AWS API Gateway Custom Authorizer AuthorizerConfigurationException

本秂侑毒 提交于 2019-12-01 03:45:59

AuthorizerConfigurationException is usually an indication that API Gateway failed to call your authorizer due a permissions error.

Please either make sure you've properly configured your function to be invoked by API Gateway. An easy to reset this is by removing and re-adding the function to your authorizer. The console will then prompt you to add the necessary permissions.

Figured out what was causing the issue. From python lambda function, I was returning a json string instance. Instead it should be json object. Its strange that the same lambda function did not error when I tested the API from API Gateway "test" feature. But when the API was called from internet (curl or chrome) it failed.

#return policy_string ... this is incorrect.
return json.loads(policy_string)

I was facing the same error, in my case a nodejs function, I was adding one context key as array.

{
  policyDocument: {
  Version: '2012-10-17',
  Statement: [{
    Action: 'execute-api:Invoke',
    Effect: effect,
    Resource: `${arn.split('/').slice(0, 2).join('/')}/*`,
  }],
},
context: {
  roles: ['admin']
}

As doc says:

You can access the stringKey, numberKey, or booleanKey value (for example, "value", "1", or "true") of the context map in a mapping template by calling $context.authorizer.stringKey, $context.authorizer.numberKey, or $context.authorizer.booleanKey, respectively. The returned values are all stringified. Notice that you cannot set a JSON object or array as a valid value of any key in the context map.

Remove the role key and it's working.

In my case i was not returning a properly formatted IAM policy document. My Authorizer function was doing wrong assumptions on how to get some parameters from request, and default result was not proper policy (this was my specific case). I managed to debug it using CloudWatch log service, with traditional logging instructions coming from my function code.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!