- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
I fixed the problem,
These steps are correct, I was being foolish, Chrome was trying to access it with http, it of course requires https.
Hey! I am wondering about your Step 2 -- the "with a valid certificate" part.
I added a custom domain, and get a "d-\[RandomChars].execute-api.us-east-1.amazonaws.com" as well.
However, I noticed in this "Endpoint configuration" window that it does not show a "Certificate upload date" -- we have 2 other custom domains that do show a "Certificate upload date" just below the "Hosted zone ID" info, but they are "Edge" and mine is "Regional".
Does your custom domain "Endpoint configuration" show a certificate upload date?
I am searching fiendishly for why my custom domain remains "Forbidden"!!!
Edited by: warrenstephens on Nov 18, 2020 3:27 PM
I found the problem, and it was not with that certificate stuff. Another "foolish" mistake actually.
The issue was actually within the authorizer lambda, which returns an APIGatewayCustomAuthorizerResponse (the name of the struct in Go) which contains a policy to permit the execute lambda to then run.
The authorizer lambda was able to pull the region ("us-east-1") from the host name when it was like "zzzyyxx123.execute-api.us-east-1.amazonaws.com", but when the custom domain request comes in the "host" value in the header does not have the region embedded -- so the policy it created and returned had garbage for the region part of the ARN, and so the execute lambda would not run, i.e. "Forbidden".
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 3 Jahren
- AWS OFFICIALAktualisiert vor 3 Jahren