Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

API Gateway Cache Invalidation not working

2

I'm trying to invalidate API Gateway cache as described in the documentation: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html

I've tried to invalidate the cache by making a http request using Lambda and through Postman but neither worked, the result is always the same: I get a warning in the response headers saying "199 Cache-control headers were ignored because the caller was unauthorized."

My API Gateway policy currently looks like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "execute-api:Invoke",
                "execute-api:InvalidateCache"
            ],
            "Resource": "arn:aws:execute-api:{region}:{accountId}:{apiId}/*"
        }
    ]
}

I've also applied the permission execute-api:InvalidateCache to the lambda who calls the API Gateway.

Themen
ServerlosFrontend-Web & MobileVernetzung & Bereitstellung von Inhalten
Tags
Amazon API-Gateway
Sprache
English
AWSUser22001
gefragt vor 2 Jahren1917 Aufrufe
4 Antworten
1

Good question.

Is this for a GET method? And are you authorized properly - does the IAM role you are using or the lambda role have the proper permissions to Invalidate Cache?

If not - I would check the settings for if API Cache is enabled and the setting for per-key cache invalidation here: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html#override-api-gateway-stage-cache-for-method-cache.

The error you are getting tells me that the setting for handle unauthorized requests is set to "Ignore cache control header. Add a warning in response header." And that it may still think you are unauthorized.

jsonc
beantwortet vor 2 Jahren
  • AWSUser22001
    vor 2 Jahren

    Yes, it is a GET method and the Lambda has the policy to execute-api:InvalidateCache

0

I'm having the same problem here. Cache invalidation works properly only if I do not require authorization.

Also, I can't understand from the documentation if authorization also works with a custom authorizer on API gateway. My authorization mecanism on API gateway is based on a bearer jwt token with a lambda authorizer that returns a policy. I tried to return the proper policy execute-api:InvalidateCache from the custom authorizer but it didn't work as expected.

I also tried with an IAM based authorization and a signed http request but it did not work neither. I had a user with the proper policy (I did not try with a role).

Also I did not try with a lambda calling the API gateway.

I suspect there is something around roles vs policies that I don't do properly...

Also, can you confirm if it can work with a custom authorizer or not ?

bruno
beantwortet vor 2 Jahren
0

Facing the same issue.

Created a policy, and attached it to the role which lets API Gateway invoke functions etc. Tried via postman with a valid JWT for a user in Cognito, and I get the warning header.

Which role is the policy supposed to be attached to exactly?

Pablo
beantwortet vor 6 Monaten
0

I am facing same issue. Here is a post that I found https://repost.aws/questions/QUqjodpSPlTnm8Y3B9wm9Wfw/can-i-use-api-gateway-cache-invalidation-with-a-custom-authorizer It states that at the moment only AWS_IAM authorization supports cache invalidation. Looks like it still works in this way.

Vishal Rana
beantwortet vor 3 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt