Comments for Test the APIs


hi all, sharing a solution i came across. i faced this problem when running npx aws-api-gateway-cli-test.
{ status: 500, statusText: 'Internal Server Error', data: { status: false } }
when i console log the error, i get this error.
User: arn:aws:... is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:...
I confirmed my serverless.yml indentations are correct and all my regions are correctly set. I see that my IAM user is also given the correct authorisation.
What i did to solve it is i added the AdministratorAccess policy to the IAM role created by lambda and i managed to get the 200 status.

hope this helps.


That certainly works. But I might still try and get the original way to work!



When trying to test the API’s i get the error status 500, and the message “Internal Server Error”. The roles I am using for my identity pool is Cognito_notesidentitypoolUnauth_Role and Cognito_notesAuth_Role.


Hmm the 500 error is usually from your own code. So you should be able to use some simple console.log lines in your Lambda function to debug it.


I was getting the same errors, 403, invoke execute-api. Check your IAM policy and make sure your resource is the API key, followed by /*. That was my issue. I had. I am curious how it passed the simulator test.

            "Effect": "Allow",
            "Action": [
            "Resource": [

and needed to be.

            "Effect": "Allow",
            "Action": [
            "Resource": [
                "arn:aws:execute-api:us-east-1:*:07m95qyx8k / * " 


Hi! I’ve read through this entire thread, and don’t see an answer that solves my problem. I’m trying to test my API, but getting the error:

Authenticating with User Pool
Getting temporary credentials
Invalid identity pool configuration. Check assigned IAM roles for this pool.

I’ve used the IAM Policy Simulator to test my Gateway, and it passes with ALLOWED.

Here’s what my testing command looks like:

npx aws-api-gateway-cli-test \
--username='' \
--password='XXXXXXX' \
--user-pool-id='us-east-1_6lJlxiUHG' \
--app-client-id='4dii9o8h9bijtrusvau9km50go' \
--cognito-region='us-east-1' \
--identity-pool-id='us-east-1:986ec53c-c257-4c33-8a3a-c922cb9e5265' \
--invoke-url='' \ 

And here’s a link to my serverless.yml:

I’m pretty sure all of my code syntax is correct. What are my next steps towards troubleshooting my implementation? I set up CloudWatch Logs, but it’s not capturing any events from running my test. This is the message I see in my log:

No events found.

It appears you have not installed a CloudWatch Logs agent or there 
are no events available at the moment. Try to install the agent or try later.
Getting Started with CloudWatch Logs.

Any advice would be greatly appreciated!


I figured it out. Turns out the Trust Relationship in my IAM user wasn’t properly referencing my User Pool. I updated the value to the proper ID and now it works.


Glad you figured it out. Thanks for reporting back!



Trying to figure out an issue. I’ve drilled it down to the fact that cognitoIdentityId is null–in fact, the majority of the content in event.requestContext.identity are null/undefined. Any idea where I may have went wrong? I even went so far as to create a fresh user/identity pool.

Thanks in advance.


Sorry I forgot to add–this is while running the npx aws-api-gateway-cli-test command, happening in the create function (I’m assuming this would happen in all of the endpoints but the test breaks on first failure)


Hello, I am running the following command:

npx aws-api-gateway-cli-test 

and am receiving this error:

Authenticating with User Pool
Getting temporary credentials
Making API request
{ status: 502,
statusText: 'Bad Gateway',
data: { message: 'Internal server error' } }

cloudwatch is telling me the following error occurred:
errorMessage": "Cannot read property 'content' of null", "errorType": "TypeError", "stackTrace": [ "_callee$ (/var/task/webpack:/create.js:12:21)", "tryCatch (/var/task/node_modules/regenerator-runtime/runtime.js:62:40)", "Generator.invoke [as _invoke] (/var/task/node_modules/regenerator- runtime/runtime.js:296:22)", "Generator.prototype.(anonymous function) [as next] (/var/task/node_modules/regenerator-runtime/runtime.js:114:21)", "step (/var/task/node_modules/babel-runtime/helpers/asyncToGenerator.js:17:30)", "/var/task/node_modules/babel-runtime/helpers/asyncToGenerator.js:35:14", "new Promise (<anonymous>)", "new F (/var/task/node_modules/core-js/library/modules/_export.js:35:28)", "/var/task/node_modules/babel-runtime/helpers/asyncToGenerator.js:14:12", "main (/var/task/create.js:245:17)" ] }

nkchan posted about a similar issue a few months ago and it seems that the issue is from the source code. I am able to run the serverless invoke local command from the add-a-create-note-api chapter (receive a 200 response).

Any help would be greatly appreciated. I can provide the config settings and/or the repo for more information.

Thank you


Can you post your full npx aws-api-gateway-cli-test command? It sounds like the user is not getting logged in?


I’m not sure what is causing it. Would it be possible to add some console.log statements in your Lambda function to see where it is failing?


I ran serverless remove and serverless deploy so the api endpoints are different than from the original post. But I am still getting the same error:

"errorMessage": "Cannot read property 'content' of null",
    "errorType": "TypeError",
    "stackTrace": [
        "_callee$ (/var/task/webpack:/create.js:12:21)",

any suggestions as to where I should console log? as of right now I only have a console.log in the catch block of my create.js

below is a link to the repository:

C:\Users\Inter>npx aws-api-gateway-cli-test --username --password "Redacted!" --user-pool-id us-west-2_redacted --app-client-id redacted --cognito-region us-west-2 --identity-pool-id us-west-2:redacted --invoke-url --api-gateway-region us-west-2 --path-template /notes --method post --body "{\"content\":\"hello world\", \"attachment\":\"hello.jpg\"}"
npx: installed 106 in 8.648s
Authenticating with User Pool
Getting temporary credentials
Making API request
{ status: 500,
  statusText: 'Internal Server Error',
  data: { status: false } }

I threw a console.log(e) call in the catch block of my create file like the user above, but I also log a JSON.stringify(event) to get a look at the JSON that’s getting parsed just after we parse it, but before we assign any params. Here is an extraction of the event.requestContext.identity from that log in CloudWatch:

"identity": {
            "cognitoIdentityPoolId": null,
            "accountId": null,
            "cognitoIdentityId": null,
            "caller": null,
            "sourceIp": "(confirmed this is my accurate WANIP)",
            "accessKey": null,
            "cognitoAuthenticationType": null,
            "cognitoAuthenticationProvider": null,
            "userArn": null,
            "userAgent": "axios/0.18.0",
            "user": null

I moved on with the tutorial and everything works so far. I’m able to create and confirm new users without an issue. It remains to be seen if I’ll run into this same issue when I get to hooking the front end up to my back-end, or if there’s an issue with the test. I’ll post accordingly.


From the error it looks like the data in this line might be null.

Are you passing in the notes body? Your test command seems to be missing that?

Here is the one from the chapter:

$ npx aws-api-gateway-cli-test \
--username='' \
--password='Passw0rd!' \
--user-pool-id='YOUR_COGNITO_USER_POOL_ID' \
--app-client-id='YOUR_COGNITO_APP_CLIENT_ID' \
--cognito-region='YOUR_COGNITO_REGION' \
--identity-pool-id='YOUR_IDENTITY_POOL_ID' \
--invoke-url='YOUR_API_GATEWAY_URL' \
--api-gateway-region='YOUR_API_GATEWAY_REGION' \
--path-template='/notes' \
--method='POST' \
--body='{"content":"hello world","attachment":"hello.jpg"}'


Can you try to console.log the data.content? I wonder if the notes body is not being passed in properly through the command. I’m not too familiar with the right format for the Windows command line.


The body is in the command at the end. I did notice that the previous one is missing the escape character for each " inside the JSON, so what it actually looks like in my cmd window is --body "{\"content\":\"hello world\",\"attachment\":\"hello.jpg\\"}"

I pulled the content attribute from my full log of the event parameter in the main function for create, and this is what it shows for body, which would show what content would access:

“body”: “{\“content\”:\“hello world\”,\“attachment\”:\“hello.jpg\”}”

Just to be sure, I updated the create file with a console.log(data.content) call and did receive “hello world” as expected in CloudWatch log

Here’s a better formatted version of my test command:

`C:\Users\Inter>npx aws-api-gateway-cli-test 
--password "Redacted!" 
--user-pool-id us-west-2_redacted 
--app-client-id redacted 
--cognito-region us-west-2 
--identity-pool-id us-west-2:redacted 
--api-gateway-region us-west-2 
--path-template /notes 
--method post 
--body "{\"content\":\"hello world\", \"attachment\":\"hello.jpg\"}"`



First of all, great tutorial! I love it.

My aws-api-gateway-cli-test is working properly i think but my user is in state where he needs to set his password :

npx: installed 106 in 7.229s
Authenticating with User Pool
Given user needs to set a new password

I tried changing the password using the cli command ‘change password’ but i need an access token.

Any ideas ?


I’m not sure if you checked, but is the JSOn decode working correctly?