I'm trying to setup multi-region for our Typescript application that supports websockets.
I've created Route53 records that are weighted evenly to distribute requests to the different regions. When I try to call the postToConnection function, I get the following error message (when I try to call cross-region):
{
"code": "InvalidSignatureException",
"message": "Credential should be scoped to a valid region, not 'us-east-1'. ",
"statusCode": 403,
...
}
Referenced here: https://docs.aws.amazon.com/general/latest/gr/signature-v4-troubleshooting.html
I then tried to create separate clients (ApiGatewayManagementApi[]) that are region specific, and received this error message:
{
"code": "ForbiddenException",
"message": "Forbidden",
"statusCode": 403,
...
}
The lambda function that is called for the $default route (which is throwing the above errors) has the following permissions:
{
"effect": "allow",
"actions": ["execute-api:*"],
"resources": ["arn:aws:execute-api:*:${ACCOUNT-ID}:*/*"],
}
Any ideas on how to get these calls working?
The problem was in my instantiation of the ApiGatewayManagementApi array that was meant to be region specific. I was not setting the region of the client (just the region specific endpoint). Once I ensured that the region was set properly, then I was able to get the cross-region websockets working!
** I also found this solution, which would've been a lot more effort for my configuration, but if you're just getting started, it may be better to follow as it is well documented: https://aws.amazon.com/blogs/compute/building-serverless-multi-region-websocket-apis/