From @jayair on Mon May 07 2018 22:38:28 GMT+0000 (UTC)
@devsteff Hmmm that’s weird. I just tried the exact same lines from the PDF and it worked okay for me. I’m on macOS 10.13. Are the hyphens missing only for these snippets?
Everything works for me, except that the API is not secure for some reason. If I access the published API, I can freely GET and POST notes without authorization. What am I missing?
When I check in the the API Gateway gateway console, under Authorizers there are none configured. I have the authorizer: aws_iam
line in my serverless.yml functions.
That’s strange. Often times it is the indenting in the serverless.yml
. Make sure it is indented exactly as the one in the tutorial - https://github.com/AnomalyInnovations/serverless-stack-demo-api/blob/add-a-delete-note-api/serverless.yml#L42.
I am getting a 403 response when testing my api:
Authenticating with User Pool
Getting temporary credentials
Making API request
{ status: 403,
statusText: 'Forbidden',
data: { message: 'Forbidden' } }
I have been through the Debugging Serverless API Issues page, and looked through this thread but am still not able to figure out this issue. I have recreated my identity pool, and run the IAM policy simulator which returns “allowed”.
Here is my github repo: https://github.com/samhadr/recipes-expo/tree/develop
Any help would be appreciated.
While debugging it, did you find anything in the API Gateway and Lambda logs?
@jayair No, I didn’t see anything I could identify as an issue in the API Gateway and Lambda logs, though I am admittedly a novice working with them.
@jayair Just realized I had deployed the APIs with stage “dev” but was trying to test with stage “prod”. Fixed this and things are working now. Thanks for the quick reply!
Oh that’s great. Just a heads up, we work with stages in Part II of the guide.
I just got back to this after seeing @jayair’s comment in Comments: Test the APIs · Issue #112 · sst/sst.dev · GitHub
@ahammond Are you setting which profile to use in your Lambda function?
I archived my other profiles to work on this so now I have only the one, default profile. I followed the logging instructions and found the following:
CloutWatch->Logs->/aws/lambda/notes-app-api-prod-create
START RequestId: 12c79e1e-639c-11e8-a08d-f9078e8c2e42 Version: $LATEST
23:57:41
2018-05-29T23:57:41.626Z 12c79e1e-639c-11e8-a08d-f9078e8c2e42 { CredentialsError: Missing credentials in config at Object.fs.openSync (fs.js:646:18) at Object.fs.readFileSync (fs.js:551:33) at Object.readFileSync (/var/runtime/node_modules/aws-sdk/lib/util.js:97:26) at SharedIniFile.loadFile [as ensureFileLoaded] (/var/runtime/node_modules/aws-sdk/lib/shared_ini.js:19:18) at Sh
2018-05-29T23:57:41.626Z 12c79e1e-639c-11e8-a08d-f9078e8c2e42 { CredentialsError: Missing credentials in config
at Object.fs.openSync (fs.js:646:18)
at Object.fs.readFileSync (fs.js:551:33)
at Object.readFileSync (/var/runtime/node_modules/aws-sdk/lib/util.js:97:26)
at SharedIniFile.loadFile [as ensureFileLoaded] (/var/runtime/node_modules/aws-sdk/lib/shared_ini.js:19:18)
at SharedIniFile.loadProfileNames [as getProfiles] (/var/runtime/node_modules/aws-sdk/lib/shared_ini.js:61:10)
at SharedIniFileCredentials.refresh (/var/runtime/node_modules/aws-sdk/lib/credentials/shared_ini_file_credentials.js:94:45)
at SharedIniFileCredentials.get (/var/runtime/node_modules/aws-sdk/lib/credentials.js:121:12)
at getAsyncCredentials (/var/runtime/node_modules/aws-sdk/lib/config.js:332:24)
at Config.getCredentials (/var/runtime/node_modules/aws-sdk/lib/config.js:352:9)
at Request.VALIDATE_CREDENTIALS (/var/runtime/node_modules/aws-sdk/lib/event_listeners.js:80:26)
message: 'Missing credentials in config',
errno: -2,
code: 'CredentialsError',
syscall: 'open',
path: '/home/sbx_user1059/.aws/credentials',
time: 2018-05-29T23:57:41.626Z,
originalError:
{ message: 'Could not load credentials from SharedIniFileCredentials',
errno: -2,
code: 'CredentialsError',
syscall: 'open',
path: '/home/sbx_user1059/.aws/credentials',
time: 2018-05-29T23:57:41.626Z,
originalError:
{ errno: -2,
code: 'ENOENT',
syscall: 'open',
path: '/home/sbx_user1059/.aws/credentials',
message: 'ENOENT: no such file or directory, open \'/home/sbx_user1059/.aws/credentials\'' } } }
23:57:41
END RequestId: 12c79e1e-639c-11e8-a08d-f9078e8c2e42
I guess I need to somehow add credentials to the lambda functions, but I don’t see a step for that in the tutorial. I assumed that the serverless deploy
command should do this? I updated to the latest version of serverless, re-ran the deploy and still get the 500 error when I run aws-api-gateway-cli-test
That’s weird, the error sounds like your Lambda is looking for the credentials. Are you trying to load them inside your Lambda? We don’t do that in the tutorial and you shouldn’t need it if you only have one credential now.
@jayair I’m trying to follow the tutorial as closely as possible since I’m new to this stuff. My WIP is at https://github.com/ahammond/notes-app-api I think they should match pretty much exactly the tutorial.
I just took a quick look. It is this line where you are trying to load the credentials that is causing the issue I think:
const credentials = new AWS.SharedIniFileCredentials({profile: 'personal'});
@jayair Thanks! I missed removing that one when I got rid of the additional profiles.
~/notes-app-api master scripts/aws-api-gateway-cli-test.sh
npx: installed 103 in 6.344s
Authenticating with User Pool
Getting temporary credentials
Making API request
{ status: 200,
statusText: 'OK',
data:
{ userId: 'us-east-1:3c5e4377-2aad-4b53-88f3-c1764f1460a9',
noteId: '8375c3b0-6822-11e8-bdce-692d25860d2c',
content: 'hello world',
attachment: 'hello.jpg',
createdAt: 1528135807851 } }
Voila! Unblocked and moving forward. Thank you again!
Hi there,
I’m encountering an Internal Server Error (status: 500) when I try to test the API.
I’ve followed the troubleshooting section and run the IAM Policy Simulator, which has confirmed that the policy is allowed, and comes back with “1 matching statement”.
Any suggestions on what I’m missing?
Thanks!
The 500 error means that there is something wrong in the Lambda code. You can try enabling logging and checking your Lambda and API Gateway logs. Have you had a chance to do that?
I’ve followed the directions to troubleshoot the {status: false} error message, and from the Lambda CloudWatch Logs this is what’s outputted:
Cloudwatch Logs for the API Gateway:
03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Verifying Usage Plan for request: e5b9d830-6a06-11e8-b66a-d905c08c59de.
API Key: API Stage: v4nhi1n8nc/prod (e5b9d830-6a06-11e8-b66a-d905c08c59de) Verifying Usage Plan for request: e5b9d830-6a06-11e8-b66a-d905c08c59de.
API Key: API Stage: v4nhi1n8nc/prod
03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) API Key authorized because method 'POST
/notes' does not require API Key. Request will not contribute to throttle or quota limits (e5b9d830-6a06-11e8-b66a-d905c08c59de)
API Key authorized because method 'POST /notes' does not require API Key. Request will not contribute to throttle or quota
limits
03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Usage Plan check succeeded for API Key and API Stage v4nhi1n8nc/prod
(e5b9d830-6a06-11e8-b66a-d905c08c59de) Usage Plan check succeeded for API Key and API Stage v4nhi1n8nc/prod
03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de)
Starting execution for request: e5b9d830-6a06-11e8-b66a-d905c08c59de (e5b9d830-6a06-11e8-b66a-d905c08c59de) Starting execution
for request: e5b9d830-6a06-11e8-b66a-d905c08c59de
03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) HTTP Method: POST, Resource
Path: /notes (e5b9d830-6a06-11e8-b66a-d905c08c59de) HTTP Method: POST, Resource Path: /notes
03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de)
Method request path: {} (e5b9d830-6a06-11e8-b66a-d905c08c59de) Method request path: {}
03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de)
Method request query string: {} (e5b9d830-6a06-11e8-b66a-d905c08c59de) Method request query string: {}
03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de)
Method request headers: {Accept=application/json, x-amz-date=20180607T035727Z, CloudFront-Viewer-Country=NZ, CloudFront-Forwarded-Proto=https,
CloudFront-Is-Tablet-Viewer=false, CloudFront-Is-Mobile-Viewer=false, User-Agent=axios/0.18.0, X-Forwarded-Proto=https, CloudFront-Is-SmartTV-Viewer=false,
Host=v4nhi1n8nc.execute-api.us-east-2.amazonaws.com, x-amz-sec (e5b9d830-6a06-11e8-b66a-d905c08c59de) Method request headers:
{Accept=application/json, x-amz-date=20180607T035727Z, CloudFront-Viewer-Country=NZ, CloudFront-Forwarded-Proto=https, CloudFront-Is-Tablet-Viewer=false,
CloudFront-Is-Mobile-Viewer=false, User-Agent=axios/0.18.0, X-Forwarded-Proto=https, CloudFront-Is-SmartTV-Viewer=false,
Host=v4nhi1n8nc.execute-api.us-east-2.amazonaws.com, x-amz-security-token=AgoGb3JpZ2luEAsaCXVzLWVhc3QtMiKAAkyWj4VpECanhBwA0PSPL+9lnstqiq6PhK3GUzX1yD/m1Aidui4QbXewIt+I2SqO3Rtp9PhIEV8+K8JjZFIpUHN0i7kVNpKpfpIk1XxPSf1FuiaVW1B3ce3OHUTRCV/usmOcQZAEQD7wN0oekOn3JhGSuT1+bSaoFXk6hm+ffqaTwqf90NRG+R/FQ6VqnRniwu2beeMWjh2jlu1Ozo4aHaFDoo8BtyaVfKNf0dwMq8tHJCfMkrT4waXiaF7VBVm+fk3fOCvodXCXb03O/Pv8zkHqKx14kE5+Fhash+jSY/IJpqfI8/wgyyrqBt1Ree5ikF69XQhXvxsBgOAxezJiAMQqrwUItf//////////ARAAGgwzODYzMDk3MDIyNzgiDK2CBxoV7ERQ9nBSKSqDBdjWxdvy/NTXBkMxAjjywY7eBf0KepAcYxzZRW3pNbUX7MigNo5D7wfo43rhpfA7pA3jVBtdP8WMXGVUHJrJiPD/wEG5bRI0BMT5CKqAA9cA9uCPzHnT/96Hgo3iEpgoqNPlY7p8kCyBxKI+zWiC6o9Y7sX+XsIPJfkttvDOPmFJKkdxmZa2Gnaf4dkY5OYLyQINaZXQhqc+6U5mT+buWQ6
[TRUNCATED]
03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Method request body before transformations: {"content":"hello
world","attachment":"hello.jpg"} (e5b9d830-6a06-11e8-b66a-d905c08c59de) Method request body before transformations: { "content":
"hello world", "attachment": "hello.jpg" }
03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Endpoint request URI: https://lambda.us-east-2.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-east-2:386309702278:function:notes-app-api-prod-create/invocations
(e5b9d830-6a06-11e8-b66a-d905c08c59de) Endpoint request URI: https://lambda.us-east-2.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-east-2:386309702278:function:notes-app-api-prod-create/invocations
03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Endpoint request headers: {x-amzn-lambda-integration-tag=e5b9d830-6a06-11e8-b66a-d905c08c59de,
Authorization=************************************************************************************************************************************************************************************************************************************************************
(e5b9d830-6a06-11e8-b66a-d905c08c59de) Endpoint request headers: {x-amzn-lambda-integration-tag=e5b9d830-6a06-11e8-b66a-d905c08c59de,
Authorization=************************************************************************************************************************************************************************************************************************************************************************************************************************c36589,
X-Amz-Date=20180607T035729Z, x-amzn-apigateway-api-id=v4nhi1n8nc, X-Amz-Source-Arn=arn:aws:execute-api:us-east-2:386309702278:v4nhi1n8nc/prod/POST/notes,
Accept=application/json, User-Agent=AmazonAPIGateway_v4nhi1n8nc, X-Amz-Security-Token=FQoDYXdzELT//////////wEaDGF4IOa6AjvI6qk5PyK3A+oJBboxEfMtXXdGq/NxqBH9uzwItD/MkCP2KqPA2ABRCwNSvmgRTdTfXmPMfhdMTznvjNPfTV/ksEjZLpeikbLuH8kA9sPBt6zK22XJmMyml/m80U8F1xlJy7dvpNP8q6K5DeEyx3eqq9NTnIbK58FohHWq/Q52/Xvq4T459ByibjMBYrcaRlp3D0vD53qt+Gv/kHozVey9GRY7eXBDKbd/XNZuoKi26lc/PSKdT9H3lRnne8R6gRQ3FJhasaGi3L7+Gqhc7NyJEf+0rx1mnHM2ZrSMao/mYokpk1/RwXiGWFRl9LDWVz7
[TRUNCATED]
03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Endpoint request body after transformations: {"resource":"/notes","path":"/notes","httpMethod":"POST","headers":{"Accept":"application/json","CloudFront-Forwarded-Proto":"https","CloudFront-Is-Desktop-Viewer":"true","CloudFront-Is-Mobile-Viewer":"false","CloudFront-Is-SmartTV-Viewer":"false","CloudFront-Is-Tablet-Viewer":"false","CloudFront-Viewer-Country":"N
(e5b9d830-6a06-11e8-b66a-d905c08c59de) Endpoint request body after transformations: {"resource":"/notes","path":"/notes","httpMethod":"POST","headers":{"Accept":"application/json","CloudFront-Forwarded-Proto":"https","CloudFront-Is-Desktop-Viewer":"true","CloudFront-Is-Mobile-Viewer":"false","CloudFront-Is-SmartTV-Viewer":"false","CloudFront-Is-Tablet-Viewer":"false","CloudFront-Viewer-Country":"NZ","Content-Type":"application/json","Host":"v4nhi1n8nc.execute-api.us-east-2.amazonaws.com","User-Agent":"axios/0.18.0","Via":"1.1
022e5e3c9a028827d5997a99d3e232de.cloudfront.net (CloudFront)","X-Amz-Cf-Id":"JXt8dVfWgrK3i3hmUZ41igS6B9dNImINh8jaq0p0S7R_gLxLDBhKrA==","x-amz-date":"20180607T035727Z","x-amz-security-token":"AgoGb3JpZ2luEAsaCXVzLWVhc3QtMiKAAkyWj4VpECanhBwA0PSPL+9lnstqiq6PhK3GUzX1yD/m1Aidui4QbXewIt+I2SqO3Rtp9PhIEV8+K8JjZFIpUHN0i7kVNpKpfpIk1XxPSf1FuiaVW1B3ce3OHUTRCV/usmOcQZAEQD7wN0oekOn3JhGSuT1+bSaoFXk6hm+ffqaTwqf90NRG+R/FQ6VqnRniwu2beeMWjh2jlu1Ozo4aHaFDoo8BtyaVfKNf0dwMq8tHJCfMkrT4waXiaF7VBVm+fk3fOCvodXCXb03O/Pv8zkHqKx14kE5+Fhash+jSY/IJpqfI8/wg
[TRUNCATED]
03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Sending request to https://lambda.us-east-2.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-east-2:386309702278:function:notes-app-api-prod-create/invocations
(e5b9d830-6a06-11e8-b66a-d905c08c59de) Sending request to https://lambda.us-east-2.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-east-2:386309702278:function:notes-app-api-prod-create/invocations
03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Received response. Integration latency: 808 ms (e5b9d830-6a06-11e8-b66a-d905c08c59de)
Received response. Integration latency: 808 ms
03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Endpoint response body before
transformations: {"statusCode":500,"headers":{"Access-Control-Allow-Origin":"*","Access-Control-Allow-Credentials":true},"body":"{\"status\":false}"}
(e5b9d830-6a06-11e8-b66a-d905c08c59de) Endpoint response body before transformations: { "statusCode": 500, "headers": { "Access-Control-Allow-Origin":
"*", "Access-Control-Allow-Credentials": true }, "body": "{\"status\":false}" }
03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de)
Endpoint response headers: {X-Amz-Executed-Version=$LATEST, x-amzn-Remapped-Content-Length=0, Connection=keep-alive, x-amzn-RequestId=e5bce5d3-6a06-11e8-ae7c-c93bc444d725,
Content-Length=132, Date=Thu, 07 Jun 2018 03:57:29 GMT, X-Amzn-Trace-Id=root=1-5b18ad29-ffd17253da54a32a2384eca5;sampled=0,
Content-Type=application/json} (e5b9d830-6a06-11e8-b66a-d905c08c59de) Endpoint response headers: {X-Amz-Executed-Version=$LATEST,
x-amzn-Remapped-Content-Length=0, Connection=keep-alive, x-amzn-RequestId=e5bce5d3-6a06-11e8-ae7c-c93bc444d725, Content-Length=132,
Date=Thu, 07 Jun 2018 03:57:29 GMT, X-Amzn-Trace-Id=root=1-5b18ad29-ffd17253da54a32a2384eca5;sampled=0, Content-Type=application/json}
03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Method response body after transformations: {"status":false} (e5b9d830-6a06-11e8-b66a-d905c08c59de)
Method response body after transformations: { "status": false }
03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Method
response headers: {Access-Control-Allow-Origin=*, Access-Control-Allow-Credentials=true, X-Amzn-Trace-Id=Root=1-5b18ad29-ffd17253da54a32a2384eca5}
(e5b9d830-6a06-11e8-b66a-d905c08c59de) Method response headers: {Access-Control-Allow-Origin=*, Access-Control-Allow-Credentials=true,
X-Amzn-Trace-Id=Root=1-5b18ad29-ffd17253da54a32a2384eca5}
03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Successfully
completed execution (e5b9d830-6a06-11e8-b66a-d905c08c59de) Successfully completed execution
03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de)
Method completed with status: 500 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Method completed with status: 500
Here is a link to my WIP as well:
I haven’t had a chance to look at your repo but if your logs are setup then you can try using some console.log
in your code to see where it is failing. Btw, does this work when you invoke to locally?
I’ve included the console.log but thought that the error would come out in the cloudwatch logs, but I can’t identify what that is myself.
I’m not sure what you mean about invoking to locally, but I’ve followed the tutorial up to the point and have successfully created a note, edited an existing note, listed available notes, and deleted a note with the mock paramters without issue. It’s just trying to deploy and test the APIs that I’ve run into this issue.
Thanks,
Gavin