Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS API Gateway Custom Authorizer not invoked

To start off with, i am pretty new to AWS. Started with pretty basic API Gateway + Lambda integration. Below are my use cases.

  1. Created a Lambda proxy Integration request with API Gateway, GET request which outputs the addition of 2 numbers passed through query parameters. Now if i access this API Gateway endpoint I am getting the desired result.

  2. Now I have created custom authorizer, which is in turn a call to another lambda. So a request will be validated by authorizer lambda prior hitting API Gateway endpoint. In this case authorizer is not invoked at all.

I have enabled Cloudwatch logs for API gateway & lambda, so below are issues i am facing,

  1. Cloudwatch logs to API Gateway end point does not show the call to custom authorizer lambda.

  2. Logs to end point lambda is seen correctly in lambda group, but unable to see the same for authorizer lambda.

I have followed the below AWS documentation nothing seems to help.

https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-api-as-simple-proxy-for-lambda.html

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html

Below is the API Gateway config. The authorizer configured is having a header token called 'Authorization', consumer of the API should provide the Authorization token while calling the endpoint, which is supposed to validated by Authorizer.

enter image description here

API Gateway Logs - Lambda configured was called directly without invoking Authorizer.

enter image description here

like image 505
Amit Avatar asked Sep 28 '18 06:09

Amit


People also ask

How do I test my API gateway authorizer?

For the REQUEST authorizer, type the valid request parameters corresponding to the specified identity sources and then choose Test. In addition to using the API Gateway console, you can use AWS CLI or an AWS SDK for API Gateway to test invoking an authorizer. To do so using the AWS CLI, see test-invoke-authorizer.

Is not authorized to perform Apigateway get?

I am not authorized to perform an action in API Gateway If the AWS Management Console tells you that you're not authorized to perform an action, then you must contact your administrator for assistance. Your administrator is the person that provided you with your user name and password.

What is API gateway custom authorizer?

A Lambda authorizer (formerly known as a custom authorizer) is an API Gateway feature that uses a Lambda function to control access to your API.


2 Answers

As mentioned by @Anup in the comments, you probably need to re-deploy the stage for the changes to take effect.

In my case I setup everything in terraform and couldn't figure out why the custom authenticater wasn't being called.

After adding variables to the deployment to trigger a redeployment, the custom authenticater was properly called as expected.

like image 149
monkut Avatar answered Sep 20 '22 12:09

monkut


Make sure your lambda and gateway authorizer are correctly configured. A couple suggestions:

  • Verify if your lambda has the API gateway trigger. The trigger is created automatically when you assign your authorizer to a valid lambda function in the API gateway authorizer settings.

  • Verify if your lambda has a valid handler. The current assigned handler can be seen in your lambda's configuration page.

  • Make sure the Method Request Authorization of your resource is set to the correct authorizer

  • Deploy the gateway to guarantee the current API stage is using the displayed settings.

Even if your authorizer code doesn't work properly you should at least see an execution log in CloudWatch.

like image 42
rubensoleao Avatar answered Sep 18 '22 12:09

rubensoleao