AccessDeniedException: Unable to determine service/operation name to be authorized

44k views Asked by At

Using AWS CLI

aws --version
aws-cli/1.11.21 Python/2.7.12 Darwin/15.3.0 botocore/1.4.78

Creating a POST method for API Gateway as explained at https://github.com/arun-gupta/serverless/tree/master/aws/microservice#post-method. This method can be invoked successfully using test-invoke-method and AWS Console.

Creating a GET method using AWS CLI https://github.com/arun-gupta/serverless/tree/master/aws/microservice#get-method. Invoking this method using test-invoke-method and AWS Console gives the following error:

{
    "status": 500,
    "body": "{\"message\": \"Internal server error\"}",
    "log": "Execution log for request test-request\nThu Dec 29 00:58:56 UTC 2016 : Starting execution for request: test-invoke-request\nThu Dec 29 00:58:56 UTC 2016 : HTTP Method: GET, Resource Path: /books\nThu Dec 29 00:58:56 UTC 2016 : Method request path: {}\nThu Dec 29 00:58:56 UTC 2016 : Method request query string: {}\nThu Dec 29 00:58:56 UTC 2016 : Method request headers: {}\nThu Dec 29 00:58:56 UTC 2016 : Method request body before transformations: \nThu Dec 29 00:58:56 UTC 2016 : Endpoint request URI: https://lambda.us-west-1.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-west-1:598307997273:function:MicroserviceGetAll/invocations\nThu Dec 29 00:58:56 UTC 2016 : Endpoint request headers: {x-amzn-lambda-integration-tag=test-request, Authorization=******************************************************************************************************************************************************************************************************************************************************************************************************482377, X-Amz-Date=20161229T005856Z, x-amzn-apigateway-api-id=sofl9ilki7, X-Amz-Source-Arn=arn:aws:execute-api:us-west-1:598307997273:sofl9ilki7/null/GET/books, Accept=application/json, User-Agent=AmazonAPIGateway_sofl9ilki7, Host=lambda.us-west-1.amazonaws.com, X-Amzn-Trace-Id=Root=1-58645fd0-7d733ae3c383f4378fcc0338}\nThu Dec 29 00:58:56 UTC 2016 : Endpoint request body after transformations: \nThu Dec 29 00:58:56 UTC 2016 : Endpoint response body before transformations: <AccessDeniedException>\n  <Message>Unable to determine service/operation name to be authorized</Message>\n</AccessDeniedException>\n\nThu Dec 29 00:58:56 UTC 2016 : Endpoint response headers: {x-amzn-RequestId=f95a8659-cd61-11e6-80f6-ddd6ce5b7e8b, Connection=keep-alive, Content-Length=130, Date=Thu, 29 Dec 2016 00:58:56 GMT}\nThu Dec 29 00:58:56 UTC 2016 : Lambda invocation failed with status: 403\nThu Dec 29 00:58:56 UTC 2016 : Execution failed due to configuration error: \nThu Dec 29 00:58:56 UTC 2016 : Method completed with status: 500\n",
    "latency": 39
}

The ARN identified in the error message is arn:aws:execute-api:us-west-1:598307997273:sofl9ilki7/null/GET/books. Wondering if null instead of test is causing this to fail?

4

There are 4 answers

6
Ka Hou Ieong On BEST ANSWER

I think you are using "GET" for your Lambda function endpoint on your GET method as well. Please change it to use "POST" for the Lambda integration HTTP method.

Using GET for lambda integrations on AWS API Gateway may leave you wondering why POST integrations are working but GET integrations don't work. GET AWS_PROXY integrations will fail if GET is used as the method on the integration. POST should be used for the lambda integration, even if the OPEN API specification is for a get method.

0
MikeD at AWS On

The null in the source ARN is because test-invoke does not have a stage to associate with your API. This is not usually a problem, unless the policy on your Lambda function is expecting an incompatible source ARN. Check the policy on your Lambda function and see if it includes a restriction on the source ARN. If it does, edit it to be compatible with the test-invoke ARN or deploy the API to a stage and call the method directly without test-invoke.

0
Kishor Unnikrishnan On

To invoke a lambda function the http method should be POST as per the lambda API:

Visit http://docs.aws.amazon.com/lambda/latest/dg/API_Invoke.html.

0
vsk.rahul On

Note carefully API Gateway use POST method by to call Lambda, while allowing any method to be able to call it via x-amazon-apigateway-any-method.