- Newest
- Most votes
- Most comments
Hello,
Thank you for reaching out to us.
I understand you have an AppSync API with primary auth mode as Cognito and additional authorization on IAM. However, while making the API call from the Lambda function using the third party tool, aws4-axios
, you are observing Unauthorized
error.
To troubleshoot the issue, I have tried replicating the same in my account. Initially, I created an AppSync API with Cognito as primary auth mode and IAM as additional auth mode. Next, I created a Lambda function with similar code as you have shared. Executing the function, I was observing the similar error. I have performed below troubleshooting to move past the issue. I would request you to confirm the following steps and changes:
- As the code above is using the AWS Signed requests which is in AppSync terms would be IAM authorization, please confirm if the
@aws_iam
directive has been added to the schema. This is because IAM auth is the additional authorization on the API. Refer to the document for more information on additional auth modes in AppSync. Furthermore, please confirm the AppSync query is returning the response successfully in the AppSync console with the IAM authorization. - Next, we need to make sure the correct IAM role/credentials are being passed to the
aws4Interceptor
along with theregion
andservice
information. Refer to the third party documentation for more information on passing credentials/IAM role in theaws4Interceptor
. - Confirming the above two points, I was still observing the
Unauthorized
error. Checking the GitHub issues for the tool, I found the issue which was related to the error we are observing. I see that the headers in AppSync API are being passed as theAxiosHeaders
which is not being accepted by the API and hence, the error is being observed. Changing the code undernode_modules/aws4-axios/dist/interceptor.js
to the code mentioned in the above issue, I was able to successfully make the API request to the AppSync API.
I see that this bug is still open. Please note that, as this tool is third party, it is not maintained by AWS. I have performed the above troubleshooting with respect to the tool on my best efforts to assist you. There could be other ways to troubleshoot this error as when the node_modules
folder is refreshed, the workaround above would not work and we need to change the code again. Hence, to permanent fix, I would suggest following up on the GitHub issue for the fix of the same.
I hope above troubleshooting help you move past the error while making API request to the AppSync API. In case you require further troubleshooting specific to the resources in your account, feel free to raise a support case with us. We shall be delighted to assist you further.
Have a nice day ahead!
Hello,
thank you for the prompt answer. I've made a solution to work with an api-key, that's also fit it.
Best Sascha
Relevant content
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago