3

So in AWS I have a lambda that I can execute directly from the console. However when I execute the API gateway I am getting this error.

{
 "message": "Internal server error"
}
Execution log for request 799250bf-2589-11e9-8e14-6396967e56cf
Thu Jan 31 18:53:19 UTC 2019 : Starting execution for request: 799250bf-2589-11e9-8e14-6396967e56cf
Thu Jan 31 18:53:19 UTC 2019 : HTTP Method: GET, Resource Path: /ComputePi
Thu Jan 31 18:53:19 UTC 2019 : Method request path: {}
Thu Jan 31 18:53:19 UTC 2019 : Method request query string: {}
Thu Jan 31 18:53:19 UTC 2019 : Method request headers: {}
Thu Jan 31 18:53:19 UTC 2019 : Method request body before transformations: 
Thu Jan 31 18:53:19 UTC 2019 : Execution failed due to configuration error: API Gateway does not have permission to assume the provided role arn:aws:iam::061753407487:role/cloudformation-lambda-execution-role
Thu Jan 31 18:53:19 UTC 2019 : Method completed with status: 500

I updated my IAM roles to have access and that still did not work? It looks like it needs to be done in the cloud-formation itself but not sure where?

Here is my SAM file:

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016年10月31日
Description: Outputs Pi
Resources:
 ComputePi:
 Type: AWS::Serverless::Function
 Properties:
 Handler: index.handler
 Runtime: nodejs6.10
 CodeUri: ./lambdaCode
 Events:
 MyTimeApi:
 Type: Api
 Properties:
 Path: /ComputePi
 Method: GET

Here is my buildspec:

version: 0.2
phases:
 install:
 commands:
 - aws cloudformation package --template-file samTemplate.yaml --kms-key-id eee5fba0-67fe-4def-b0be-7bb5d9ef38ef --s3-bucket codepipeline-us-east-2-588194207253 --output-template-file outputSamTemplate.yaml
artifacts:
 type: zip
 files:
 - samTemplate.yaml
 - outputSamTemplate.yaml

update:

I have updated my samTemplate to look like this. I am still getting an error.

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016年10月31日
Description: Outputs Pi
Resources:
 ComputePi:
 Type: AWS::Serverless::Function
 Properties:
 Handler: index.handler
 Runtime: nodejs6.10
 CodeUri: ./lambdaCode
 Events:
 MyTimeApi:
 Type: Api
 Properties:
 Path: /ComputePi
 Method: GET
 LambdaPermission:
 Type: AWS::Lambda::Permission
 Properties:
 Action: lambda:InvokeFunction
 FunctionName: !Ref ComputePi
 Principal: apigateway.amazonaws.com
 SourceArn:
 Fn::Join:
 - ''
 - - 'arn:aws:execute-api:'
 - Ref: AWS::Region
 - ":"
 - Ref: AWS::AccountId
 - ":"
 - Ref: API
 - "/*/*/*"

Error:

Execution log for request 0e2aa0c7-25ba-11e9-9f42-2583dd87218f
Fri Feb 01 00:41:04 UTC 2019 : Starting execution for request: 0e2aa0c7-25ba-11e9-9f42-2583dd87218f
Fri Feb 01 00:41:04 UTC 2019 : HTTP Method: GET, Resource Path: /ComputePi
Fri Feb 01 00:41:04 UTC 2019 : Method request path: {}
Fri Feb 01 00:41:04 UTC 2019 : Method request query string: {}
Fri Feb 01 00:41:04 UTC 2019 : Method request headers: {}
Fri Feb 01 00:41:04 UTC 2019 : Method request body before transformations: 
Fri Feb 01 00:41:04 UTC 2019 : Execution failed due to configuration error: API Gateway does not have permission to assume the provided role arn:aws:iam::061753407487:role/cloudformation-lambda-execution-role
Fri Feb 01 00:41:04 UTC 2019 : Method completed with status: 500

update:

I got it to work after adding the LambdaPermission, deleting my stack, and then changing my reponse in my lambda code.

let response = {
 "statusCode": 200,
 "headers": {},
 "body": pi * 4,
 "isBase64Encoded": false
 };
asked Jan 31, 2019 at 18:59
2
  • Possible duplicate of How can I grant permission to API Gateway to invoke lambda functions through CloudFormation? Commented Jan 31, 2019 at 19:08
  • I also got this to work by deleting the stack and recreating it. I had done some major refactoring and everything seemed to be hooked up correctly, but I kept getting the error about the API not being able to execute the lambda function. Deleting the stack and recreating it solved the issue. Commented Mar 30, 2023 at 17:26

1 Answer 1

1

You need to provide the API gateway with access to "lambda:InvokeFunction". You can attach the following policy to your template:

LambdaPermission:
 Type: "AWS::Lambda::Permission"
 Properties:
 Action: lambda:InvokeFunction
 FunctionName: !Ref YourLambda
 Principal: apigateway.amazonaws.com 
 SourceArn:
 Fn::Join:
 - ''
 - - 'arn:aws:execute-api:'
 - Ref: AWS::Region
 - ":"
 - Ref: AWS::AccountId
 - ":"
 - Ref: YourAPI
 - "/*/*/*"
answered Jan 31, 2019 at 19:24
Sign up to request clarification or add additional context in comments.

2 Comments

I added the LambdaPermission, Still gives me the same error? for the FunctionName I used !Ref ComputePi. Is that the correct usage of !Ref?
So your solution was part of the solution. I had to delete my stack and change the response in my lambda code.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.