user5418227
user5418227

Reputation:

Crashing application caused by ApiClientException in Api gateway

I want to call webservice using Api gateway but having an issue using Cognito. but application is crashing, I have no idea about it,Please guys help to solve it!!! my code is like below

AwsActivity.java

class AwsActivity extends Activity {
private String AMAZON_COGNITO_IDENTITY_POOL_ID = "us-east-1**********";

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);

        new MyAsyncTask("1").execute();
    }

    private class MyAsyncTask extends AsyncTask<String, Void, String> {
        private String userId = "";

        public MyAsyncTask(String userId) {
            this.userId = userId;
            Log.d("111111111111", "111111111111");
        }

        @Override
        protected String doInBackground(String... strings) {
            Log.d("22222222222222222", "2222222222222222222");
            AWSCredentialsProvider credenetialsProvider = new CognitoCachingCredentialsProvider(
                    AwsActivity.this,          // activity context
                    AMAZON_COGNITO_IDENTITY_POOL_ID, // Cognito identity pool id
                    Regions.US_EAST_1 // region of Cognito identity pool
            );
            ApiClientFactory factory = new ApiClientFactory()
                    .credentialsProvider(credenetialsProvider)
                    .region("us-east-1")
                    .endpoint("https://abcd")
                    .apiKey("gsjddjflkjdsljaskds");

            // MyClient is the AWS Android SDK Generated class

            final MyClient client = factory.build(MyClient.class);

            client.viewprofileGet(userId);
            // String str = client.testGet().toString();
            Log.d("###", "here after test" + client.viewprofileGet(""));

            return "DONE";
        }

        @Override
        protected void onPostExecute(String temp) {
            Log.d("####", "onPostExecute");
        }
    }}

MyClient.java

@com.amazonaws.mobileconnectors.apigateway.annotation.Service(endpoint = "https://abcde")
public interface MyClient {
    @com.amazonaws.mobileconnectors.apigateway.annotation.Operation(path = "/loginclient", method = "GET")
    Empty loginclientGet(
            @com.amazonaws.mobileconnectors.apigateway.annotation.Parameter(name = "user_id", location = "query")
            String userId);
} 

My Error Log is below

07-01 06:35:17.840 17476-17558/com.example.android.awsapidemo E/AndroidRuntime: FATAL EXCEPTION: AsyncTask #1
                                                                                java.lang.RuntimeException: An error occured while executing doInBackground()
                                                                                    at android.os.AsyncTask$3.done(AsyncTask.java:299)
                                                                                    at java.util.concurrent.FutureTask.finishCompletion(FutureTask.java:352)
                                                                                    at java.util.concurrent.FutureTask.setException(FutureTask.java:219)
                                                                                    at java.util.concurrent.FutureTask.run(FutureTask.java:239)
                                                                                    at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:230)
                                                                                    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)
                                                                                    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573)
                                                                                    at java.lang.Thread.run(Thread.java:841)


Caused by: com.amazonaws.mobileconnectors.apigateway.ApiClientException: {"Message":"User: arn:aws:sts::686770309549:assumed-role/Cognito_bookmixnewUnauth_Role/CognitoIdentityCredentials is not authorized to perform: execute-api:Invoke on resource: arn:aws:execute-api:us-east-1:********9549:abcde/mycleint/GET/login/login"}
                                                                             (Service: MyClient; Status Code: 403; Error Code: null; Request ID: 80ede0b7-3f77-13435e6-45345-24325435)
                                                                                at com.amazonaws.mobileconnectors.apigateway.ApiClientHandler.handleResponse(ApiClientHandler.java:240)
                                                                                at com.amazonaws.mobileconnectors.apigateway.ApiClientHandler.invoke(ApiClientHandler.java:93)
                                                                                at $Proxy1.viewprofileGet(Native Method)
                                                                                at com.example.android.awsapidemo.AwsActivity$MyAsyncTask.doInBackground(AwsActivity.java:63)
                                                                                at com.example.android.awsapidemo.AwsActivity$MyAsyncTask.doInBackground(AwsActivity.java:37)
                                                                                at android.os.AsyncTask$2.call(AsyncTask.java:287)
                                                                                at java.util.concurrent.FutureTask.run(FutureTask.java:234)
                                                                                    ... 4 more

Upvotes: 0

Views: 975

Answers (2)

MikeD at AWS
MikeD at AWS

Reputation: 3745

The key detail in your error log is this message:

"User: arn:aws:sts::686770309549:assumed-role/Cognito_bookmixnewUnauth_Role/CognitoIdentityCredentials is not authorized to perform: execute-api:Invoke on resource: arn:aws:execute-api:us-east-1:********9549:abcde/mycleint/GET/login/login"

There is a role associated with each Cognito identity pool. You need to add policy to your role to give it permissions to the "execute-api:Invoke" action on the resource ARN given above.

The policy should look something like this:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "execute-api:Invoke"           
      ],
      "Resource": [
        "arn:aws:execute-api:us-east-1:********9549:abcde/mycleint/GET/login/login"
      ]
    }
  ]
} 

Also, the resource path in your ARN looks odd, so double check that you built the correct URL for invoking your API. The general format for the ARN is:

arn:aws:execute-api:us-east-1:my-aws-account-id:my-api-id/my-stage/GET/my-resource-path

Base on the ARN in your error log, we have:

my-aws-account-id: ********9549
my-api-id: abcde
my-stage: mycleint
HTTP method: GET
my-resource-path: /login/login`

Is "mycleint" the name of your stage?

Is the resource path really "/login/login"?

Also, it seems a bit odd to be using both a Cognito identity pool and a custom login method. Usually people use one or the other. With this set-up the user has to authenticate via the Cognito identity pool before they can call the custom login method.

Upvotes: 1

Jithu P.S
Jithu P.S

Reputation: 1843

Try like this

AmazonDynamoDBClient ddbClient = Region.getRegion(Regions.EU_WEST_1) // CRUCIAL
    .createClient(
        AmazonDynamoDBClient.class,
        credentialsProvider,
        new ClientConfiguration()
    );

Check this value

Region.getRegion(Regions.EU_WEST_1) // CRUCIAL

if your database in a different region you need to specify it properly.other wise it will not work

Upvotes: 0

Related Questions