Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

EventBridge failing to invoke API Destination with NO_PERMISSIONS error

0

Hi,

I created an EventBridge rule that is triggered on a cron schedule and invokes an API destination. When the rule fires, I am seeing an error message in the DLQ that has the following details:

ERROR_CODE | String | NO_PERMISSIONS

ERROR_MESSAGE | String | Unable to invoke ApiDestination endpoint: Internal Failure

I assume it's IAM related, however the IAM role was auto-generated when the rule was created.

I am unsure of what I need to add/update in order to mitigate the error.

For reference, a similar question was asked here: https://forums.aws.amazon.com/thread.jspa?threadID=340331

I'm happy to provide more details as necessary.

Thanks.

Themen
ServerlosAnwendungsintegration
Tags
Amazon EventBridge
Sprache
English
AWS-User-9025436
gefragt vor 2 Jahren3557 Aufrufe
2 Antworten
0

I assume you have your Connection authorized, if not, then you should fix the token acquisition first

If you have WAF Rule configured, this gets your requests blocked. If so you would need to adjust them to allow the access.

AWS
Yeldos
beantwortet vor 2 Jahren
  • AWS-User-9025436
    vor 2 Jahren

    By "Connection Authorized", do you mean the endpoint requires authentication? If so, then yes, my live endpoint requires authentication and I have the right token set up in the Connection. I also don't have any WAF rules defined.

    For testing, I have set up an ngrok instance that proxies requests to a local server on my machine. It does not require any authorization, and I am able to hit it from curl and from the browser. EventBridge fails to invoke it with the same NO_PERMISSIONS error.

0

Hey sorry if you've looked elsewhere. But I believe the answer is that you need a policy attached to your Rule that allows it to invoke your Destination.

Your role should have a policy that has a stanza like this:

                {
                  "Effect": "Allow",
                  "Action": [
                    "events:InvokeApiDestination"
                  ],
                  "Resource": [
                    "arn:of:your:destination"
                  ]
                }

I got the answer from this cloudformation/serverless example.

Hope it helps.

rePost-User-9670752
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt