AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

API Gateway Cache Invalidation not working

2

I'm trying to invalidate API Gateway cache as described in the documentation: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html

I've tried to invalidate the cache by making a http request using Lambda and through Postman but neither worked, the result is always the same: I get a warning in the response headers saying "199 Cache-control headers were ignored because the caller was unauthorized."

My API Gateway policy currently looks like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "execute-api:Invoke",
                "execute-api:InvalidateCache"
            ],
            "Resource": "arn:aws:execute-api:{region}:{accountId}:{apiId}/*"
        }
    ]
}

I've also applied the permission execute-api:InvalidateCache to the lambda who calls the API Gateway.

주제
서버리스프론트엔드 웹 및 모바일네트워킹 및 콘텐츠 전송
태그
아마존 API 게이트웨이
언어
English
AWSUser22001
질문됨 2년 전1917회 조회
4개 답변
1

Good question.

Is this for a GET method? And are you authorized properly - does the IAM role you are using or the lambda role have the proper permissions to Invalidate Cache?

If not - I would check the settings for if API Cache is enabled and the setting for per-key cache invalidation here: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html#override-api-gateway-stage-cache-for-method-cache.

The error you are getting tells me that the setting for handle unauthorized requests is set to "Ignore cache control header. Add a warning in response header." And that it may still think you are unauthorized.

jsonc
답변함 2년 전
  • AWSUser22001
    2년 전

    Yes, it is a GET method and the Lambda has the policy to execute-api:InvalidateCache

0

I'm having the same problem here. Cache invalidation works properly only if I do not require authorization.

Also, I can't understand from the documentation if authorization also works with a custom authorizer on API gateway. My authorization mecanism on API gateway is based on a bearer jwt token with a lambda authorizer that returns a policy. I tried to return the proper policy execute-api:InvalidateCache from the custom authorizer but it didn't work as expected.

I also tried with an IAM based authorization and a signed http request but it did not work neither. I had a user with the proper policy (I did not try with a role).

Also I did not try with a lambda calling the API gateway.

I suspect there is something around roles vs policies that I don't do properly...

Also, can you confirm if it can work with a custom authorizer or not ?

bruno
답변함 2년 전
0

Facing the same issue.

Created a policy, and attached it to the role which lets API Gateway invoke functions etc. Tried via postman with a valid JWT for a user in Cognito, and I get the warning header.

Which role is the policy supposed to be attached to exactly?

Pablo
답변함 6달 전
0

I am facing same issue. Here is a post that I found https://repost.aws/questions/QUqjodpSPlTnm8Y3B9wm9Wfw/can-i-use-api-gateway-cache-invalidation-with-a-custom-authorizer It states that at the moment only AWS_IAM authorization supports cache invalidation. Looks like it still works in this way.

Vishal Rana
답변함 3달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠