I'm trying to call a public API gateway endpoint from an API Destination (reason being is that I want to rate-limit calls to a downstream service, if there's a configurable way of doing this without having to call my own API gateway I'd also be interested in that). However, it just doesn't get to my API Gateway endpoint. My endpoint is using AWS Signature V4 and API Key for authorization. It could be that the authorization is failing, but unfortunately API Gateway doesn't give me those logs (at least I don't know how to get them).
The endpoint is hooked up to a Lambda through proxy integration. The request looks fine because I have another API gateway endpoint pointing to the same lambda, with only API Key authorization. An Event Bridge rule is targeting both endpoints and the latter one succeeds. I even tested using Webhook.site as suggested in this article https://aws.amazon.com/blogs/compute/using-api-destinations-with-amazon-eventbridge/, and all the headers look fine. I even manually checked the signature header is correct by comparing to a request I made from Postman using the same x-amz-date and payload to generate the signature.
I'm honestly stumped about why this isn't working, but it doesn't help that I can't see the response.
edit: After finding a way to log access attempts to API Gateway, I see that it's telling me that the payload hash I'm using to form the canonical string for the Signature is wrong, but I'm still getting the same hash in Postman, so does Destination API somehow modify the payload? It looks identical when I see it logged in my other endpoint.
AWS OFFICIALUpdated a year ago
