By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Troubleshooting CloudFormation Deployment: Missing Authorizer and Routes in API Gateway

0

Hello,

I am encountering issues while deploying a CloudFormation template aimed at setting up AWS Lambda functions alongside an API Gateway HTTP API, which is tied to a Cognito authorizer. Below is the template I am utilizing:

AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: A template for deploying all the Lambdas.

Parameters:
  Environment:
    Description: Environment to deploy to.
    Type: String
    AllowedValues:
      - dev
      - stg
      - prd

Mappings:
  Cognito:
    UserPoolId:
      dev: ""
      stg: ""
      prd: ""
    UserPoolArn:
      dev: ""
      stg: ""
      prd: ""
    UserPoolClientId:
      dev: ""
      stg: ""
      prd: ""
    UserPoolIssuer:
      dev: ""
      stg: ""
      prd: ""

Globals: ...

Resources:
  APIMapping:
    Type: AWS::ApiGatewayV2::ApiMapping
    Properties:
      DomainName:
        Fn::ImportValue: !Sub ${Environment}-backend-api-domain
      ApiId: !Ref HttpApi
      Stage: !Ref Environment

  HttpApi:
    Type: AWS::Serverless::HttpApi
    Properties:
      StageName: !Ref Environment
      CorsConfiguration:
        AllowMethods: '*'
        AllowHeaders: '*'
        AllowOrigins: '*'
      Auth:
        Authorizers:
          BasicAuthorizer:
            IdentitySource: "$request.header.Authorization"
            JwtConfiguration:
              issuer: !FindInMap [Cognito, UserPoolIssuer, !Ref Environment]
              audience: !FindInMap [Cognito, UserPoolClientId, !Ref Environment]

  MyLambdaRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub ${Environment}-backend-my-lambda-role
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action:
              - sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
      Policies: ...

  MyLambdaFunction:
    Type: AWS::Serverless::Function
    Properties:
      FunctionName: !Sub ${Environment}-backend-my-lambda-function
      Role: !GetAtt MyLambdaRole.Arn
      CodeUri: ./../.build/package.zip
      Handler: ...
      Timeout: 29
      MemorySize: 512
      Events:
        Event:
          Type: HttpApi
          Properties:
            ApiId: !Ref HttpApi
            Method: GET
            Path: /some-path
            Auth:
              Authorizer: BasicAuthorizer
...

Post-deployment, I am unable to locate the Authorizer within the AWS Console, and the routes appear to be missing as well. Although I can find the integrations to the Lambdas under the "Integration -> Manage Integrations" tab, it seems like they are not attached to the gateway. Additionally, the CORS settings from the template do not reflect in the setup.

I have been grappling with this issue for several days and any guidance to resolve these problems would be immensely appreciated.

Thank you in advance!

Topics
ServerlessComputeFront-End Web & MobileNetworking & Content DeliveryManagement & GovernanceSecurity, Identity, & Compliance
Tags
AWS LambdaAmazon API GatewayAWS CloudFormationAmazon CognitoAWS Serverless Application Model (SAM)
Language
English
ThomasB
asked 6 months ago80 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content