By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

EventBridge failing to invoke API Destination with NO_PERMISSIONS error

0

Hi,

I created an EventBridge rule that is triggered on a cron schedule and invokes an API destination. When the rule fires, I am seeing an error message in the DLQ that has the following details:

ERROR_CODE | String | NO_PERMISSIONS

ERROR_MESSAGE | String | Unable to invoke ApiDestination endpoint: Internal Failure

I assume it's IAM related, however the IAM role was auto-generated when the rule was created.

I am unsure of what I need to add/update in order to mitigate the error.

For reference, a similar question was asked here: https://forums.aws.amazon.com/thread.jspa?threadID=340331

I'm happy to provide more details as necessary.

Thanks.

Topics
ServerlessApplication Integration
Tags
Amazon EventBridge
Language
English
AWS-User-9025436
asked 2 years ago3484 views
2 Answers
0

I assume you have your Connection authorized, if not, then you should fix the token acquisition first

If you have WAF Rule configured, this gets your requests blocked. If so you would need to adjust them to allow the access.

AWS
Yeldos
answered 2 years ago
  • AWS-User-9025436
    2 years ago

    By "Connection Authorized", do you mean the endpoint requires authentication? If so, then yes, my live endpoint requires authentication and I have the right token set up in the Connection. I also don't have any WAF rules defined.

    For testing, I have set up an ngrok instance that proxies requests to a local server on my machine. It does not require any authorization, and I am able to hit it from curl and from the browser. EventBridge fails to invoke it with the same NO_PERMISSIONS error.

0

Hey sorry if you've looked elsewhere. But I believe the answer is that you need a policy attached to your Rule that allows it to invoke your Destination.

Your role should have a policy that has a stanza like this:

                {
                  "Effect": "Allow",
                  "Action": [
                    "events:InvokeApiDestination"
                  ],
                  "Resource": [
                    "arn:of:your:destination"
                  ]
                }

I got the answer from this cloudformation/serverless example.

Hope it helps.

rePost-User-9670752
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content