Comments for Test the APIs


#81

The status: false is coming from this line (if you are trying to test the create API).

I would console.log(e) and check in the Lambda logs what the error is.


#82

So I’ve previously done that with my offline files:

log

And then generated the previously posted Cloudwatch Logs.

Is Cloudwatch Logs the same as the Lambda Logs or am I looking in the wrong place?

Thanks for your help!


#83

Okay, after a bit of searching I think I’ve finally found the right place.

This is what has been logged after I inserted the console.log(e) a weeks ago:

2018-06-07T03:57:29.946Z e5bce5d3-6a06-11e8-ae7c-c93bc444d725 { AccessDeniedException: User: arn:aws:sts::386309702278:assumed-role/notes-app-api-prod-us-east-2-lambdaRole/notes-app-api-prod-create is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:us-east-2:386309702278:table/notes at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:48:27)
2018/06/07/[$LATEST]156d197bfd8b436e95ee4c1b33e7122a
2018-06-07T03:57:29.946Z e5bce5d3-6a06-11e8-ae7c-c93bc444d725 { AccessDeniedException: User: arn:aws:sts::386309702278:assumed-role/notes-app-api-prod-us-east-2-lambdaRole/notes-app-api-prod-create is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:us-east-2:386309702278:table/notes
at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:48:27)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request. (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)
at Request. (/var/runtime/node_modules/aws-sdk/lib/request.js:685:12)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:115:18)
message: ‘User: arn:aws:sts::386309702278:assumed-role/notes-app-api-prod-us-east-2-lambdaRole/notes-app-api-prod-create is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:us-east-2:386309702278:table/notes’,
code: ‘AccessDeniedException’,
time: 2018-06-07T03:57:29.945Z,
requestId: ‘ALOKGMHC8VD1DGBDMTAJ146SNRVV4KQNSO5AEMVJF66Q9ASUAAJG’,
statusCode: 400,
retryable: false,
retryDelay: 35.35319988644893 }

Any suggestions on what this error is coming up?

notes-app-api-prod-create is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:us-east-2:386309702278:table/notes at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:48:27)


#84

I’ve compared the dynamodbtable details with the serverless.yml file and it seems like it should be okay:


#85

I am facing the same error. I have the same code as in the serverless.yml, but still I am getting an error which says " the user is not authorized to perform: dynamodb:PutItem. Is there any solution for this?


#86

Im getting a similar error to a few people.
message: ‘User: arn:aws:sts::640390173836:assumed-role/harry-app-api-prod-eu-west-2-lambdaRole/harry-app-api-prod-create is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:eu-west-2:640390173836:table/notes’,
code: ‘AccessDeniedException’,

interestingly one of the comments shows user pool that looks a bit different to mine. Mine looks like this:

I dont think it is my code syntax but it can all be found on my github


#87

@HarryChaplain Thanks for linking to your repo.

@Gavmastaphlex Thanks for tracking it down.

@KedarPandhare Thanks for reporting.

It seems like a few people are having the exact same issue though nothing has changed on our end. Which version of Serverless are you guys using? I need to try and replicate this.


#88

From package.json:

“serverless-offline”: “^3.20.3”,
“serverless-webpack”: “^5.1.0”,


#89

Also run serverless -v in your terminal.


#90

That results in:

serverless


#91

For me the serverless version is 1.26.1


#92

@Gavmastaphlex @jayair I found the issue. If you look at this link, you can see that the assumed role(in our case arn:aws:iam::7XXXXXXXXX:role/notes-app-api-prod-us-east-1-lambdaRole) doesn’t have full access to perform an DynamodB table operations.

The link I specified has the explanation that the assumed role should have full access(Admin access) to make the calls to the DynamoDb table. So, I added AdministratorAccess role to our assumed lambda role and then ran the sls deploy. Once deployed I executed the commands –
npx aws-api-gateway-cli-test
–username=‘admin@example.com’
–password=‘Passw0rd!’
–user-pool-id=‘YOUR_COGNITO_USER_POOL_ID’
–app-client-id=‘YOUR_COGNITO_APP_CLIENT_ID’
–cognito-region=‘YOUR_COGNITO_REGION’
–identity-pool-id=‘YOUR_IDENTITY_POOL_ID’
–invoke-url=‘YOUR_API_GATEWAY_URL’
–api-gateway-region=‘YOUR_API_GATEWAY_REGION’
–path-template=’/notes’
–method=‘POST’
–body=’{“content”:“hello world”,“attachment”:“hello.jpg”}’ and i got the result that was expected in the chapter.


#93

@Gavmastaphlex Attach the Administrator Access policy to the assumed lambda role and then run sls deploy and execute the commands mentioned in the chapter. I think that should work.


#94

I am running 1.27.3

@Gavmastaphlex im not sure what you mean or how I would do what you are asking. Have you got a screenshot?


#95

To save people going down rabbit holes…

I completely restarted the tutorial from scratch and got it working. I didn’t manage to find exactly where I made a mistake but my best guess would be I copied over one of the keys incorrectly.


#96

@HarryChaplain I took a look at your repo. The iamRoleStatements block is not indented correctly.

You can compare it to the one from the repo here:

@Gavmastaphlex @KedarPandhare I would double check the same for you guys as well.


#97

@jayair I got it working. Just added AdministratorAccess role to assumed Lambda role and it worked for me.


#98

That does work but it isn’t great for security. Maybe once you complete the tutorial you can revisit this.


#99

I’m getting the following error

npx: installed 103 in 11.638s
Authenticating with User Pool
Getting temporary credentials
Making API request
{ status: 403,
  statusText: 'Forbidden',
  data: 
   { message: 'Credential should be scoped to a valid region, not \'eu-cerntral-1\'. ' } }

It would be better to have this tutorial on postman .


#100

@jayair I am getting following error, please look into it:
Token is not from a supported provider of this identity pool.