By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

ApiGateway REST not respecting Lambda alias

0

Hi. I've connected my an ApiGateway REST resource to a lambda function. It works correctly when I use only the lambda function name (not the alias or the version) in the "Lambda Function" field of my REST resource's "Integration Request" page. However, when I add an alias to my lambda function, and set the "Lambda Function" to use the ":alias" at the end of the lambda function, and then set the correct permissions on my lambda alias, the requests do not make it through.

I have CloudWatch logs from my ApiGateway from one of these requests. Here is the relevant bit:

(57980943-e0ee-4556-a70d-477ea10f0b43) Sending request to https://lambda.us-west-2.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-west-2:**************:function:interact/invocations
(57980943-e0ee-4556-a70d-477ea10f0b43) Execution failed due to configuration error: Invalid permissions on Lambda function

You can see that ApiGateway is attempting to post to the unaliased function name, instead of the aliased one. I only have LambdaInvoke permissions on the aliased function, not the unaliased one, so the error message makes sense. What doesn't make sense is why ApiGateway is not using the alias that I specify in the "Integration Request" page of my resource.

Can anyone shed some light on this please?

  • Farski
    2 years ago

    It would be helpful to see the actual uri that is returned for the integration, using get-integration

  • amoffat
    2 years ago

    @Farski

    {
    "type": "AWS_PROXY",
    "httpMethod": "POST",
    "uri": "arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:*******************:function:interact:prod/invocations",
    "passthroughBehavior": "WHEN_NO_MATCH",
    "contentHandling": "CONVERT_TO_TEXT",
    "timeoutInMillis": 29000,
    "cacheNamespace": "333zfp",
    "cacheKeyParameters": [],
    "integrationResponses": {
        "200": {
            "statusCode": "200",
            "responseTemplates": {
                "application/json": null
            }
        }
    }
}

    And here's a CloudWatch entry for the ApiGateway api:

    (2215a781-0b95-45ce-9769-ac60a93f52ab) Sending request to https://lambda.us-west-2.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-west-2:*******************:function:interact/invocations

    You can see that the alias is not included in the request.

Topics
ServerlessComputeFront-End Web & MobileNetworking & Content Delivery
Tags
AWS LambdaAmazon API Gateway
Language
English
amoffat
asked 2 years ago1909 views
2 Answers
0
Accepted Answer

I figured it out. From the "Resources" page of your ApiGateway, you need to click "Actions" -> "Deploy API" for any api changes that you make, even if they appear to persist in the UI. The issue was that my api changes were undeployed, and there is no visual indication that I have pending undeployed changes. Deploying the api resolves the issue.

amoffat
answered 2 years ago
0

Related issue with the same problem: https://repost.aws/questions/QUxCioMpmpQICGq1H-kleEEw/make-api-gateway-resource-point-to-lambda-alias

amoffat
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content