By using AWS re:Post, you agree to the Terms of Use
/lambda@edge accessing lambda function via api gateway getting {"message":"Forbidden"}/

lambda@edge accessing lambda function via api gateway getting {"message":"Forbidden"}

0

I am able to access the Lambda function directly or via the custom domain with a 200 status. However, configuring a Lambda@edge function to redirect to the custom origin results in a {"message":"Forbidden"} response

The API is open so its not an authorizer issue

Here is the redirect code

'use strict';
exports.handler = (event, context, callback) => {
     const request = event.Records[0].cf.request;
     if (request.headers['x-ssr-token'] && request.headers['x-ssr-host'] && request.headers['x-query-string']) {
       request.querystring = request.headers['x-query-string'][0].value;
       request.origin = {
           custom: {
               domainName: 'myapi.mydomain.com',
               port: 443,
               protocol: 'https',
               readTimeout: 20,
               keepaliveTimeout: 5,
               customHeaders: {},
               sslProtocols: ['TLSv1', 'TLSv1.1', 'TLSv1.2'],
               path: '/https%3A%2F%2F' + request.headers['x-ssr-host'][0].value
               }
       };
    }
    callback(null, request);
};
2 Answers
0

It would be helpful if you could post the Lambda@Edge function code (please sanitise it, or post the relevant snippet if needed). To dynamically update the origin, your Lambda@Edge function should run on the Origin Request trigger. Sometimes it is easy to forget to update the Host header in the request to match the new origin. There are some example functions available here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html#lambda-examples-content-based-custom-origin-request-trigger which you can refer to if needed.

answered a month ago
0

Thanks for the tip, added request.headers['host'] = [{ key: 'host', value: 'myapi.mydomain.com'}]; Now getting {"message":"Not Found"}

I've enabled logging for the API and I see logs when I access the endpoint directly or via the custom domain. However, no logs for any access via lambda@edge/Cloudfront

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions