27

I have an AWS Lambda function that is exposed as a REST API.

When it is invoked it via the Test button on aws lambda console, it works.

When it is invoked via a online REST client, i get 403 error. It was created as requiring - no authentication (Open).

What configuration am i missing?

Improve this question
6
  • Can you look at the CloudWatch logs and provide more details? CloudWatch logs each step of the Lambda function and this should help with debugging. Commented Oct 13, 2015 at 19:54
  • 1
    Matt> I checked...but can't find any logs corresponding to the REST based invocation, simply because invocation itself fails due to 403(forbidden). Any other ideas? Commented Oct 14, 2015 at 3:19
  • 1
    Presumably the lambda is accessed via API gateway. What happens when you invoke via the 'Test' button in API gateway console? docs.aws.amazon.com/apigateway/latest/developerguide/… Commented Oct 15, 2015 at 17:50
  • Did you resolve this? I am experiencing odd behavior wherein: the lambda proxy integration works fine via the APIG console; I have two GET paths, /some/path?query=param and /some/path/:id. From Postman client, the former works but the latter returns the 403 you describe. Commented Nov 11, 2019 at 0:33
  • how to do this ? It was created as requiring - no authentication (Open) ? how can I create it as no authentication ? Commented Jul 20, 2020 at 4:43

5 Answers 5

Reset to default
24

Supposedly the Lambda is exposed through an AWS API Gateway. One reason why you'd get 403 on a fresh "no authentication" API Gateway resource is because you haven't yet deployed your changes.

In API Gateway Console click the Actions dropdown and select Deploy API.

You should be good to go.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Think you have it here.
There is no Deploy API in actions
11

Perhaps you are sending request to a wrong endpoint.

I was getting 403 error response by sending a POST request to https://example.com/locate

However, once I added stage http://example.com/dev/locate and deployed changes to this API, it worked ok, returning 200 response.

enter image description here

Hope that helps.

Improve this answer

Comments

9

You have to first make sure that CORS is enable at AWS API Gateway if you are accessing it from different domain because, it is API gateway which is throwing 403 error not the lambda function. You can enable CORS for a method or for complete resource. Select Actions and then select Enable CORS . This will add OPTIONS method to the resource if not already exist.

Enabling CORS on API gateway will make sure that all response headers will have Access-Control-Allow-Origin value set to '*' (i.e allow all origins, but you can specify specific origin e.g. http://localhost).

Enable CORS for method

Always make sure you are invoking correct URL. You can get url from Stage section of API Gateway or from Lambda Function (if you have set Lambda function as integration end point)

API url -> API Gateway -> Stage

API Url -> Lambda function

You can see new headers set in Method and Integration responses.

enter image description here

Improve this answer

Comments

1

If you are writing logs to cloudwatch, then make sure CloudWatch log role ARN is configured. It can be accessed from API --> settings.

Improve this answer

Comments

0

If you are using authorisation of AWS then AWS calculate signature.

If you passing get or post params has to send it in alphabetically order.

Reason because when you pass token calculating signature UI or front end calcuate basis order which you added but AWS recalculate signature as per alphabetically order to match signature.

Try sending params in alphabetically order.

post = { 'id': 23, 'tag': '35353 }

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.