Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS API Gatewat with proxy Lambda: Invalid permissions on Lambda function

I am using AWS API Gateway with a proxy Lambda, when the name of the lambda function is coming as a stage variable. Meaning I have a single API integration which connects to appropriate lambda according to the deployed stage. See the general idea here: enter image description here

When I test one of my stages (called: "staging") everything works fine, but when testing the other stage ("production") I get the error "Execution failed due to configuration error: Invalid permissions on Lambda function".

Things I already tested and verified:
1. Both lambdas which should be invoked by the API work well and as expected when tested from the Lambda dashboard.
2. I've made sure (many times) that I've given permission to the API gateway to invoke my lambda function (i.e. executed "aws lambda add-permission..."). I've validated the policy afterwards many times (i.e. executed "aws lambda get-policy...").

Any idea what else I can check ? What I might have forgotten here ? Thanks.

enter image description here

like image 367
Shaish Avatar asked Nov 20 '16 14:11

Shaish


2 Answers

I had the same interesting problem. WHen you create API you might have accidentally entered the name of lambda function before creating it. Then after creating of lambda - the name will be displayed properly but it will not be connected or granted permissions.

Try:

  1. deleting the lambda you entered from api gateway
  2. reenter from dropdown desired lambda function using dropdown.

enter image description here

  1. if AWS asks you for granting executoin permission of lambda - BINGO., should be working now.
like image 159
Witold Kaczurba Avatar answered Nov 02 '22 16:11

Witold Kaczurba


Permissions to invoke the Lambda function are not automatically created when the Lambda function is specified in a stage variable. You need to do this manually:

aws lambda add-permission --function-name arn:aws:lambda:eu-west-1:111111111111:function:some-function:default --source-arn arn:aws:execute-api:eu-west-1:111111111111:xxxxxxxxxx/* --principal apigateway.amazonaws.com --statement-id 88b42004-f504-44d5-9adf-d027ee65a890 --action lambda:InvokeFunction

(You need to replace the region, your lambda function name and your account number, as well as the api-gateway ARN in this statement.)

like image 41
Digitalkapitaen Avatar answered Nov 02 '22 17:11

Digitalkapitaen