API Gateway Origin of Cloudfront Behavior giving 403 forbidden


For hosting a webiste I am using a cloudfront distribution under someurl.com. It has a behavior that forwards requests arriving under path path to an API Gateway apigatewayurl.com what hosts an API the website should make use of.
I can reach the API Gateway but problem starts when I do add authorization: I get 403 forbidden.
Authorization should work through a custom authorizer using cookie which is set under the domain someurl.com. The authorizer works fine, I tested that one using the regional API endpoint.
When only adding the authorization my request is blocked at the API Gateway what makes sense as Cloudfront does not forward cookies. I get 403 - unauthorized and I can see in the API Gateway logs that the request makes it to API Gateway.
To forward cookies I added 'ViewerAll' origin policy to the behavior but then API Gateway is not even reaching API Gateway, I do not get any log. My call returns 403 - forbidden.

Any ideas why I get 403 once I enable origin policy in order to forward cookies?

1 Answer
Accepted Answer

after some more tries I found a solution. It looks like the origin request policy is not sufficient. I introduced a caching policy and removed the origin request policy what solved the issue. What is cached is forwarded.

answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions