can input header, queryValue1, stageValue1 and accountId for testing via aws console.
But...
I'm confused about the "request type" and did not know how to pass the queryValue1, stageValue1 and accountId to API Gateway.
Can anyone help me to figure it out?
Regardless of which type of Authorizer you use, API Gateway will receive the same headers and parameters that you originally sent.
Your Authorizer cannot modify the original request details (but it include an auth context which API Gateway can also read).
In the example you're referencing:
if (headers.HeaderAuth1 === "headerValue1"
&& queryStringParameters.QueryString1 === "queryValue1"
&& stageVariables.StageVar1 === "stageValue1"
&& requestContext.accountId === "123456789012") {
callback(null, generateAllow('me', event.methodArn));
} else {
callback("Unauthorized");
}
What they're saying is that the REQUEST authorizer is expecting specific values in the request object:
If all the values match, the authorizer will Allow the request to continue. API Gateway will receive the same request object (with all the same parameters).
If not all the values match, the authorizer will Deny the request returning 403 Unauthorized; API Gateway will not receive the request.
Each of the properties in the example are sourced in the following ways:
AccountId is set automatically by AWS
StageVar1 comes from the deployed API's stage settings (API Name > Stages > Stage Name > Stage Variables)
HeaderAuth and QueryString1 are sent by the HTTP client (e.g. curl)
Related
The frontend developers at my company want to be able to see the lambda function logs of their requests.
Is there a way to pass something like a user created unique id in a header in an http request that will be passed from api gateway to the lambda function so that it easy to find the logs for that particular request?
It is an environment where there could be many requests happening simultaneously.
API Gateway will attach a unique ID to each request and this will filter through into Lambda. Each request should return a header with its response x-amzn-RequestId containing the request ID. In Lambda, you can access this request ID through the context object.
You're also free to create your own headers, x-correlation-id for example. In Lambda, you can access this header via the event.
Once you have you're value, you can attach that to your logs, directly as part of the log message or as metadata — depending on what logger you're using. If you're using CloudWatch, you might want to construct an object:
{ "requestId": "abc", "message": "This is a log entry." }
However you choose to do it, you should end up with a correlation ID which you can use to query your log entries.
I have implemented an AWS Lambda Authorizer in Java (type=REQUEST). I would like to invoke the lambda using a Function URL. I need to pass the following fields to my Lambda AuthorizerEvent:
headers
type (REQUEST)
methodArn
I am sending the HTTP GET message using Postman. The headers get mapped correctly to the event object. However, type and methodARN are shown as null in the CloudWatch logs and the Function URL returns a 502 Bad Gateway error:
Received AuthorizerEvent(type=null, authorizationToken=null, headers={...}, methodArn=null)
I've tried putting type and methodArn in query parameters, headers and body (even though REQUEST authorizers don't use the body, see here). I also can't find complete documentation outlining how HTTP parameters are mapped to the lambda request event parameters for Authorizer Function URLs.
Any help would be greatly appreciated!
I have implemented a solution to integrate API Gateway REST API with AWS Lambda. Lambda function uses two URL Query string parameters for further processing.
When API is tested using the API Gateway console "Test" button I am getting Status Code:200. But when I invoke API from a EC2 Linux machine I am getting {"message": "Internal server error"}.
On checking the logs: Only one URL Query parameter string is passed to Lambda "Event" and the second parameter is lost.
Can anyone suggest what can be the reason here ?
I'm trying to integrate API GW v2 HTTP API with legacy (payload version 1.0) custom lambda authorizer. It's able to invoke the custom lambda authorizer but getting below response ($context.authorizer.error) in gateway logs with 500 status ($context.authorizer.status https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-logging-variables.html)-
The response from the Lambda Authorizer function doesn't match the format that API Gateway expects. Invalid value for 'context'
Which indicates that it's not abiding to the response format as mentioned here-
https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html#http-api-lambda-authorizer.payload-format-response
But same legacy lambda is working fine with API GW v1 REST APIs. Also cannot enable the execution logs like REST API so not able to see the actual response returned by lambda if by any chance it's not returning the correct response but i doubt that.
So problem seems to be API GW HTTP API doesn't like null values in context variable from Lambda authorizer. For now going to suppress the null values but ideally API GW should handle the null values gracefully. Another problem is it seems to be timing out in case time taken is more than 10 secs by Lambda authorizer but there's no way timeout can be configured for lambda authorizer.
I have been struggling with setting up AWS API Gateway to pass Query string parameters to my Lambda function.
If I set to API to use Lambda proxy integration, I get a CORS error at the Web client
[index.html:1 Access to XMLHttpRequest at 'https://g2kza1o79f.execute-api.eu-west-2.amazonaws.com/prod/gettest8' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.]
( - even when I have set the API with CORS enabled.
If I set the API to not use Lambda proxy integration, and CORS enabled, the API call works (no CORS error), but the event object received in my Lambda function is empty( hence no query string parameters).
In both cases I am using the GET method.
I can see in the Method Response Header the Access-Control-Allow-Origin option is present, but cannot access the Integration Response
Question: How can I set-up my API to pass query string parameters through to my Lambda function without getting the CORS error? I will also be wanting to set up APIs for POST requests to other Lambda functions.
I believe it is related to First Enable CORS Then Deploy API.
A good thread could be found here.
API Gateway CORS: no 'Access-Control-Allow-Origin' header