By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

401 error from cloudfront

0

We have a rest application managed by API Gateway. When we test through API Gateway our application is exercised and works as expected. However, if we call endpoints (GET and POST) from the UI the requests do not get sent to API Gateway, and are terminated at CloudFront. We get the following response:

HTTP/2 401 Unauthorized
content-type: application/json
content-length: 26
date: Fri, 02 Jun 2023 16:55:50 GMT
x-amzn-requestid: 52dc7831-6820-4f4c-801b-44cd6b467f9c
x-amzn-errortype: UnauthorizedException
x-amz-apigw-id: F5nLnHOwoAMF1nA=
x-cache: Error from cloudfront
via: 1.1 09271a32d559aa027d52f6c914ebff78.cloudfront.net (CloudFront)
x-amz-cf-pop: PHL51-P1
x-amz-cf-id: 8xGvBCB_aBBOSLjeHKO1ZwFhSK-lAey9LG4HSJ-RUM4pD1JN6u2o7A==

We have followed these instructions (both cache policy and legacy policy options) however requests still respond the same: https://repost.aws/knowledge-center/cloudfront-authorization-header.

Preflight requests are not affected.

Topics
ServerlessFront-End Web & MobileNetworking & Content Delivery
Tags
Amazon API GatewayNetworking & Content DeliveryAmazon CloudFront
Language
English
rePost-User-7488644
asked 10 months ago762 views
2 Answers
0

Since direct requests to API Gateway work, the most likely cause (as you pointed out) is that the header used for auth (presumably Authorization) isn't reaching API Gateway when your request is proxied through CloudFront.

The article linked in your response should indeed be the fix for this problem, provided you're in fact using the Authorization header.

Since it didn't work, it would be helpful to see what your current distribution configuration is, especially with regards to the policies or legacy cache settings.

profile picture
Marco
answered 10 months ago
0

We have tried a variety of configurations based on instructions found via searching. All yield the same results. Our current settings are as follows:

Distribution Behavior Cache Policy Response Headers

We have also tried using legacy cache policy and adding Authorization there. Happy to give more information.

rePost-User-7488644
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content