Comments for Test the APIs

Chapter Comments
61

From @jayair on Mon May 07 2018 22:38:28 GMT+0000 (UTC)

@devsteff Hmmm that’s weird. I just tried the exact same lines from the PDF and it worked okay for me. I’m on macOS 10.13. Are the hyphens missing only for these snippets?

62

Everything works for me, except that the API is not secure for some reason. If I access the published API, I can freely GET and POST notes without authorization. What am I missing?

When I check in the the API Gateway gateway console, under Authorizers there are none configured. I have the authorizer: aws_iam line in my serverless.yml functions.

63

That’s strange. Often times it is the indenting in the serverless.yml. Make sure it is indented exactly as the one in the tutorial - https://github.com/AnomalyInnovations/serverless-stack-demo-api/blob/add-a-delete-note-api/serverless.yml#L42.

64

I am getting a 403 response when testing my api:

Authenticating with User Pool
Getting temporary credentials
Making API request
{ status: 403,
  statusText: 'Forbidden',
  data: { message: 'Forbidden' } }

I have been through the Debugging Serverless API Issues page, and looked through this thread but am still not able to figure out this issue. I have recreated my identity pool, and run the IAM policy simulator which returns “allowed”.

Here is my github repo: https://github.com/samhadr/recipes-expo/tree/develop

Any help would be appreciated.

65

While debugging it, did you find anything in the API Gateway and Lambda logs?

66

@jayair No, I didn’t see anything I could identify as an issue in the API Gateway and Lambda logs, though I am admittedly a novice working with them.

67

@jayair Just realized I had deployed the APIs with stage “dev” but was trying to test with stage “prod”. Fixed this and things are working now. Thanks for the quick reply!

1 Like
68

Oh that’s great. Just a heads up, we work with stages in Part II of the guide.

69

I just got back to this after seeing @jayair’s comment in Comments: Test the APIs · Issue #112 · sst/sst.dev · GitHub

@ahammond Are you setting which profile to use in your Lambda function?

I archived my other profiles to work on this so now I have only the one, default profile. I followed the logging instructions and found the following:

CloutWatch->Logs->/aws/lambda/notes-app-api-prod-create

START RequestId: 12c79e1e-639c-11e8-a08d-f9078e8c2e42 Version: $LATEST
23:57:41
2018-05-29T23:57:41.626Z	12c79e1e-639c-11e8-a08d-f9078e8c2e42	{ CredentialsError: Missing credentials in config at Object.fs.openSync (fs.js:646:18) at Object.fs.readFileSync (fs.js:551:33) at Object.readFileSync (/var/runtime/node_modules/aws-sdk/lib/util.js:97:26) at SharedIniFile.loadFile [as ensureFileLoaded] (/var/runtime/node_modules/aws-sdk/lib/shared_ini.js:19:18) at Sh
2018-05-29T23:57:41.626Z	12c79e1e-639c-11e8-a08d-f9078e8c2e42	{ CredentialsError: Missing credentials in config
at Object.fs.openSync (fs.js:646:18)
at Object.fs.readFileSync (fs.js:551:33)
at Object.readFileSync (/var/runtime/node_modules/aws-sdk/lib/util.js:97:26)
at SharedIniFile.loadFile [as ensureFileLoaded] (/var/runtime/node_modules/aws-sdk/lib/shared_ini.js:19:18)
at SharedIniFile.loadProfileNames [as getProfiles] (/var/runtime/node_modules/aws-sdk/lib/shared_ini.js:61:10)
at SharedIniFileCredentials.refresh (/var/runtime/node_modules/aws-sdk/lib/credentials/shared_ini_file_credentials.js:94:45)
at SharedIniFileCredentials.get (/var/runtime/node_modules/aws-sdk/lib/credentials.js:121:12)
at getAsyncCredentials (/var/runtime/node_modules/aws-sdk/lib/config.js:332:24)
at Config.getCredentials (/var/runtime/node_modules/aws-sdk/lib/config.js:352:9)
at Request.VALIDATE_CREDENTIALS (/var/runtime/node_modules/aws-sdk/lib/event_listeners.js:80:26)
message: 'Missing credentials in config',
errno: -2,
code: 'CredentialsError',
syscall: 'open',
path: '/home/sbx_user1059/.aws/credentials',
time: 2018-05-29T23:57:41.626Z,
originalError: 
{ message: 'Could not load credentials from SharedIniFileCredentials',
errno: -2,
code: 'CredentialsError',
syscall: 'open',
path: '/home/sbx_user1059/.aws/credentials',
time: 2018-05-29T23:57:41.626Z,
originalError: 
{ errno: -2,
code: 'ENOENT',
syscall: 'open',
path: '/home/sbx_user1059/.aws/credentials',
message: 'ENOENT: no such file or directory, open \'/home/sbx_user1059/.aws/credentials\'' } } }
23:57:41
END RequestId: 12c79e1e-639c-11e8-a08d-f9078e8c2e42

I guess I need to somehow add credentials to the lambda functions, but I don’t see a step for that in the tutorial. I assumed that the serverless deploy command should do this? I updated to the latest version of serverless, re-ran the deploy and still get the 500 error when I run aws-api-gateway-cli-test

70

That’s weird, the error sounds like your Lambda is looking for the credentials. Are you trying to load them inside your Lambda? We don’t do that in the tutorial and you shouldn’t need it if you only have one credential now.

71

@jayair I’m trying to follow the tutorial as closely as possible since I’m new to this stuff. My WIP is at https://github.com/ahammond/notes-app-api I think they should match pretty much exactly the tutorial.

72

I just took a quick look. It is this line where you are trying to load the credentials that is causing the issue I think:

const credentials = new AWS.SharedIniFileCredentials({profile: 'personal'});

73

@jayair Thanks! I missed removing that one when I got rid of the additional profiles.

~/notes-app-api   master   scripts/aws-api-gateway-cli-test.sh
npx: installed 103 in 6.344s
Authenticating with User Pool
Getting temporary credentials
Making API request
{ status: 200,
  statusText: 'OK',
  data:
   { userId: 'us-east-1:3c5e4377-2aad-4b53-88f3-c1764f1460a9',
     noteId: '8375c3b0-6822-11e8-bdce-692d25860d2c',
     content: 'hello world',
     attachment: 'hello.jpg',
     createdAt: 1528135807851 } }

Voila! Unblocked and moving forward. Thank you again!

1 Like
74

Hi there,

I’m encountering an Internal Server Error (status: 500) when I try to test the API.

I’ve followed the troubleshooting section and run the IAM Policy Simulator, which has confirmed that the policy is allowed, and comes back with “1 matching statement”.

testing-api-error
testing-api-error.jpg929×464 56.7 KB

Any suggestions on what I’m missing?

Thanks!

75

The 500 error means that there is something wrong in the Lambda code. You can try enabling logging and checking your Lambda and API Gateway logs. Have you had a chance to do that?

76

I’ve followed the directions to troubleshoot the {status: false} error message, and from the Lambda CloudWatch Logs this is what’s outputted:

cloudwatch-logs
cloudwatch-logs.jpg1211×182 32.5 KB

77

Cloudwatch Logs for the API Gateway:

    03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Verifying Usage Plan for request: e5b9d830-6a06-11e8-b66a-d905c08c59de.
    API Key: API Stage: v4nhi1n8nc/prod (e5b9d830-6a06-11e8-b66a-d905c08c59de) Verifying Usage Plan for request: e5b9d830-6a06-11e8-b66a-d905c08c59de.
    API Key: API Stage: v4nhi1n8nc/prod 

     03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) API Key authorized because method 'POST
    /notes' does not require API Key. Request will not contribute to throttle or quota limits (e5b9d830-6a06-11e8-b66a-d905c08c59de)
    API Key authorized because method 'POST /notes' does not require API Key. Request will not contribute to throttle or quota
    limits 

     03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Usage Plan check succeeded for API Key and API Stage v4nhi1n8nc/prod
    (e5b9d830-6a06-11e8-b66a-d905c08c59de) Usage Plan check succeeded for API Key and API Stage v4nhi1n8nc/prod 

     03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de)
    Starting execution for request: e5b9d830-6a06-11e8-b66a-d905c08c59de (e5b9d830-6a06-11e8-b66a-d905c08c59de) Starting execution
    for request: e5b9d830-6a06-11e8-b66a-d905c08c59de 

     03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) HTTP Method: POST, Resource
    Path: /notes (e5b9d830-6a06-11e8-b66a-d905c08c59de) HTTP Method: POST, Resource Path: /notes 

     03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de)
    Method request path: {} (e5b9d830-6a06-11e8-b66a-d905c08c59de) Method request path: {} 

     03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de)
    Method request query string: {} (e5b9d830-6a06-11e8-b66a-d905c08c59de) Method request query string: {} 

     03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de)
    Method request headers: {Accept=application/json, x-amz-date=20180607T035727Z, CloudFront-Viewer-Country=NZ, CloudFront-Forwarded-Proto=https,
    CloudFront-Is-Tablet-Viewer=false, CloudFront-Is-Mobile-Viewer=false, User-Agent=axios/0.18.0, X-Forwarded-Proto=https, CloudFront-Is-SmartTV-Viewer=false,
    Host=v4nhi1n8nc.execute-api.us-east-2.amazonaws.com, x-amz-sec (e5b9d830-6a06-11e8-b66a-d905c08c59de) Method request headers:
    {Accept=application/json, x-amz-date=20180607T035727Z, CloudFront-Viewer-Country=NZ, CloudFront-Forwarded-Proto=https, CloudFront-Is-Tablet-Viewer=false,
    CloudFront-Is-Mobile-Viewer=false, User-Agent=axios/0.18.0, X-Forwarded-Proto=https, CloudFront-Is-SmartTV-Viewer=false,
    Host=v4nhi1n8nc.execute-api.us-east-2.amazonaws.com, x-amz-security-token=AgoGb3JpZ2luEAsaCXVzLWVhc3QtMiKAAkyWj4VpECanhBwA0PSPL+9lnstqiq6PhK3GUzX1yD/m1Aidui4QbXewIt+I2SqO3Rtp9PhIEV8+K8JjZFIpUHN0i7kVNpKpfpIk1XxPSf1FuiaVW1B3ce3OHUTRCV/usmOcQZAEQD7wN0oekOn3JhGSuT1+bSaoFXk6hm+ffqaTwqf90NRG+R/FQ6VqnRniwu2beeMWjh2jlu1Ozo4aHaFDoo8BtyaVfKNf0dwMq8tHJCfMkrT4waXiaF7VBVm+fk3fOCvodXCXb03O/Pv8zkHqKx14kE5+Fhash+jSY/IJpqfI8/wgyyrqBt1Ree5ikF69XQhXvxsBgOAxezJiAMQqrwUItf//////////ARAAGgwzODYzMDk3MDIyNzgiDK2CBxoV7ERQ9nBSKSqDBdjWxdvy/NTXBkMxAjjywY7eBf0KepAcYxzZRW3pNbUX7MigNo5D7wfo43rhpfA7pA3jVBtdP8WMXGVUHJrJiPD/wEG5bRI0BMT5CKqAA9cA9uCPzHnT/96Hgo3iEpgoqNPlY7p8kCyBxKI+zWiC6o9Y7sX+XsIPJfkttvDOPmFJKkdxmZa2Gnaf4dkY5OYLyQINaZXQhqc+6U5mT+buWQ6
    [TRUNCATED] 

     03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Method request body before transformations: {"content":"hello
    world","attachment":"hello.jpg"} (e5b9d830-6a06-11e8-b66a-d905c08c59de) Method request body before transformations: { "content":
    "hello world", "attachment": "hello.jpg" } 

     03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Endpoint request URI: https://lambda.us-east-2.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-east-2:386309702278:function:notes-app-api-prod-create/invocations
    (e5b9d830-6a06-11e8-b66a-d905c08c59de) Endpoint request URI: https://lambda.us-east-2.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-east-2:386309702278:function:notes-app-api-prod-create/invocations


     03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Endpoint request headers: {x-amzn-lambda-integration-tag=e5b9d830-6a06-11e8-b66a-d905c08c59de,
    Authorization=************************************************************************************************************************************************************************************************************************************************************
    (e5b9d830-6a06-11e8-b66a-d905c08c59de) Endpoint request headers: {x-amzn-lambda-integration-tag=e5b9d830-6a06-11e8-b66a-d905c08c59de,
    Authorization=************************************************************************************************************************************************************************************************************************************************************************************************************************c36589,
    X-Amz-Date=20180607T035729Z, x-amzn-apigateway-api-id=v4nhi1n8nc, X-Amz-Source-Arn=arn:aws:execute-api:us-east-2:386309702278:v4nhi1n8nc/prod/POST/notes,
    Accept=application/json, User-Agent=AmazonAPIGateway_v4nhi1n8nc, X-Amz-Security-Token=FQoDYXdzELT//////////wEaDGF4IOa6AjvI6qk5PyK3A+oJBboxEfMtXXdGq/NxqBH9uzwItD/MkCP2KqPA2ABRCwNSvmgRTdTfXmPMfhdMTznvjNPfTV/ksEjZLpeikbLuH8kA9sPBt6zK22XJmMyml/m80U8F1xlJy7dvpNP8q6K5DeEyx3eqq9NTnIbK58FohHWq/Q52/Xvq4T459ByibjMBYrcaRlp3D0vD53qt+Gv/kHozVey9GRY7eXBDKbd/XNZuoKi26lc/PSKdT9H3lRnne8R6gRQ3FJhasaGi3L7+Gqhc7NyJEf+0rx1mnHM2ZrSMao/mYokpk1/RwXiGWFRl9LDWVz7
    [TRUNCATED] 

     03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Endpoint request body after transformations: {"resource":"/notes","path":"/notes","httpMethod":"POST","headers":{"Accept":"application/json","CloudFront-Forwarded-Proto":"https","CloudFront-Is-Desktop-Viewer":"true","CloudFront-Is-Mobile-Viewer":"false","CloudFront-Is-SmartTV-Viewer":"false","CloudFront-Is-Tablet-Viewer":"false","CloudFront-Viewer-Country":"N
    (e5b9d830-6a06-11e8-b66a-d905c08c59de) Endpoint request body after transformations: {"resource":"/notes","path":"/notes","httpMethod":"POST","headers":{"Accept":"application/json","CloudFront-Forwarded-Proto":"https","CloudFront-Is-Desktop-Viewer":"true","CloudFront-Is-Mobile-Viewer":"false","CloudFront-Is-SmartTV-Viewer":"false","CloudFront-Is-Tablet-Viewer":"false","CloudFront-Viewer-Country":"NZ","Content-Type":"application/json","Host":"v4nhi1n8nc.execute-api.us-east-2.amazonaws.com","User-Agent":"axios/0.18.0","Via":"1.1
    022e5e3c9a028827d5997a99d3e232de.cloudfront.net (CloudFront)","X-Amz-Cf-Id":"JXt8dVfWgrK3i3hmUZ41igS6B9dNImINh8jaq0p0S7R_gLxLDBhKrA==","x-amz-date":"20180607T035727Z","x-amz-security-token":"AgoGb3JpZ2luEAsaCXVzLWVhc3QtMiKAAkyWj4VpECanhBwA0PSPL+9lnstqiq6PhK3GUzX1yD/m1Aidui4QbXewIt+I2SqO3Rtp9PhIEV8+K8JjZFIpUHN0i7kVNpKpfpIk1XxPSf1FuiaVW1B3ce3OHUTRCV/usmOcQZAEQD7wN0oekOn3JhGSuT1+bSaoFXk6hm+ffqaTwqf90NRG+R/FQ6VqnRniwu2beeMWjh2jlu1Ozo4aHaFDoo8BtyaVfKNf0dwMq8tHJCfMkrT4waXiaF7VBVm+fk3fOCvodXCXb03O/Pv8zkHqKx14kE5+Fhash+jSY/IJpqfI8/wg
    [TRUNCATED] 

     03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Sending request to https://lambda.us-east-2.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-east-2:386309702278:function:notes-app-api-prod-create/invocations
    (e5b9d830-6a06-11e8-b66a-d905c08c59de) Sending request to https://lambda.us-east-2.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-east-2:386309702278:function:notes-app-api-prod-create/invocations


     03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Received response. Integration latency: 808 ms (e5b9d830-6a06-11e8-b66a-d905c08c59de)
    Received response. Integration latency: 808 ms 

     03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Endpoint response body before
    transformations: {"statusCode":500,"headers":{"Access-Control-Allow-Origin":"*","Access-Control-Allow-Credentials":true},"body":"{\"status\":false}"}
    (e5b9d830-6a06-11e8-b66a-d905c08c59de) Endpoint response body before transformations: { "statusCode": 500, "headers": { "Access-Control-Allow-Origin":
    "*", "Access-Control-Allow-Credentials": true }, "body": "{\"status\":false}" } 

     03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de)
    Endpoint response headers: {X-Amz-Executed-Version=$LATEST, x-amzn-Remapped-Content-Length=0, Connection=keep-alive, x-amzn-RequestId=e5bce5d3-6a06-11e8-ae7c-c93bc444d725,
    Content-Length=132, Date=Thu, 07 Jun 2018 03:57:29 GMT, X-Amzn-Trace-Id=root=1-5b18ad29-ffd17253da54a32a2384eca5;sampled=0,
    Content-Type=application/json} (e5b9d830-6a06-11e8-b66a-d905c08c59de) Endpoint response headers: {X-Amz-Executed-Version=$LATEST,
    x-amzn-Remapped-Content-Length=0, Connection=keep-alive, x-amzn-RequestId=e5bce5d3-6a06-11e8-ae7c-c93bc444d725, Content-Length=132,
    Date=Thu, 07 Jun 2018 03:57:29 GMT, X-Amzn-Trace-Id=root=1-5b18ad29-ffd17253da54a32a2384eca5;sampled=0, Content-Type=application/json}


     03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Method response body after transformations: {"status":false} (e5b9d830-6a06-11e8-b66a-d905c08c59de)
    Method response body after transformations: { "status": false } 

     03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Method
    response headers: {Access-Control-Allow-Origin=*, Access-Control-Allow-Credentials=true, X-Amzn-Trace-Id=Root=1-5b18ad29-ffd17253da54a32a2384eca5}
    (e5b9d830-6a06-11e8-b66a-d905c08c59de) Method response headers: {Access-Control-Allow-Origin=*, Access-Control-Allow-Credentials=true,
    X-Amzn-Trace-Id=Root=1-5b18ad29-ffd17253da54a32a2384eca5} 

     03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Successfully
    completed execution (e5b9d830-6a06-11e8-b66a-d905c08c59de) Successfully completed execution 

     03:57:29 (e5b9d830-6a06-11e8-b66a-d905c08c59de)
    Method completed with status: 500 (e5b9d830-6a06-11e8-b66a-d905c08c59de) Method completed with status: 500
78

Here is a link to my WIP as well:

79

I haven’t had a chance to look at your repo but if your logs are setup then you can try using some console.log in your code to see where it is failing. Btw, does this work when you invoke to locally?

80

I’ve included the console.log but thought that the error would come out in the cloudwatch logs, but I can’t identify what that is myself.

I’m not sure what you mean about invoking to locally, but I’ve followed the tutorial up to the point and have successfully created a note, edited an existing note, listed available notes, and deleted a note with the mock paramters without issue. It’s just trying to deploy and test the APIs that I’ve run into this issue.

Thanks,

Gavin