I have created a Lambda function which I've configured as the 'custom auth' on the method request of one of my API endpoints. When I use the 'test' function of the AWS API Gateway I don't see any output from my Lambda function in the log output.
I have 'deployed' the API.
However something is happening because when I hit the api endpoint using the configured custom domain name I get
{"message":"Unauthorized"}
However if I remove the 'custom auth' from this endpoint and hit the same endpoint, it works !
I've enabled the cloudwatch logging and this seems to show that the lambda function is not invoked but there's nothing under the apiGateway log group either, but, something must be happening, I just can't see it.
Can anybody point me in the direction of how I debug this ?
2 Answers 2
- The API Gateway Test Invoke functionality will NOT invoke any authorizers, and will directly invoke your integration.
- You can test the lambda authorizer independently by using the Authorizer Test Invoke available in the "Authorizers" tab on the API Gateway Console.
- Your lambda function must return a response that includes the principal identifier (principalId) and a policy document containing a list of policy statements.
A more detailed documentation on this can be found here.
Ritisha.
2 Comments
You can add permissions via aws cli to make you authorizer call the lambda, i did this and works perfectly!.
aws --profile profile lambda add-permission \
--statement-id uuid \
--action lambda:InvokeFunction \
--function-name "arn:aws:lambda:$region:$accountId:function:functionName" \
--principal apigateway.amazonaws.com \
--source-arn "arn:aws:execute-api:$region:$accountId:$apigateway_id/authorizers/$authorizerId"