En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

ApiGatewayV2::Authorizer - "Internal Failure"

0

Hi, I'm trying to create an API Gateway authorizer via CloudFormation, and am getting "Internal Failure" when adding the API Autorizer shown below on deploying. Here's the segment:

  ApiAuthorizer:
    Type: AWS::ApiGatewayV2::Authorizer
    Properties:
      Name: MyCustomAuthorizer
      # "Api" is my CloudFormation API which gets created ok...
      ApiId: $Ref Api
      AuthorizerType: REQUEST
      # AuthorizerFunctionARN is a parameter set to the Lambda function's ARN
      AuthorizerUri:
        'Fn::Sub': >-
          arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${AuthorizerFunctionARN}/invocation      
      # I've tried with and without AuthorizerCredentialsArn
      AuthorizerCredentialsArn: !Sub "arn:aws:iam::${AWS::AccountId}:role/APIGatewayLambdaInvokeRole"
      IdentitySource:
        - route.request.header.Auth

  ApiAuthorizerPermission:
    Type: AWS::Lambda::Permission
    Properties:
      Action: lambda:InvokeFunction
      FunctionName: !Ref AuthorizerFunctionARN
      Principal: apigateway.amazonaws.com
      SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${Api}/authorizers/${ApiAuthorizer}"

I found this on GitHub and this on StackOverflow but not making any headway. Is there a way to get more detailed error info from CloudFormation than "Internal Failure"? Is there some permissions I need to set up? TIA

Sujets
Sans serveurCalculWeb et mobile front-endRéseaux et diffusion de contenuGestion et gouvernanceMicroservices
Balises
Sans serveurAWS LambdaPasserelle API AmazonAWS CloudFormationMicroservices
Langue
English
Jason T
demandé il y a un an275 vues
1 réponse
1

In general, CloudTrail event history helps to get more information on any error occurred in CloudFormation deployment. This link might be helpful in reviewing Event history https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events-console.html In this case, you can filter using Event Name (CreateAuthorizer) OR Event source (apigateway.amazonaws.com) or Username (IAM Role used by CloudFormation to deploy resources).

Also, in order to isolate the issue, you can try creating an authorizer with similar configuration on API Gateway console and see if that gets created successfully. Then it might be an issue with CloudFormation.

AWS
INGÉNIEUR EN ASSISTANCE TECHNIQUE
Sumit_K-R
répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents