Websocket Authorizer Status 500

Question

I have created an API Gateway Websocket with $connect and $disconnect and it works fine, I can connect and save the connectionId to Dynamodb. The problem appears when I add the authorizer in front of the $connect route using the console and following the steps and the output format in the Documentation, I got then always "error: Unexpected server response: 500", of course, I can see the logs of the Authorizer lambda and the return json which looks like following:

Region: eu-central-1

{
    "principalId": "me",
    "context": null,
    "usageIdentifierKey": "<API-ID>",
    "policyDocument": {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Action": "execute-api:Invoke",
                "Resource": "arn:aws:execute-api:eu-central-1:<ACC-ID>:<API-ID>/Test/$connect",
                "Effect": "Allow"
            }
        ]
    }
}

So, after the authorizer function is invocked, the connection function is not called. has someone already faced this Problem and if yes, how did you solve it?

Region: eu-central-1

```
{
    "principalId": "me",
    "context": null,
    "usageIdentifierKey": "",
    "policyDocument": {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Action": "execute-api:Invoke",
                "Resource": "arn:aws:execute-api:eu-central-1::/Test/$connect",
                "Effect": "Allow"
            }
        ]
    }
}
```
 So, after the authorizer function is invocked, the connection function is  not called.
has someone already faced this Problem and if yes, how did you solve it?

Answer

Hurrrrra, I have found it, I will add my Problem hier, may be it helps someone else.
The Problem in case  was the Trust relationships permssion that needs to be added to the role of the functions that you integrated with API Gateway. And how I found that, I have check the logs of the API not the functions, so you may find in the logs under CloudWatch => Logs => Log groups => (/aws/apigateway//), the following error:
```
() Execution failed due to configuration error: API Gateway does not have permission to assume the provided role arn:aws:iam::role/
```
Then go to the role it self and then to the trusted relationhsips and then edit this permission to have the api gateway like following:

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "apigateway.amazonaws.com",
          "lambda.amazonaws.com"
        ]
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
```
I hope it will help someone else.

Websocket Authorizer Status 500

관련 콘텐츠