- Newest
- Most votes
- Most comments
Good question.
Is this for a GET method? And are you authorized properly - does the IAM role you are using or the lambda role have the proper permissions to Invalidate Cache?
If not - I would check the settings for if API Cache is enabled and the setting for per-key cache invalidation here: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html#override-api-gateway-stage-cache-for-method-cache.
The error you are getting tells me that the setting for handle unauthorized requests is set to "Ignore cache control header. Add a warning in response header." And that it may still think you are unauthorized.
I'm having the same problem here. Cache invalidation works properly only if I do not require authorization.
Also, I can't understand from the documentation if authorization also works with a custom authorizer on API gateway. My authorization mecanism on API gateway is based on a bearer jwt token with a lambda authorizer that returns a policy. I tried to return the proper policy execute-api:InvalidateCache from the custom authorizer but it didn't work as expected.
I also tried with an IAM based authorization and a signed http request but it did not work neither. I had a user with the proper policy (I did not try with a role).
Also I did not try with a lambda calling the API gateway.
I suspect there is something around roles vs policies that I don't do properly...
Also, can you confirm if it can work with a custom authorizer or not ?
Facing the same issue.
Created a policy, and attached it to the role which lets API Gateway invoke functions etc. Tried via postman with a valid JWT for a user in Cognito, and I get the warning header.
Which role is the policy supposed to be attached to exactly?
I am facing same issue. Here is a post that I found https://repost.aws/questions/QUqjodpSPlTnm8Y3B9wm9Wfw/can-i-use-api-gateway-cache-invalidation-with-a-custom-authorizer It states that at the moment only AWS_IAM authorization supports cache invalidation. Looks like it still works in this way.
Relevant content
- Accepted Answerasked 3 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Yes, it is a GET method and the Lambda has the policy to execute-api:InvalidateCache