401 error from cloudfront

0

We have a rest application managed by API Gateway. When we test through API Gateway our application is exercised and works as expected. However, if we call endpoints (GET and POST) from the UI the requests do not get sent to API Gateway, and are terminated at CloudFront. We get the following response:

HTTP/2 401 Unauthorized
content-type: application/json
content-length: 26
date: Fri, 02 Jun 2023 16:55:50 GMT
x-amzn-requestid: 52dc7831-6820-4f4c-801b-44cd6b467f9c
x-amzn-errortype: UnauthorizedException
x-amz-apigw-id: F5nLnHOwoAMF1nA=
x-cache: Error from cloudfront
via: 1.1 09271a32d559aa027d52f6c914ebff78.cloudfront.net (CloudFront)
x-amz-cf-pop: PHL51-P1
x-amz-cf-id: 8xGvBCB_aBBOSLjeHKO1ZwFhSK-lAey9LG4HSJ-RUM4pD1JN6u2o7A==

We have followed these instructions (both cache policy and legacy policy options) however requests still respond the same: https://repost.aws/knowledge-center/cloudfront-authorization-header.

Preflight requests are not affected.

2 個答案
0

Since direct requests to API Gateway work, the most likely cause (as you pointed out) is that the header used for auth (presumably Authorization) isn't reaching API Gateway when your request is proxied through CloudFront.

The article linked in your response should indeed be the fix for this problem, provided you're in fact using the Authorization header.

Since it didn't work, it would be helpful to see what your current distribution configuration is, especially with regards to the policies or legacy cache settings.

profile picture
Marco
已回答 1 年前
0

We have tried a variety of configurations based on instructions found via searching. All yield the same results. Our current settings are as follows:

Distribution Behavior Cache Policy Response Headers

We have also tried using legacy cache policy and adding Authorization there. Happy to give more information.

已回答 1 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南