Missing Authentication Token while accessing API Gateway?

Question

I am trying to call a Lambda Function through AWS API Gateway. When I mention Authentication type NONE it works fine but API become public and anyone with url can access my

Answer 1

I just had the same issue and it seems it also shows this message if the resource cannot be found.

In my case I had updated the API, but forgotten to redeploy. The issue was resolved after deploying the updated API to my stage.

Answer 2

Looks like (as of April 2019) AWS API Gateway throws this exception for a variety of reasons - mostly when you are hitting an endpoint that API Gateway is not able to reach, either because it is not deployed, or also in cases where that particular HTTP method is not supported.

I wish the gateway sends more appropriate error codes like HTTP 405 Method not supported or HTTP 404 not found, instead of a generic HTTP 403 Forbidden.

Answer 3

If you enable AWS_IAM authentication you must sign your request with AWS credentials using AWS Signature Version 4.

Note: signing into the AWS console does not automatically sign your browser's requests to your API.

Answer 4

I try all the above, if you did all steps in the above answers, and you not solve the problem, then:

1. on the left menu, hit the "Resources"
2. in the right to "Resources", hit the api method that you want to test, like "POST/GET etc)
3. hit the "ACTION" list (it's above to the API method in step 2
4. select "DEPLOY API" (please do it, even you already deploy yours api)
5. in "deployment stage" select "prod" or what ever you write in yours previous deploy (it will override yours previous deploy
6. hit deploy

I thing that because of, when I create the "METHOD REQUEST" (see step 2 how to go to this menu) , in "Authorization" I select "AWS_IAM" after testing api, in aws test option, I try it in "postman" then I understand the in "METHOD REQUEST" , in "Authorization", I should select "none"

I change it to none, but I thing the AWS, need to deploy it again, as I explain

Answer 5

This error mostly come when you call wrong api end point. Check your api end point that you are calling and verify this on api gateway.

Answer 6

If you are using an API with endpoint of type PRIVATE, be sure of:

1. You are invoking the API from within your AWS account (example: from an EC2 instance created in your account)

2. Put necessary credential (access and secret keys) in the EC2 instance in route ~/.aws/credentials (this route is for linux instances) If IAM user use MFA aws_session_token value will be required too.

3. Use vpce (vpc endpoint) based URL. Example: curl https://vpce-0c0471b7test-jkznizi5.execute-api.us-east-1.vpce.amazonaws.com/dev/api/v1/status

4. Your EC2 instance have a security group than allow outbound traffic to another security group owned by the vpce like:

5. Your vpce security group allow inbound traffic from another security group (previous sg from ec2 instance) owned by the EC2 instance like:

See: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-apis.html