By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

ApiGatewayV2::Authorizer - "Internal Failure"

0

Hi, I'm trying to create an API Gateway authorizer via CloudFormation, and am getting "Internal Failure" when adding the API Autorizer shown below on deploying. Here's the segment:

  ApiAuthorizer:
    Type: AWS::ApiGatewayV2::Authorizer
    Properties:
      Name: MyCustomAuthorizer
      # "Api" is my CloudFormation API which gets created ok...
      ApiId: $Ref Api
      AuthorizerType: REQUEST
      # AuthorizerFunctionARN is a parameter set to the Lambda function's ARN
      AuthorizerUri:
        'Fn::Sub': >-
          arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${AuthorizerFunctionARN}/invocation      
      # I've tried with and without AuthorizerCredentialsArn
      AuthorizerCredentialsArn: !Sub "arn:aws:iam::${AWS::AccountId}:role/APIGatewayLambdaInvokeRole"
      IdentitySource:
        - route.request.header.Auth

  ApiAuthorizerPermission:
    Type: AWS::Lambda::Permission
    Properties:
      Action: lambda:InvokeFunction
      FunctionName: !Ref AuthorizerFunctionARN
      Principal: apigateway.amazonaws.com
      SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${Api}/authorizers/${ApiAuthorizer}"

I found this on GitHub and this on StackOverflow but not making any headway. Is there a way to get more detailed error info from CloudFormation than "Internal Failure"? Is there some permissions I need to set up? TIA

Topics
ServerlessComputeFront-End Web & MobileNetworking & Content DeliveryManagement & GovernanceMicroservices
Tags
ServerlessAWS LambdaAmazon API GatewayAWS CloudFormationMicroservices
Language
English
Jason T
asked a year ago266 views
1 Answer
1

In general, CloudTrail event history helps to get more information on any error occurred in CloudFormation deployment. This link might be helpful in reviewing Event history https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events-console.html In this case, you can filter using Event Name (CreateAuthorizer) OR Event source (apigateway.amazonaws.com) or Username (IAM Role used by CloudFormation to deploy resources).

Also, in order to isolate the issue, you can try creating an authorizer with similar configuration on API Gateway console and see if that gets created successfully. Then it might be an issue with CloudFormation.

AWS
SUPPORT ENGINEER
Sumit_K-R
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content