By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Errors with Cloudfront remain unresolved

0

I'm trying for (2+) weeks to resolve my Cloudfront error and the AWS Support agent seems out of ideas. It's disappointing as AWS Support should add efficiency and productivity to the workflow.

Current error: ''Missing Authentication Token''.

I have a Cloudfront distribution with the origin set to my REST API. This REST API is a Lambda integration. In cURL, API testing and both AWS consoles it works. No error gets thrown when I submit both HTTP header (URL) and the full invoke url for my API. I see exactly the HTML code output as expected (the frontend that I'd like my users to see to interact with).

Context of the API/Lambda: it receives the HTTP header (URL) to look up an S3 object (frontend design) in my backend (DynamoDB) to then display that to the user. Each product to host is a unique URL (the path after .com for example is different). The domain is validated in ACM.

I see a number of issues in Cloudwatch, Cloudfront logs and the browser which complicates resolving the problems:

Cloudfront logs: "invalid request json/application" CloudWatch: AWS Support says there is an error but I do not see it. I only see my Lambda received the URL. cURL: When I test the API without the HTTP header I get "Internal server error". (This is expected too since my API requires the HTTP header). Browser: When accessing the custom URL directly I see "Missing Authentication Token" (the S3 object isn't visible)

Who knows what I must do specifically to resolve the error and make sure each unique URL makes the frontend as defined in my backend visible to users?

I was advised to review these:

  • API Gateway Resource Policy: This has been updated.
  • API Gateway: My API would have no resource. It does have that and the API itself works when provided with an URL + the full invoke url.
  • Lambda function: I have optimised my code.
  • CloudFront logs: reviewed these and read re:post articles to find solutions.
  • IAM policies: reviewed and updated.

I have also reviewed:

  • Cloudfront settings: ranging from origin to behavior, caching etc. I'm convinced some of my settings are wrong here.

There are 2 origins: 1 is set to my REST API, the other to my S3. And I have 2 behaviors, with one set to default. Could this result in these errors as well? And should I remove the origin to my S3, since this distribution should only work with my REST API to access the accurate S3 object?

  • Finally, I checked if "host" and "Content-Type" is being forwarded.
  • I have invalidations added as well.
  • REST API Settings: my Lambda is correctly integrated and there is a resource with a stage for my API. Since my API works, I assume that my REST API should work as well when integrated with Cloudfront. Errors I see in cURL, Cloudfront logs all seem to point to an error in my Cloudfront distribution settings.

What should we try next?

Topics
ServerlessFront-End Web & MobileNetworking & Content Delivery
Tags
Amazon API GatewayAmazon CloudFrontSupport Case
Language
English
asked a year ago670 views
1 Answer
1

Your use case is hard to follow, and you are not proving the API, Lambda Function or CloudWatch origin configuration details, so that makes it virtually impossible to give any information here other than generic hints, which is what it seems support have been doing.

You have chained multiple services - back-to-back - so I would suggest that you break it apart and test each component independently.

Also consider reviewing the AWS Solutions Constructs - they have an example of an API integration setup that sounds similar to what you are doing.

Ref: https://docs.aws.amazon.com/solutions/latest/constructs/aws-cloudfront-apigateway-lambda.html

AWS
EXPERT
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content