Menu
I am building a serverless application using AWS Lambda and API Gateway via Visual Studio. I am working in C#, and using the serverless application model (SAM) in order to deploy my API. I build the code in Visual Studio, then deploy via publish to Lambda. This is working, except every time I do a new build, and try to execute an API call, I get this error:
Execution failed due to configuration error: Invalid permissions on Lambda function
Doing some research, I found this fix mentioned elsewhere (to be done via the AWS Console):
Fix: went to API Gateway > API name > Resources > Resource name > Method > Integration Request > Lambda Function and reselected my existing function, before "saving" it with the little checkmark.
Now this works for me, but it breaks the automation of using the serverless.template (JSON) to build out my API. Does anyone know how to fix this within the serverless.template file? So that I don't need to take action in the console to resolve? Here's a sample of one of my methods from the serverless.template file
{ "AWSTemplateFormatVersion" : "2010-09-09", "Transform" : "AWS::Serverless-2016-10-31", "Description" : "An AWS Serverless Application.", "Resources" : { "Get" : { "Type" : "AWS::Serverless::Function", "Properties": { "VpcConfig":{ "SecurityGroupIds" : ["sg-111a1476"], "SubnetIds" : [ "subnet-3029a769","subnet-5ec0b928"] }, "Handler": "AWSServerlessInSiteDataGw::AWSServerlessInSiteDataGw.Functions::Get", "Runtime": "dotnetcore2.0", "CodeUri": "", "MemorySize": 256, "Timeout": 30, "Role": null, "Policies": [ "AWSLambdaBasicExecutionRole","AWSLambdaVPCAccessExecutionRole","AmazonSSMFullAccess"], "Events": { "PutResource": { "Type": "Api", "Properties": { "Path": "/", "Method": "GET" } } } } }, 
252
Open the Functions page of the Lambda console. Choose a function. Choose Configuration and then choose Permissions. Scroll down to Resource-based policy and then choose View policy document.
Lambda Execution Role grants permission to access AWS services and resources. By default Lambda function needs access to Amazon CloudWatch Logs for log streaming. So that means when you create any lambda function, by default it comes with Execution role which includes Amazon CloudWatch Logs.
To troubleshoot Lambda code errors You can use CloudWatch to view all logs generated by your function's code and identify potential issues. For more information, see Accessing Amazon CloudWatch Logs for AWS Lambda.
You may have an issue in permission config, that's why API couldn't call your lambda. try to explicitly add to template.yaml file invoke permission to your lambda from apigateway as a principal here's a sample below:
ConfigLambdaPermission: Type: "AWS::Lambda::Permission" DependsOn: - MyApiName - MyLambdaFunctionName Properties: Action: lambda:InvokeFunction FunctionName: !Ref MyLambdaFunctionName Principal: apigateway.amazonaws.com Here's the issue that was reported in SAM github repo for complete reference and here is an example of hello SAM project
If you would like to add permission by AWS CLI for testing things out, you may want to use aws lambda add-permission. please visit official documentation website for more details.
145
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
