Questions tagged with Amazon API Gateway
Content language: English
Sort by most recent
When the HTTP request is sent from the WooCommerce webhook to the API gateway, in approx. 10% of the cases we receive the following error and the gateway rejects the webhook:
*cURL error 60: SSL: no alternative certificate subject name matches target host name '....execute-api.eu-west-1.amazonaws.com'*
We have no authoriser attached to the route.
It seems completely random which ones are rejected, when we retrigger the delivery of the same webhook, it goes through. We have tried updating the cacert.pem on the Wordpress side, with no success...
How can we resolve this issue?
Does AWS AppSync support a way to map Queries/Mutations/Fields to a resolver without having to define everything as a 1:1 mapping? I was thinking something like a default or pattern-based resolver mapping, similar to how API Gateway allows you to map entire URL patterns to a Lambda function.
I've been using AWS AppSync for a project that has grown quite large. The vast majority of our GraphQL queries and mutations map to a single Lambda function, which uses a router to match requests to the correct logic. This is similar to how many webapp frameworks are designed. Since all our resolver mappings are 1:1, we're accumulating a giant Cloudformation template that grows with every new Query/Mutation. Updating our Lambda function requires long deployment times because all the resolver mappings must be updated too.
I've searched AWS AppSync documentation and found no reference to such a feature. Does anyone know if a solution exists or have any suggestions?
I'm toying with API gateway and have run into an issue in which one account gets a 403 Forbidden Error. VPCE's are setup in two accounts. The Account where the api gateway and one of the VPCE's resides works just fine, however the second account does not. The forbidden message is just that "Forbidden" so very unhelpful. Any ideas on how to resolve the 403's?
Calling it like so:
```
curl -v https://vpce-0c868a4b1293a28b5-6gi9t6mm.execute-api.us-east-1.vpce.amazonaws.com/dev -H 'Host: abc123defg.execute-api.us-east-1.amazonaws.com'
```
Resource policy is as follows (I did replace the account id and actual api id with something random):
vpce-078ec1da4e3a0deb3 = VPCE in account where API gateway resides.
vpce-0c868a4b1293a28b5 = VPCE in secondary account.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:us-east-1:123456789123:abc123defg/*",
"Condition": {
"StringNotEquals": {
"aws:sourceVpce": [
"vpce-0925a8e90cbab6f12",
"vpce-078ec1da4e3a0deb3",
"vpce-0c868a4b1293a28b5"
],
"aws:SourceIP": [
"10.0.0.0/8",
"63.237.3.169/32"
],
"aws:sourceVpc": "vpc-06f730a7eb116c752"
}
}
},
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:us-east-1:1234567891323:abc123defg/*"
}
]
}
```
Hello, I store data in S3 as part of Amazon Data Exchange Products. I want to create an API product so that users can pull my data in csv or json format directly from the bucket. The bucket contains multiple csv's per day
Do I need a lambda fronting an api in api gateway which will read the contents of the file first?
Or, can I simply create an API which will parse the files and return data to the subscribers? I would then package that API up into a "data product"
Ideally the data would be pulled as json by default, but they would also be able to pull it as csv.
I will need to be able to give users the ability to structure a payload via SDK or CLI or some other IDE in which they specify various fields, date ranges etc...
Thank you.
So I have a lambda function that's the following:
def lambda_handler(event, context):
http = urllib3.PoolManager()
return {
"statusCode": 200,
"headers": {
"Content-Type": "application/json"
},
"body": "{\"message\": \"Hello from Lambda!\"}",
"test": event
}
If I test run the event with some event JSON, it returns what I want. But...
when I test to run the lambda through my rest API I created I either get the error 502 when "Use Lambda Proxy integration" is enabled. Or when it's disabled event is always empty. I have tried to setup a link the following way:
https://something.execute-api.eu-north-1.amazonaws.com/test/test/{id}
Where you enter an {id} for example and I can catch it in the event. But how can I fix so event is an actual thing and actually getting any information?
If you feel like im missing some information that might be important just ask, I don't know what could be useful.
What is the limitation of the maximum document size returned by the authorizer ? Is it specified in doc [https://docs.aws.amazon.com/apigateway/latest/developerguide/limits.html] parameter : ** "Length, in characters, of API Gateway resource policy"** - 8192 ? and perhaps this same parameter called as "AWS Lambda authorizer result size" (also 8 kB) shown in Service Quotas console?
My dilemmas result from the fact that currently my authorizer returns policies with sizes even over 100kB and everything works fine, there are no errors in API Gateway execution logs.
I am trying to integrate AWS Security Hub APIs, such as GetFindings, into a PowerBI Project. I am not certain how to, however. I believe I need a URL to call Web APIs in PowerBI, but I am not sure what URL would be used for AWS Security Hub. If there is a specific URL or another way to invoke the APIs, let me know.
I want to implement Audit logs for our API, for compliance needs. Every request that a customer performs to the API should be logged.
It must be hermetic, we can’t lose any log.
The API high level architecture:
Cloudfront -> API GW -> LB
I thought about Cloudfront standard logs, but the documentation says that it may not be hermetic, so it’s not relevant for my use case.
API GW access logs seems to be my direction for now, but setting the log template is pretty challenging. I couldn’t get the perfect template with all relevant data:
* Instead of the request payload, I get “-” (by using $input.body)
* Useragent is “Amazon CloudFront” instead the actual useragent (makes sense due to the fact that Cloudfront forwards the request)
* Many more fields are empty
*
2 comments:
*The log template documentation that I based on -
[https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html#context-variable-reference?cmpid=docs_apigateway_console]()
*I added to the Cloudfront distribution the “AllViewerExceptHostHeader” origin request policy, it didn’t help, looks like API GW still gets the requests with missing metadata from Cloudfront
[https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html#managed-origin-request-policy-all-viewer-except-host-header]()
The question is: is this the right direction for implementing API audit log? If not, would you recommend a third party product? I’m trying to avoid developing it in-house.
Thanks,
Yedidya
Hi, I am working on A9G module in IOT , wherein I am trying to send data to AWS DynamoDB via https URL.
As part of a GPS tracker device, I'm utilizing AT instructions to connect with an Ai-Thinker A9G processor from an ESP8266. Starting off smoothly, HTTPS requests begin to fail after sending 7 or 8 successfully. Requesting HTTP is still acceptable, though.
What could be the reason that HTTP requests perform just fine but HTTPS requests fail after the first 7 or 8? And How can I solve this issue?
Hello all!
I am trying to use the `allOf` keyword to inherit attributes of one schema model into another as such:
```
providerIdentityExpansion:
description: ID of the Provider Identity with fields possibly expanded.
allOf:
- $ref: '#/components/schemas/providerIdentityNoExpansion'
properties:
oft_confused_with:
oneOf:
- $ref: '#/components/schemas/oft_confused_with'
- $ref: '#/components/schemas/oftConfusedWithExpansionArray'
title: ProviderIdentityExpansion
type: object
```
I previously just duplicated the model, but changed the names (one with expansion, one without). But using allOf, when I use swagger-cli to bundle all OpenAPI 3.0 Spec docs together into one file and deploy on API Gateway, it responds with following warning:
```
"Unsupported model type 'ComposedSchema' in 200 response to method 'GET /providers/{id}/identity'. Ignoring.",
"Unsupported model type 'ComposedSchema' in 200 response to method 'GET /providers/{id}/identity/children'. Ignoring."
```
Is anyone familiar with the model type ComposedSchema, and how to utilize the `allOf` keyword without triggering this error in AWS?
Hi,
I want to call a HTTP endpoint from my AWS API gateway and that endpoint is secured with Oauth 2.0. So, is there any way to implement Oauth 2.0 using HTTP integration type in AWS API Gateway (API Creation Wizard)?
Also, if lambda is the only option, any examples will be appreciated.
Hi All,
We are using AWS ECS Fargate ALB & API gateway to serve our API, mostly its is always healthy, but at time it throws status code 0 or 503, sharing the error message that is accompanied with these statuses. We have 1 task always active and trigger another one on 80% CPU load. But we always see 2 tasks active though it barely uses .25 CPU and 512 Memory system. We are not sure what is the issue here and why we keep getting these errors. Not sure if it has anything to do with the size of the payload received. Timeout is set to 15 secs at API gateway level. Not sure where we are going wrong. Any help here is much appreciated.
Error Status & Message
~~~
Status 0:
"responseBody":".execute-api.ap-south-1.amazonaws.com: Temporary failure in name resolution"
Status 503:
"responseBody":"<html> <head><title>503 Service Temporarily Unavailable</title></head> <body> <center><h1>503 Service Temporarily Unavailable</h1></center> </body> </html> "