By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

lambda@edge accessing lambda function via api gateway getting {"message":"Forbidden"}

0

I am able to access the Lambda function directly or via the custom domain with a 200 status. However, configuring a Lambda@edge function to redirect to the custom origin results in a {"message":"Forbidden"} response

The API is open so its not an authorizer issue

Here is the redirect code

'use strict';
exports.handler = (event, context, callback) => {
     const request = event.Records[0].cf.request;
     if (request.headers['x-ssr-token'] && request.headers['x-ssr-host'] && request.headers['x-query-string']) {
       request.querystring = request.headers['x-query-string'][0].value;
       request.origin = {
           custom: {
               domainName: 'myapi.mydomain.com',
               port: 443,
               protocol: 'https',
               readTimeout: 20,
               keepaliveTimeout: 5,
               customHeaders: {},
               sslProtocols: ['TLSv1', 'TLSv1.1', 'TLSv1.2'],
               path: '/https%3A%2F%2F' + request.headers['x-ssr-host'][0].value
               }
       };
    }
    callback(null, request);
};
Topics
ServerlessComputeFront-End Web & MobileNetworking & Content Delivery
Tags
AWS LambdaAmazon API GatewayAmazon CloudFrontLambda@Edge
Language
English
RazBal
asked 3 years ago1.7K views
2 Answers
1

It would be helpful if you could post the Lambda@Edge function code (please sanitise it, or post the relevant snippet if needed). To dynamically update the origin, your Lambda@Edge function should run on the Origin Request trigger. Sometimes it is easy to forget to update the Host header in the request to match the new origin. There are some example functions available here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html#lambda-examples-content-based-custom-origin-request-trigger which you can refer to if needed.

AWS
EXPERT
Paul_L
answered 3 years ago
0

Thanks for the tip, added request.headers['host'] = [{ key: 'host', value: 'myapi.mydomain.com'}]; Now getting {"message":"Not Found"}

I've enabled logging for the API and I see logs when I access the endpoint directly or via the custom domain. However, no logs for any access via lambda@edge/Cloudfront

RazBal
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content