- Newest
- Most votes
- Most comments
The "Action" property as an array was key to solving this, and specifically using the "$connect" string.
Here is what is working for me (with some values modified for privacy) and comments added.
Note: I am using the AWS Gateway V2 API, websocket protocol, Cognito with no users (only an App client).
{
"principalId": "7p9f415hnxxbfbch17jnaenccs", // this is the "App client ID" from the App integration section of Cognito
"policyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [ // <--- this must be an array
"execute-api:Invoke"
],
"Effect": "Allow",
"Resource": [
"arn:aws:execute-api:us-east-1:321987567111:1c9kv22z8g/stage-devwarren2/$connect"
]
}
]
},
"context": null,
"usageIdentifierKey": null
}
I am fighting with a lambda authorizer also -- getting 403 and 500 errors.
My return AuthPolicy looks just like yours, but I also do not know what to use in the "principalId" field. Have tried lots of stuff.
I have a "test" App Client in my Cognito pool, but I have no users.
What bugs me at this point is that there appears to be no way to add debugging information -- 403 "User is not authorized to access this resource" is not what my lambda returns! Whatever code generates that response should allow for some debugging info in the log output.
So "Action" is an array.
Is <APPID> there actually supposed to be <APIID> ?
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago