APIGateway returns 尽管为 Lambda 添加了基于资源的权限,但仍然存在“内部服务器错误”
APIGateway returns `Internal server error` despite adding resource based permissions for Lambda
我使用 lambda 函数和 API 网关构建了一个简单的 HelloWorld API。
我正在使用 Cloudformation。
当我 运行 使用 aws lambda invoke 时,lambda 函数 运行 没问题。
API 运行 在本地使用 sam local start-api.
但是当我使用 sam deploy 部署它时(当然是在使用 package 之后),API returns 状态代码 500。
这是我尝试测试时得到的日志。
Execution log for request 18523f73-c3b2-48f5-b550-bca5c4ca9323
Mon Feb 14 08:34:20 UTC 2022 : Starting execution for request: 18523f73-c3b2-48f5-b550-bca5c4ca9323
Mon Feb 14 08:34:20 UTC 2022 : HTTP Method: GET, Resource Path: /hello
Mon Feb 14 08:34:20 UTC 2022 : Method request path: {}
Mon Feb 14 08:34:20 UTC 2022 : Method request query string: {}
Mon Feb 14 08:34:20 UTC 2022 : Method request headers: {}
Mon Feb 14 08:34:20 UTC 2022 : Method request body before transformations:
Mon Feb 14 08:34:20 UTC 2022 : Endpoint request URI: https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-east-1:692288675106:function:helloWorldGolang/invocations
Mon Feb 14 08:34:20 UTC 2022 : Endpoint request headers: {X-Amz-Date=20220214T083420Z, x-amzn-apigateway-api-id=5ratem86ea, Accept=application/json, User-Agent=AmazonAPIGateway_5ratem86ea, Host=lambda.us-east-1.amazonaws.com, X-Amz-Content-Sha256=dc9f833e2240463386b876c17d53f8f7b618f362705869a4a798bf9adc677c9b, X-Amzn-Trace-Id=Root=1-620a140c-5a78dcfd5f1880c84c7c257b, x-amzn-lambda-integration-tag=18523f73-c3b2-48f5-b550-bca5c4ca9323, Authorization=*********************************************************************************************************************************************************************************************************************************************************************************************************************************************fd17a8, X-Amz-Source-Arn=arn:aws:execute-api:us-east-1:692288675106:5ratem86ea/test-invoke-stage/GET/hello, X-Amz-Security-Token=IQoJb3JpZ2luX2VjED8aCXVzLWVhc3QtMSJHMEUCIQDgrxEOKJmDynNl1FbYdO9XlvG5fcOaC/8rpb4LICtwwwIgVal+O0QHJvuAawTRQ3rb+a3ow2i10Hsti6xmQ9lMxlkqgwQIiP// [TRUNCATED]
Mon Feb 14 08:34:20 UTC 2022 : Endpoint request body after transformations: {"resource":"/hello","path":"/hello","httpMethod":"GET","headers":null,"multiValueHeaders":null,"queryStringParameters":null,"multiValueQueryStringParameters":null,"pathParameters":null,"stageVariables":null,"requestContext":{"resourceId":"5p6rov","resourcePath":"/hello","httpMethod":"GET","extendedRequestId":"NhgSDETfIAMF-OA=","requestTime":"14/Feb/2022:08:34:20 +0000","path":"/hello","accountId":"692288675106","protocol":"HTTP/1.1","stage":"test-invoke-stage","domainPrefix":"testPrefix","requestTimeEpoch":1644827660943,"requestId":"18523f73-c3b2-48f5-b550-bca5c4ca9323","identity":{"cognitoIdentityPoolId":null,"cognitoIdentityId":null,"apiKey":"test-invoke-api-key","principalOrgId":null,"cognitoAuthenticationType":null,"userArn":"arn:aws:iam::692288675106:user/Administrator","apiKeyId":"test-invoke-api-key-id","userAgent":"aws-internal/3 aws-sdk-java/1.12.154 Linux/5.4.156-94.273.amzn2int.x86_64 OpenJDK_64-Bit_Server_VM/25.322-b06 java/1.8.0_322 vendor/Oracle_Corp [TRUNCATED]
Mon Feb 14 08:34:20 UTC 2022 : Sending request to https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-east-1:692288675106:function:helloWorldGolang/invocations
Mon Feb 14 08:34:21 UTC 2022 : Received response. Status: 403, Integration latency: 79 ms
Mon Feb 14 08:34:21 UTC 2022 : Endpoint response headers: {Date=Mon, 14 Feb 2022 08:34:21 GMT, Content-Type=application/json, Content-Length=17, Connection=keep-alive, x-amzn-RequestId=bbbee38a-16ea-4b20-be26-018ae6ee7bc6, x-amzn-ErrorType=AccessDeniedException}
Mon Feb 14 08:34:21 UTC 2022 : Endpoint response body before transformations: {"Message":null}
Mon Feb 14 08:34:21 UTC 2022 : Lambda invocation failed with status: 403. Lambda request id: bbbee38a-16ea-4b20-be26-018ae6ee7bc6
Mon Feb 14 08:34:21 UTC 2022 : Execution failed due to configuration error:
Mon Feb 14 08:34:21 UTC 2022 : Method completed with status: 500
注意 Endpoint response headers 中的 x-amzn-ErrorType=AccessDeniedException。
我已授予 APIGateway 执行 lambda 的权限。所以这就是为什么这个问题看起来不像是重复的。
template.yaml 资源:
HelloWorldAPI:
Type: AWS::ApiGateway::RestApi
Properties:
Name: HelloWorldApi
HelloWorldAPIResource:
Type: AWS::ApiGateway::Resource
Properties:
RestApiId: !Ref HelloWorldAPI
ParentId: !GetAtt HelloWorldAPI.RootResourceId
PathPart: hello
HelloWorldAPIMethod:
Type: AWS::ApiGateway::Method
Properties:
AuthorizationType: NONE
HttpMethod: GET
ResourceId: !Ref HelloWorldAPIResource
RestApiId: !Ref HelloWorldAPI
# RestApiId: "/"
Integration:
Type: AWS_PROXY
IntegrationHttpMethod: GET
Uri: !Sub
- arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${Arn}/invocations
- Arn: !GetAtt HelloWorldFunction.Arn
HelloWorldFunction:
Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
Properties:
FunctionName: helloWorldGolang
CodeUri: hello-world/
Handler: hello-world
Runtime: go1.x
Architectures:
- x86_64
HelloWorldFunctionPermission:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !GetAtt HelloWorldFunction.Arn
Action: lambda:InvokeFunction
Principal: apigateway.amazonaws.com
SourceArn: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':execute-api:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- ':'
- !Ref HelloWorldAPI
- /*/*/*
最后使用 /*/* 而不是 /*/*/* 并没有什么不同。
我知道我不应该如此详细地定义 API 网关,我应该使用 。
但我的组织不这样做。
所以,如果有人可以用这种方法帮助我,我将不胜感激。
Lambda 代理集成应该只使用POST,而不是GET。所以应该是:
IntegrationHttpMethod: POST
我使用 lambda 函数和 API 网关构建了一个简单的 HelloWorld API。 我正在使用 Cloudformation。
当我 运行 使用 aws lambda invoke 时,lambda 函数 运行 没问题。
API 运行 在本地使用 sam local start-api.
但是当我使用 sam deploy 部署它时(当然是在使用 package 之后),API returns 状态代码 500。
这是我尝试测试时得到的日志。
Execution log for request 18523f73-c3b2-48f5-b550-bca5c4ca9323
Mon Feb 14 08:34:20 UTC 2022 : Starting execution for request: 18523f73-c3b2-48f5-b550-bca5c4ca9323
Mon Feb 14 08:34:20 UTC 2022 : HTTP Method: GET, Resource Path: /hello
Mon Feb 14 08:34:20 UTC 2022 : Method request path: {}
Mon Feb 14 08:34:20 UTC 2022 : Method request query string: {}
Mon Feb 14 08:34:20 UTC 2022 : Method request headers: {}
Mon Feb 14 08:34:20 UTC 2022 : Method request body before transformations:
Mon Feb 14 08:34:20 UTC 2022 : Endpoint request URI: https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-east-1:692288675106:function:helloWorldGolang/invocations
Mon Feb 14 08:34:20 UTC 2022 : Endpoint request headers: {X-Amz-Date=20220214T083420Z, x-amzn-apigateway-api-id=5ratem86ea, Accept=application/json, User-Agent=AmazonAPIGateway_5ratem86ea, Host=lambda.us-east-1.amazonaws.com, X-Amz-Content-Sha256=dc9f833e2240463386b876c17d53f8f7b618f362705869a4a798bf9adc677c9b, X-Amzn-Trace-Id=Root=1-620a140c-5a78dcfd5f1880c84c7c257b, x-amzn-lambda-integration-tag=18523f73-c3b2-48f5-b550-bca5c4ca9323, Authorization=*********************************************************************************************************************************************************************************************************************************************************************************************************************************************fd17a8, X-Amz-Source-Arn=arn:aws:execute-api:us-east-1:692288675106:5ratem86ea/test-invoke-stage/GET/hello, X-Amz-Security-Token=IQoJb3JpZ2luX2VjED8aCXVzLWVhc3QtMSJHMEUCIQDgrxEOKJmDynNl1FbYdO9XlvG5fcOaC/8rpb4LICtwwwIgVal+O0QHJvuAawTRQ3rb+a3ow2i10Hsti6xmQ9lMxlkqgwQIiP// [TRUNCATED]
Mon Feb 14 08:34:20 UTC 2022 : Endpoint request body after transformations: {"resource":"/hello","path":"/hello","httpMethod":"GET","headers":null,"multiValueHeaders":null,"queryStringParameters":null,"multiValueQueryStringParameters":null,"pathParameters":null,"stageVariables":null,"requestContext":{"resourceId":"5p6rov","resourcePath":"/hello","httpMethod":"GET","extendedRequestId":"NhgSDETfIAMF-OA=","requestTime":"14/Feb/2022:08:34:20 +0000","path":"/hello","accountId":"692288675106","protocol":"HTTP/1.1","stage":"test-invoke-stage","domainPrefix":"testPrefix","requestTimeEpoch":1644827660943,"requestId":"18523f73-c3b2-48f5-b550-bca5c4ca9323","identity":{"cognitoIdentityPoolId":null,"cognitoIdentityId":null,"apiKey":"test-invoke-api-key","principalOrgId":null,"cognitoAuthenticationType":null,"userArn":"arn:aws:iam::692288675106:user/Administrator","apiKeyId":"test-invoke-api-key-id","userAgent":"aws-internal/3 aws-sdk-java/1.12.154 Linux/5.4.156-94.273.amzn2int.x86_64 OpenJDK_64-Bit_Server_VM/25.322-b06 java/1.8.0_322 vendor/Oracle_Corp [TRUNCATED]
Mon Feb 14 08:34:20 UTC 2022 : Sending request to https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-east-1:692288675106:function:helloWorldGolang/invocations
Mon Feb 14 08:34:21 UTC 2022 : Received response. Status: 403, Integration latency: 79 ms
Mon Feb 14 08:34:21 UTC 2022 : Endpoint response headers: {Date=Mon, 14 Feb 2022 08:34:21 GMT, Content-Type=application/json, Content-Length=17, Connection=keep-alive, x-amzn-RequestId=bbbee38a-16ea-4b20-be26-018ae6ee7bc6, x-amzn-ErrorType=AccessDeniedException}
Mon Feb 14 08:34:21 UTC 2022 : Endpoint response body before transformations: {"Message":null}
Mon Feb 14 08:34:21 UTC 2022 : Lambda invocation failed with status: 403. Lambda request id: bbbee38a-16ea-4b20-be26-018ae6ee7bc6
Mon Feb 14 08:34:21 UTC 2022 : Execution failed due to configuration error:
Mon Feb 14 08:34:21 UTC 2022 : Method completed with status: 500
注意 Endpoint response headers 中的 x-amzn-ErrorType=AccessDeniedException。
我已授予 APIGateway 执行 lambda 的权限。所以这就是为什么这个问题看起来不像是重复的。
template.yaml 资源:
HelloWorldAPI:
Type: AWS::ApiGateway::RestApi
Properties:
Name: HelloWorldApi
HelloWorldAPIResource:
Type: AWS::ApiGateway::Resource
Properties:
RestApiId: !Ref HelloWorldAPI
ParentId: !GetAtt HelloWorldAPI.RootResourceId
PathPart: hello
HelloWorldAPIMethod:
Type: AWS::ApiGateway::Method
Properties:
AuthorizationType: NONE
HttpMethod: GET
ResourceId: !Ref HelloWorldAPIResource
RestApiId: !Ref HelloWorldAPI
# RestApiId: "/"
Integration:
Type: AWS_PROXY
IntegrationHttpMethod: GET
Uri: !Sub
- arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${Arn}/invocations
- Arn: !GetAtt HelloWorldFunction.Arn
HelloWorldFunction:
Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
Properties:
FunctionName: helloWorldGolang
CodeUri: hello-world/
Handler: hello-world
Runtime: go1.x
Architectures:
- x86_64
HelloWorldFunctionPermission:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !GetAtt HelloWorldFunction.Arn
Action: lambda:InvokeFunction
Principal: apigateway.amazonaws.com
SourceArn: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':execute-api:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- ':'
- !Ref HelloWorldAPI
- /*/*/*
最后使用 /*/* 而不是 /*/*/* 并没有什么不同。
我知道我不应该如此详细地定义 API 网关,我应该使用
所以,如果有人可以用这种方法帮助我,我将不胜感激。
Lambda 代理集成应该只使用POST,而不是GET。所以应该是:
IntegrationHttpMethod: POST