Is it possible to return 401 error from WebSocket API Gateway Lambda Authorizer without throwing an error?

Question

Hello, we are using WebSocket API Gateway Lambda Authorizer to authorise the users and we throw an Unauthorized error when the cookie is invalid (related AWS doc). But this increases AWS/Lambda Errors metrics which triggers our alarms and we don't want to turn this alarm off because we want to be notified about any function errors. Is it possible to return 401 HTTP status code to client from API Gateway but without throwing an error from Authorizer? Any CloudFormation example code is appreciated.

I know we can use Deny Policy document but this results in 403 status code which is not what we want.

Thanks

I know we can use Deny Policy document but this results in 403 status code which is not what we want.

Thanks

Answer

Hello,

I understand that you want Websocket API to return 401 status code to client, without returning 
unauthorized error response from Lambda authorizer. REST API supports [Gateway Response](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-gateway-response-using-the-console.html), which can be used to modify 403 status code from lambda authorizer to customized error response, including 401 status code.

At this time, Websocket API does not support Gateway Response. We already have a feature request open with the service team, regarding this. While I am unable to comment on if/when this feature may get released, I request you to keep an eye on our [What's New](https://aws.amazon.com/new/) and [Blog](https://aws.amazon.com/blogs/aws/) pages for any new feature announcements.

Is it possible to return 401 error from WebSocket API Gateway Lambda Authorizer without throwing an error?

関連するコンテンツ