401 error from cloudfront

Question

We have a rest application managed by API Gateway.  When we test through API Gateway our application is exercised and works as expected.  However, if we call endpoints (GET and POST) from the UI the requests do not get sent to API Gateway, and are terminated at CloudFront.  We get the following response:
```
HTTP/2 401 Unauthorized
content-type: application/json
content-length: 26
date: Fri, 02 Jun 2023 16:55:50 GMT
x-amzn-requestid: 52dc7831-6820-4f4c-801b-44cd6b467f9c
x-amzn-errortype: UnauthorizedException
x-amz-apigw-id: F5nLnHOwoAMF1nA=
x-cache: Error from cloudfront
via: 1.1 09271a32d559aa027d52f6c914ebff78.cloudfront.net (CloudFront)
x-amz-cf-pop: PHL51-P1
x-amz-cf-id: 8xGvBCB_aBBOSLjeHKO1ZwFhSK-lAey9LG4HSJ-RUM4pD1JN6u2o7A==
```

We have followed these instructions (both cache policy and legacy policy options) however requests still respond the same: https://repost.aws/knowledge-center/cloudfront-authorization-header.

Preflight requests are not affected.

Answer

Since direct requests to API Gateway work, the most likely cause (as you pointed out) is that the header used for auth (presumably `Authorization`) isn't reaching API Gateway when your request is proxied through CloudFront.

The article linked in your response should indeed be the fix for this problem, provided you're in fact using the `Authorization` header.

Since it didn't work, it would be helpful to see what your current distribution configuration is, especially with regards to the policies or legacy cache settings.

Answer

We have tried a variety of configurations based on instructions found via searching.  All yield the same results.  Our current settings are as follows:

![Distribution Behavior](/media/postImages/original/IM7sFaWnogSjW0JTSvdJv4JA)
![Cache Policy](/media/postImages/original/IMsbrPxJ6CScClBfNI-ObdFg)
![Response Headers](/media/postImages/original/IMUUboFeXIRhqE_c5Jrixd1Q)

We have also tried using legacy cache policy and adding Authorization there.  Happy to give more information.

401 error from cloudfront

관련 콘텐츠