4

Following this tutorial on AWS, I hit a roadblock when trying to test the api through the web console (as many others did):

Thu Nov 10 22:54:48 UTC 2016 : Execution failed due to configuration error: Invalid permissions on Lambda function

I've read every relevant post on SO and AWS forums I could find, but can't figure out how to grant permission to the API Gateway to invoke the Lambda function.

asked Nov 10, 2016 at 22:59

1 Answer 1

14

Web Console Method:

Thanks to this mate I found a quick fix:

Go into the web console and select

The resource method > Integration Request > Pencil next to Lambda Function > Check mark next to lambda function (don't change the name)

A popup window should warn that you are granting permissions to the API to execute the lambda function.

API Method:

Also, thanks to Richard Downer for this code explanation:

A resource policy is different from an IAM Policy, setting the IAM policy will not work.

You need to use the Add-LMPermission api call after creation of Write-AGIntegration.

Here is an example:

Add-LMPermission -FunctionName myfunction -Action lambda:InvokeFunction -Principal apigateway.amazonaws.com -SourceArn arn:aws:execute-api:us-west-2:IAMAccountNumber:*/*/POST/apiendpoint -StatementId description

answered Nov 10, 2016 at 23:08
Sign up to request clarification or add additional context in comments.

4 Comments

Amen. I called AWS the other day after hours of struggling and they said, oh, our documentation is wrong, do this...
How can you add this policy with terraform or through the console?
I imported API via Swagger...but forgot to update the permissions for lambda invocation, this fixed my issue!
you can add this through terraform via this resource: resource "aws_lambda_permission" "<resource_name>" { statement_id = "AllowAPIgatewayInvocation" action = "lambda:InvokeFunction" function_name = "<function_name>" principal = "apigateway.amazonaws.com" source_arn = "arn:aws:execute-api:us-east-1:<account_id>:*/*/*" }

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.