Questions tagged with Amazon API Gateway

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Websocket Api not working with authorzer lamda

I have been trying to fix this since days now but I've no clue what is happening I have created a websocket api using cdk which works fine but when I add authorzer to connect route I get 500 error. The authorizer lambda completes execution normally but the connect route lambda is never invoked import { WebSocketApi, WebSocketAuthorizer, WebSocketAuthorizerType, WebSocketStage } from '@aws-cdk/aws-apigatewayv2-alpha'; import { WebSocketLambdaAuthorizer } from '@aws-cdk/aws-apigatewayv2-authorizers-alpha'; import { WebSocketLambdaIntegration } from '@aws-cdk/aws-apigatewayv2-integrations-alpha'; `const authorizer = new WebSocketLambdaAuthorizer('blessed-messanger-authorizer', authorizerHandler , { identitySource: ['route.request.querystring.token'] } );` `this.webSocketApi = new WebSocketApi(this, 'blessed-messenger-api', { apiName: 'blessed-messenger', connectRouteOptions: { integration: new WebSocketLambdaIntegration("ConnectIntegration", onConnectHandler), authorizer }, defaultRouteOptions: { integration: new WebSocketLambdaIntegration("DefaultIntegration", onMessageHandler) }, disconnectRouteOptions: { integration: new WebSocketLambdaIntegration("DisconnectIntegration", onDisconnectHandler) }, });` This is my authorzer function. I have tried everything that is commented out in if block `exports.handler = async (event, context, callback) => { var queryStringParameters = event.queryStringParameters; var token = queryStringParameters.token; if(token === "some_user"){ // return generateAllow("some_user", event.methodArn); // callback(null, generateAllow("some_user", event.methodArn); return { statusCode: 200, body: "OK" }; }else{ callback("Unauthorized"); } };` I have read these questions as well but no luck https://repost.aws/questions/QUfTsKsL47RYSz9z1OAZEYMA/websocket-authorizer-status-500 Please help
1
answers
0
votes
41
views
asked 2 months ago

intermittent performance issues with the OpenSearch cluster

We are having intermittent performance issues with our OpenSearch cluster. There are multiple daily occurrences of long-running OpenSearch queries when executing our lambda function. When this occurs there is record like the example below in the Open Search es-application-logs 2022-09-09T11:37:35.083-04:00 [2022-09-09T08:37:34,853][WARN ][o.o.t.TransportService ] [09122640e72c461b2c57179fcc08d339] Received response for a request that has timed out, sent [44029ms] ago, timed out [24016ms] ago, action [__PATH__], node [{d52117a284ca0ada6bd69784bbd8a8c5} {ekzv2YqtT8q7b-TVvXGKEQ} {aGQCli5rTFKAeGjWRihvTQ} {_IP} {IP_} {dimr} {dp_version=20210501, distributed_snapshot_deletion_enabled=false, cold_enabled=false, adv_sec_enabled=true, _AMAZON_INTERNAL, cross_cluster_transport_address=IP, shard_indexing_pressure_enabled=true, __AMAZON_INTERNAL_} ], id [3986058] Normally these queries complete with sub second response times. The impact to our application is that occasionally requests to API Gateway are timing out due to the long running Lambda and results in 504 Gateway Timeout being returned to the API consumer. Here is an example of the OpenSearch HTTP request { "method": "POST", "hostname": "vpc-tycc-analytics-dev-os-qs4p2rpyars2oacibpdih4ctmu.ca-central-1.es.amazonaws.com", "query": { "size": "500", "_source": [ "CurrentAgentSnapshot" ], "sort": "CurrentAgentSnapshot.Configuration.Username:asc" }, "headers": { "Content-Type": "application/json", "host": "vpc-tycc-analytics-dev-os-qs4p2rpyars2oacibpdih4ctmu.ca-central-1.es.amazonaws.com" }, "body": "{\"query\":{\"bool\":{\"must_not\":{\"term\":{\"CurrentAgentSnapshot.Configuration.RoutingProfile.Name\":\"Basic Routing Profile\"}}}}}", "protocol": "https:", "path": "/agent-records-real-time-alias/_search" } Are you able to please investigate and provide feedback as to what is causing the performance issue along with remediation action. Let me know if you require additional information. Thanks, BTW The following is out cluster specification: • Deployment type: Dev/Test • OS version: 1.2 (latest) • Availability Zones: 1AZ • Instance type: t3.small.search • Number of nodes: 2 • Storage type: EBS • EBS volume type: General Purpose (SSD) - gp2 EBS storage size per node: 10 GB
1
answers
0
votes
45
views
asked 2 months ago

cognito verification link to validate users

Hi team, I have a Cognito user pool with 3 Groups, I want to create users inside Groups as System Administrators: 1. the system Admin will fill out a form about client's: given name, surname, email address + some custom attributes 2. when sending the form (invitation), my lambda function should create the user inside my Cognito user pool Group with all the above attributes. 3. the client will receive a link via email to validate the invitation 4. when the client clicks the link (custom Domain link), he validates the invitation I created a lambda function that creates the user in the Cognito user pool and then added it inside the group (`using adminCreateUser and adminAddUserToGroup AP calls`) ``` const params = { UserPoolId: USER_POOL_ID, Username: event.email, UserAttributes: [ { Name: "email", Value: event.email, }, { Name: "given_name", Value: event.givenName, }, { Name: "family_name", Value: event.familyName, }, ], }; try { const result = await cognitoIdentityServiceProvider .adminCreateUser(params) .promise(); ``` I also configured the Cognito to send a link email > On "Message customisations" page> "Do you want to customize your email verification messages?" > "Verification type" => I chose "Link" option After lambda has run, the user is created with `Confirmation status = ` **Force change password** and the email I received looks like this : ``` Subject = Your temporary password Body = Your username is myEmail@gmail.com and temporary password is Hc>sP40782HNz%. ``` so I expected to receive a Link and when the client click the link it validate the invitation (point 4 above) then the client becomes validated inside my user pool. But I did not receive a link, how can I achieve points 3 and 4? I just want after creating the user and adding it to a group, to make it valid in Cognito once he clicks the emailed link
1
answers
1
votes
91
views
Jess
asked 2 months ago

Add new user to user pool groups as Admin

Hi team, I have a Cognito user pool with 3 Groups, I want to create users inside Groups as System Administrator: - the system Admin will fill out a form about client's: given name, surname, email address + some custom attributes - when sending the form (invitation), my lambda function should create the user inside my Cognito user pool Group with all the above attributes. - the client will receive a link via email to validate the **invitation** - when the client clicks the link (custom Domain link), he validates the invitation In the SDK documentation, I found that a system Admin can add users to the Cognito group using the `adminAddUserToGroup` API call ``` var params = { GroupName: 'STRING_VALUE', /* required */ UserPoolId: 'STRING_VALUE', /* required */ Username: 'STRING_VALUE' /* required */ }; cognitoidentityserviceprovider.adminAddUserToGroup(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response }); ``` but the `adminAddUserToGroup` API call, only take as params the GroupName, UserPoolId and Username ``` { "GroupName": "string", "Username": "string", "UserPoolId": "string" } ``` - how can I get my user created (with the given name, surname, email, and custom attributes...) with this call: `adminAddUserToGroup`? - the username on the params above is it the sys admin username or the user name of the client to create? - how can I validate the invitation once the client clicks the verification link? - should I create a new lambda that sends the verification link or the API call `adminAddUserToGroup` send the email to the user on our behalf? the critical part is how can the system admin create a new user (with all attributes: given name, email....), via the `adminAddUserToGroup` API call and how can I validate the invitation when the user clicks the verification link? Thank you team for your help!
2
answers
1
votes
96
views
Jess
asked 2 months ago

Https call to API Gateway via VPC Endpoint fails to make connection intermittently

I have a private API gateway in its own account. It is used by clients having VPC Endpoint interfaces to execute-api service, and until now these have had Private DNS enabled, and there have been no issues. A new client uses some existing public APIs, so Private DNS is disabled. However, they have had intermittent connectivity to the gateway during their testing. I tried reproducing this from a second account with a test Lambda (node.js, v16, arm) in a VPC, using a VPC Endpoint with Private DNS disabled. I was able to reproduce the intermittent connectivity, but I can't understand why this happens. [Edit: The subnets attached to the VPC use the same security group, and this allows htttps ingress from 10.57.150.0/24] I found that when using the generic endpoint DNS Name (no AZ marker in the name) the intermittent issue could be reproduced. If I switch to using the Endpoint DNS Names that include the AZ marker, then 1 of the DNS Names connected every time, but the other 2 (we use 3 AZs and 1 subnet per AZ) fail to connect with a timeout error. I added a call to resolve the hostname passed in, and all three hosts resolve to what I would expect (10.57.150.x), so I think this is a routing issue rather than DNS. The route tables for all three subnets are the same, 2 routes for the s3 and DynamoDB prefix lists, a route for 10.57.150.0/24 and the remaining 0.0.0.0/0 going via a transit gateway instance. I'm not sure what other information I would need to add here. Has anyone seen anything like this before?
0
answers
0
votes
53
views
asked 2 months ago