aws-lambdaaws-api-gatewayaws-cliserverless-architecture

AccessDeniedException: Unable to determine service/operation name to be authorized


Using AWS CLI

aws --version
aws-cli/1.11.21 Python/2.7.12 Darwin/15.3.0 botocore/1.4.78

Creating a POST method for API Gateway as explained at https://github.com/arun-gupta/serverless/tree/master/aws/microservice#post-method. This method can be invoked successfully using test-invoke-method and AWS Console.

Creating a GET method using AWS CLI https://github.com/arun-gupta/serverless/tree/master/aws/microservice#get-method. Invoking this method using test-invoke-method and AWS Console gives the following error:

{
    "status": 500,
    "body": "{\"message\": \"Internal server error\"}",
    "log": "Execution log for request test-request\nThu Dec 29 00:58:56 UTC 2016 : Starting execution for request: test-invoke-request\nThu Dec 29 00:58:56 UTC 2016 : HTTP Method: GET, Resource Path: /books\nThu Dec 29 00:58:56 UTC 2016 : Method request path: {}\nThu Dec 29 00:58:56 UTC 2016 : Method request query string: {}\nThu Dec 29 00:58:56 UTC 2016 : Method request headers: {}\nThu Dec 29 00:58:56 UTC 2016 : Method request body before transformations: \nThu Dec 29 00:58:56 UTC 2016 : Endpoint request URI: https://lambda.us-west-1.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-west-1:598307997273:function:MicroserviceGetAll/invocations\nThu Dec 29 00:58:56 UTC 2016 : Endpoint request headers: {x-amzn-lambda-integration-tag=test-request, Authorization=******************************************************************************************************************************************************************************************************************************************************************************************************482377, X-Amz-Date=20161229T005856Z, x-amzn-apigateway-api-id=sofl9ilki7, X-Amz-Source-Arn=arn:aws:execute-api:us-west-1:598307997273:sofl9ilki7/null/GET/books, Accept=application/json, User-Agent=AmazonAPIGateway_sofl9ilki7, Host=lambda.us-west-1.amazonaws.com, X-Amzn-Trace-Id=Root=1-58645fd0-7d733ae3c383f4378fcc0338}\nThu Dec 29 00:58:56 UTC 2016 : Endpoint request body after transformations: \nThu Dec 29 00:58:56 UTC 2016 : Endpoint response body before transformations: <AccessDeniedException>\n  <Message>Unable to determine service/operation name to be authorized</Message>\n</AccessDeniedException>\n\nThu Dec 29 00:58:56 UTC 2016 : Endpoint response headers: {x-amzn-RequestId=f95a8659-cd61-11e6-80f6-ddd6ce5b7e8b, Connection=keep-alive, Content-Length=130, Date=Thu, 29 Dec 2016 00:58:56 GMT}\nThu Dec 29 00:58:56 UTC 2016 : Lambda invocation failed with status: 403\nThu Dec 29 00:58:56 UTC 2016 : Execution failed due to configuration error: \nThu Dec 29 00:58:56 UTC 2016 : Method completed with status: 500\n",
    "latency": 39
}

The ARN identified in the error message is arn:aws:execute-api:us-west-1:598307997273:sofl9ilki7/null/GET/books. Wondering if null instead of test is causing this to fail?


Solution

  • I think you are using "GET" for your Lambda function endpoint on your GET method as well. Please change it to use "POST" for the Lambda integration HTTP method.

    Using GET for lambda integrations on AWS API Gateway may leave you wondering why POST integrations are working but GET integrations don't work. GET AWS_PROXY integrations will fail if GET is used as the method on the integration. POST should be used for the lambda integration, even if the OPEN API specification is for a get method.