Deploy the APIs

From @jayair on Mon Apr 10 2017 01:00:46 GMT+0000 (UTC)

Link to chapter - http://serverless-stack.com/chapters/deploy-the-apis.html

Copied from original issue: https://github.com/AnomalyInnovations/serverless-stack-com/issues/28

From @waterwoodsthu on Wed Apr 12 2017 02:06:30 GMT+0000 (UTC)

I got {ā€œmessageā€:ā€œUnauthorizedā€} error.

I changed the OUR_COGNITO_USER_POOL_ID and YOUR_COGNITO_APP_CLIENT_ID and got the IdToken. I replaced the IdToken with mine. I also changed the endpoint to my own API gateway endpoint.

Any ideas?

From @fwang on Wed Apr 12 2017 18:21:13 GMT+0000 (UTC)

Could you post the functions section in your serverless.yml of the endpoint you are trying to invoke?

From @JUSTPERFECT on Wed Apr 12 2017 18:24:18 GMT+0000 (UTC)

I think it has the problem with your keysā€¦Check whether u copied whole
keysā€¦

On 12-Apr-2017 7:36 AM, ā€œCong Liuā€ notifications@github.com wrote:

I got {ā€œmessageā€:ā€œUnauthorizedā€} error.

I changed the OUR_COGNITO_USER_POOL_ID and YOUR_COGNITO_APP_CLIENT_ID and
got the IdToken. I replaced the IdToken with mine. I also changed the
endpoint to my own API gateway endpoint.

Any ideas?

ā€”
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/AnomalyInnovations/serverless-stack-com/issues/28#issuecomment-293451509,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AMRdwdflSnmW6BX0YLcqNs9lX500b4kHks5rvDGmgaJpZM4M4OEX
.

From @waterwoodsthu on Thu Apr 13 2017 01:59:52 GMT+0000 (UTC)

Below is the functions section in my serverless.yml. I doubled checked my keys and I donā€™t think I made any copy/paste mistakes.

BTW, I can use the UI to create/update notes.

functions:
  # Defines an HTTP API endpoint that calls the main function in create.js
  # - path: url path is /notes
  # - method: POST request
  # - cors: enabled CORS (Cross-Origin Resource Sharing) for browser cross
  #     domain api call
  # - authorizer: authenticate the api via Cognito User Pool. Update the 'arn'
  #     with your own User Pool ARN
  create:
    handler: create.main
    events:
      - http:
          path: notes
          method: post
          cors: true
          authorizer:
            arn: arn:aws:cognito-idp:us-east-1:099521359077:userpool/us-east-1_CuWTSHcJb

  get:
      # Defines an HTTP API endpoint that calls the main function in get.js
      # - path: url path is /notes/{id}
      # - method: GET request
      handler: get.main
      events:
        - http:
            path: notes/{id}
            method: get
            cors: true
            authorizer:
              arn: arn:aws:cognito-idp:us-east-1:099521359077:userpool/us-east-1_CuWTSHcJb

  list:
    # Defines an HTTP API endpoint that calls the main function in list.js
    # - path: url path is /notes
    # - method: GET request
    handler: list.main
    events:
      - http:
          path: notes
          method: get
          cors: true
          authorizer:
            arn: arn:aws:cognito-idp:us-east-1:099521359077:userpool/us-east-1_CuWTSHcJb

  update:
    # Defines an HTTP API endpoint that calls the main function in update.js
    # - path: url path is /notes/{id}
    # - method: PUT request
    handler: update.main
    events:
      - http:
          path: notes/{id}
          method: put
          cors: true
          authorizer:
            arn: arn:aws:cognito-idp:us-east-1:099521359077:userpool/us-east-1_CuWTSHcJb

  delete:
    # Defines an HTTP API endpoint that calls the main function in delete.js
    # - path: url path is /notes/{id}
    # - method: DELETE request
    handler: delete.main
    events:
      - http:
          path: notes/{id}
          method: delete
          cors: true
          authorizer:
            arn: arn:aws:cognito-idp:us-east-1:099521359077:userpool/us-east-1_CuWTSHcJb

From @fwang on Thu Apr 13 2017 19:18:44 GMT+0000 (UTC)

The React app (UI) calls the APIs the exact same way as the bash curl. If you inspect the HTTP request in the browser, you should see the IdToken used in the Authorization header and the JSON request body. Try curling with them.

From @dmurraykauai on Tue Apr 18 2017 00:47:35 GMT+0000 (UTC)

After running ā€˜serverless deploy -vā€™ I received the response below. (Unable to parse HTTP response content.) All APIā€™s passed their tests and now Iā€™m suddenly stuck on this error. Any ideas?

david@DESKTOP-U1APQB8 MINGW64 /d/Projects/Serverless/notes-app-api
$ serverless deploy -v
Serverless: Bundling with Webpack...
Time: 3501ms
     Asset     Size  Chunks             Chunk Names
 create.js   5.8 kB       0  [emitted]  create
 delete.js  5.66 kB       1  [emitted]  delete
    get.js  5.88 kB       2  [emitted]  get
handler.js  2.28 kB       3  [emitted]  handler
   list.js   5.9 kB       4  [emitted]  list
 update.js   6.2 kB       5  [emitted]  update
Serverless: Packing external modules: babel-runtime@^6.23.0, uuid@^3.0.1
Serverless: Packaging service...
Serverless: Uploading CloudFormation file to S3...
Serverless: Uploading function .zip files to S3...
Serverless: Uploading service .zip file to S3 (1.03 MB)...
Serverless: Updating Stack...
Serverless: Checking Stack update progress...
CloudFormation - UPDATE_IN_PROGRESS - AWS::CloudFormation::Stack - notes-app-api-prod
CloudFormation - CREATE_IN_PROGRESS - AWS::IAM::Role - IamRoleLambdaExecution
CloudFormation - CREATE_IN_PROGRESS - AWS::Logs::LogGroup - ListLogGroup
CloudFormation - CREATE_IN_PROGRESS - AWS::ApiGateway::RestApi - ApiGatewayRestApi
CloudFormation - CREATE_IN_PROGRESS - AWS::Lambda::Permission - 2UnderscoreJLN0gaaY4LambdaPermissionApiGateway
CloudFormation - CREATE_IN_PROGRESS - AWS::Logs::LogGroup - UpdateLogGroup
CloudFormation - CREATE_IN_PROGRESS - AWS::Logs::LogGroup - CreateLogGroup
CloudFormation - CREATE_IN_PROGRESS - AWS::Logs::LogGroup - GetLogGroup
CloudFormation - CREATE_FAILED - AWS::Lambda::Permission - 2UnderscoreJLN0gaaY4LambdaPermissionApiGateway
CloudFormation - CREATE_IN_PROGRESS - AWS::Logs::LogGroup - ListLogGroup
CloudFormation - CREATE_IN_PROGRESS - AWS::ApiGateway::RestApi - ApiGatewayRestApi
CloudFormation - CREATE_IN_PROGRESS - AWS::IAM::Role - IamRoleLambdaExecution
CloudFormation - CREATE_IN_PROGRESS - AWS::Logs::LogGroup - CreateLogGroup
CloudFormation - CREATE_COMPLETE - AWS::ApiGateway::RestApi - ApiGatewayRestApi
CloudFormation - CREATE_IN_PROGRESS - AWS::Logs::LogGroup - UpdateLogGroup
CloudFormation - CREATE_COMPLETE - AWS::Logs::LogGroup - CreateLogGroup
CloudFormation - CREATE_IN_PROGRESS - AWS::Logs::LogGroup - DeleteLogGroup
CloudFormation - CREATE_COMPLETE - AWS::Logs::LogGroup - ListLogGroup
CloudFormation - CREATE_IN_PROGRESS - AWS::Logs::LogGroup - GetLogGroup
CloudFormation - CREATE_COMPLETE - AWS::Logs::LogGroup - UpdateLogGroup
CloudFormation - CREATE_COMPLETE - AWS::Logs::LogGroup - GetLogGroup
CloudFormation - CREATE_FAILED - AWS::Logs::LogGroup - DeleteLogGroup
CloudFormation - CREATE_FAILED - AWS::IAM::Role - IamRoleLambdaExecution
CloudFormation - UPDATE_ROLLBACK_IN_PROGRESS - AWS::CloudFormation::Stack - notes-app-api-prod
CloudFormation - UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS - AWS::CloudFormation::Stack - notes-app-api-prod
CloudFormation - DELETE_IN_PROGRESS - AWS::Logs::LogGroup - GetLogGroup
CloudFormation - DELETE_IN_PROGRESS - AWS::Logs::LogGroup - CreateLogGroup
CloudFormation - DELETE_IN_PROGRESS - AWS::IAM::Role - IamRoleLambdaExecution
CloudFormation - DELETE_IN_PROGRESS - AWS::Logs::LogGroup - UpdateLogGroup
CloudFormation - DELETE_IN_PROGRESS - AWS::ApiGateway::RestApi - ApiGatewayRestApi
CloudFormation - DELETE_IN_PROGRESS - AWS::Logs::LogGroup - ListLogGroup
CloudFormation - DELETE_COMPLETE - AWS::Lambda::Permission - 2UnderscoreJLN0gaaY4LambdaPermissionApiGateway
CloudFormation - DELETE_COMPLETE - AWS::Logs::LogGroup - GetLogGroup
CloudFormation - DELETE_COMPLETE - AWS::Logs::LogGroup - DeleteLogGroup
CloudFormation - DELETE_COMPLETE - AWS::Logs::LogGroup - CreateLogGroup
CloudFormation - DELETE_COMPLETE - AWS::ApiGateway::RestApi - ApiGatewayRestApi
CloudFormation - DELETE_COMPLETE - AWS::Logs::LogGroup - UpdateLogGroup
CloudFormation - DELETE_COMPLETE - AWS::Logs::LogGroup - ListLogGroup
CloudFormation - DELETE_COMPLETE - AWS::IAM::Role - IamRoleLambdaExecution
CloudFormation - UPDATE_ROLLBACK_COMPLETE - AWS::CloudFormation::Stack - notes-app-api-prod
Serverless: Deployment failed!

  Serverless Error ---------------------------------------

     An error occurred while provisioning your stack: 2UnderscoreJLN0gaaY4LambdaPermissionApiGateway
     - Unable to parse HTTP response content.

  Get Support --------------------------------------------
     Docs:          docs.serverless.com
     Bugs:          github.com/serverless/serverless/issues
     Forums:        forum.serverless.com
     Chat:          gitter.im/serverless/serverless

  Your Environment Information -----------------------------
     OS:                 win32
     Node Version:       7.2.0
     Serverless Version: 1.11.0

From @PatrykTies on Tue Apr 18 2017 12:10:10 GMT+0000 (UTC)

I did receive the same Error as above once deployed.
On Stack they saying we must provide statusCode along with responseā€¦as we did in tutorialā€¦but perhaps we must add it on API Gateway level alsoā€¦i dont know at the momentā€¦trying to fix it

From @fwang on Tue Apr 18 2017 17:19:06 GMT+0000 (UTC)

@dmurraykauai @PatrykTies A couple of things could cause the ā€œUnable to parse HTTP response contentā€ error.

Letā€™s do a quick sanity check. Could you share your serverless.yml file?

From @PatrykTies on Tue Apr 18 2017 18:49:20 GMT+0000 (UTC)

```yaml
service: notes-app

plugins:

  • serverless-webpack

custom:
webpackIncludeModules: true

provider:
name: aws
runtime: nodejs6.10
stage: prod
region: eu-west-1

iamRoleStatements:

  • Effect: Allow
    Action:
    • dynamodb:DescribeTable
    • dynamodb:Query
    • dynamodb:Scan
    • dynamodb:GetItem
    • dynamodb:PutItem
    • dynamodb:UpdateItem
    • dynamodb:DeleteItem
      Resource: ā€œarn:aws:dynamodb:eu-west-1::ā€

functions:

create:
handler: create.main
events:
- http:
path: notes
method: post
cors: true
authorizer:
arn: arn:aws:cognito-idp:eu-west-1:421235352293:userpool/eu-west-1_xxxxxxx
get:

handler: get.main
events:
  - http:
      path: notes/{id}
      method: get
      cors: true
      authorizer:
        arn: arn:aws:cognito-idp:eu-west-1:421235352293:userpool/eu-west-1_xxxxxxx

list:

handler: list.main
events:
  - http:
      path: notes
      method: get
      cors: true
      authorizer:
        arn: arn:aws:cognito-idp:eu-west-1:421235352293:userpool/eu-west-1_xxxxxxxx

update:

handler: update.main
events:
  - http:
      path: notes/{id}
      method: put
      cors: true
      authorizer:
        arn: arn:aws:cognito-idp:eu-west-1:421235352293:userpool/eu-west-1_xxxxxxxx

delete:

handler: delete.main
events:
  - http:
      path: notes/{id}
      method: delete
      cors: true
      authorizer:
        arn: arn:aws:cognito-idp:eu-west-1:421235352293:userpool/eu-west-1_xxxxxxxx

From @dmurraykauai on Tue Apr 18 2017 18:54:54 GMT+0000 (UTC)

Pasting the code in between the back ticks doesnā€™t render too good. Iā€™ve attached serverless.yml.txt to this post. Thanks for the assist!


service: notes-app-api

plugins:
  - serverless-webpack

custom:
  webpackIncludeModules: true
[serverless.yml.txt](https://github.com/AnomalyInnovations/serverless-stack-com/files/930746/serverless.yml.txt)

provider:
  name: aws
  runtime: nodejs6.10
  stage: prod
  region: us-west-2

  # 'iamRoleStatement' defines the permission policy for the Lambda function.
  # In this case Lambda functions are granted with permissions to access DynamoDB.
  iamRoleStatements:
    - Effect: Allow
      Action:
        - dynamodb:DescribeTable
        - dynamodb:Query
        - dynamodb:Scan
        - dynamodb:GetItem
        - dynamodb:PutItem
        - dynamodb:UpdateItem
        - dynamodb:DeleteItem
      Resource: "arn:aws:dynamodb:us-west-2:*:*"

functions:
  # Defines an HTTP API endpoint that calls the main function in create.js
  # - path: url path is /notes
  # - method: POST request
  # - cors: enabled CORS (Cross-Origin Resource Sharing) for browser cross
  #     domain api call
  # - authorizer: authenticate the api via Cognito User Pool. Update the 'arn'
  #     with your own User Pool ARN
  create:
    handler: create.main
    events:
      - http:
          path: notes
          method: post
          cors: true
          authorizer:
            arn: aws:cognito-idp:us-west-2:939466294100:userpool/us-west-2_JLN0gaaY4
  get:
      # Defines an HTTP API endpoint that calls the main function in get.js
      # - path: url path is /notes/{id}
      # - method: GET request
      handler: get.main
      events:
        - http:
            path: notes/{id}
            method: get
            cors: true
            authorizer:
              arn: aws:cognito-idp:us-west-2:939466294100:userpool/us-west-2_JLN0gaaY4
  list:
      # Defines an HTTP API endpoint that calls the main function in list.js
      # - path: url path is /notes
      # - method: GET request
      handler: list.main
      events:
        - http:
            path: notes
            method: get
            cors: true
            authorizer:
              arn: aws:cognito-idp:us-west-2:939466294100:userpool/us-west-2_JLN0gaaY4
  update:
      # Defines an HTTP API endpoint that calls the main function in update.js
      # - path: url path is /notes/{id}
      # - method: PUT request
      handler: update.main
      events:
        - http:
            path: notes/{id}
            method: put
            cors: true
            authorizer:
              arn: aws:cognito-idp:us-west-2:939466294100:userpool/us-west-2_JLN0gaaY4
  delete:
      # Defines an HTTP API endpoint that calls the main function in delete.js
      # - path: url path is /notes/{id}
      # - method: DELETE request
      handler: delete.main
      events:
        - http:
            path: notes/{id}
            method: delete
            cors: true
            authorizer:
              arn: aws:cognito-idp:us-west-2:939466294100:userpool/us-west-2_JLN0gaaY4

From @fwang on Tue Apr 18 2017 18:58:57 GMT+0000 (UTC)

@dmurraykauai the authorizer arn should start with arn: and the authorizer line should look something like

authorizer:
  arn: arn:aws:cognito-idp:us-east-1:xxxxxxxxxxxx:userpool/us-east-1_XXXXXxxxx

From @dmurraykauai on Tue Apr 18 2017 19:00:12 GMT+0000 (UTC)

ok, that was a bit confusingā€¦ arn: arn:aws: ā€¦ thought I tried w/ the double arn: already but let me try again. Thank you!

From @dmurraykauai on Tue Apr 18 2017 19:05:28 GMT+0000 (UTC)

Beautiful, works fine now. Thanks again @fwang ! Much appreciated.

From @fwang on Tue Apr 18 2017 19:19:37 GMT+0000 (UTC)

@PatrykTies hmmmā€¦ it looks fine. Could you double check a few things:

  • both Identity pool and User pool are created inside eu-west-1 region;
  • userpool id is usually 9 characters long, ensure the authorizer arn is not missing any character at the end arn: arn:aws:cognito-idp:eu-west-1:421235352293:userpool/eu-west-1_xxxxxxx

From @Malivuk on Wed Apr 19 2017 09:01:30 GMT+0000 (UTC)

Hi,

Thanks for your super guide :sparkles:

Iā€™m struggling with cognito and serverless, Iā€™m having the same problem as @dmurraykauai I guess.

Iā€™m declaring my function as follows:

searchname:
  handler: handler.searchname
  events:
    - http:
        path: search/name/{value}
        method: get
        private: true
        cors: true
        authorizer:
          arn: ${self:custom.poolArn}
    - stream: ${self:custom.dynamoArn} 

All my services are running on ap-northeast-2 and my poolArn variable is equal to arn:aws:cognito-idp:ap-northeast-2:XXXXXXXXXXXX:userpool/ap-northeast-2_xxxxxxx.

When I try to deploy my service, I get the following logs:

CloudFormation - CREATE_FAILED - AWS::Lambda::Permission - 2UnderscorexxxxxxxLambdaPermissionApiGateway
CloudFormation - CREATE_FAILED - AWS::ApiGateway::Authorizer - 2UnderscorexxxxxxxApiGatewayAuthorizer

Depending on AWS settings (e.g., switching Authorization to AWS_IAM), the process ends with one of these error messages:

- Unable to parse HTTP response content.
- Invalid lambda function.

Everything works fine if I comment the authorizer lines.

Iā€™ve set manually IAM permissions for lambda:

{
    "Action": [
        "lambda:*"
    ],
    "Resource": "*",
    "Effect": "Allow"
},

I also had a look at many related issues, I saw you answered one on serverless forums. However, their official doc is really light regarding cognito as an authorizerā€¦ Note that Iā€™m just using Cognito user pool, without Cognito identity pool.

How did you get your example working? Are there extra settings to deal with on the dashboard?

Thanks


Edit 1: I found a solution that solves the following alert:

CloudFormation - CREATE_FAILED - AWS::ApiGateway::Authorizer - 2UnderscorexxxxxxxApiGatewayAuthorizer

From @Malivuk on Thu Apr 20 2017 04:11:17 GMT+0000 (UTC)

Yo,

Never mind, I was using Serverless 1.4.0, I had a look at changelogs and figured out I should update to the latest version.

From @jayair on Thu Apr 20 2017 18:01:51 GMT+0000 (UTC)

@Malivuk thanks for reporting back. Itā€™ll help anybody else that might run into this.

From @PatrykTies on Thu Apr 20 2017 20:57:59 GMT+0000 (UTC)

Yes I can confirm, my issue above was also caused by using 1.4 , now once updated to 1.11 all works fine.
Cheers.

From @jayair on Thu Apr 20 2017 22:00:01 GMT+0000 (UTC)

@Malivuk couldnā€™t have timed your response any more perfectly :wink:

Or maybe @PatrykTies had it figured out before he saw your message.