AWS API Gateway Custom Authorizer not running

Question

I have created a Lambda function which I've configured as the 'custom auth' on the method request of one of my API endpoints. When I use the 'test' function of the AWS API Gateway I don't see any output from my Lambda function in the log output.

I have 'deployed' the API.

However something is happening because when I hit the api endpoint using the configured custom domain name I get

{"message":"Unauthorized"}

However if I remove the 'custom auth' from this endpoint and hit the same endpoint, it works !

I've enabled the cloudwatch logging and this seems to show that the lambda function is not invoked but there's nothing under the apiGateway log group either, but, something must be happening, I just can't see it.

Can anybody point me in the direction of how I debug this ?

Answer 1

You can add permissions via aws cli to make you authorizer call the lambda, i did this and works perfectly!.

aws --profile profile lambda add-permission \
      --statement-id uuid \
      --action lambda:InvokeFunction \
      --function-name "arn:aws:lambda:$region:$accountId:function:functionName" \
      --principal apigateway.amazonaws.com \
      --source-arn "arn:aws:execute-api:$region:$accountId:$apigateway_id/authorizers/$authorizerId"

Answer 2

1. The API Gateway Test Invoke functionality will NOT invoke any authorizers, and will directly invoke your integration.
2. You can test the lambda authorizer independently by using the Authorizer Test Invoke available in the "Authorizers" tab on the API Gateway Console.
3. Your lambda function must return a response that includes the principal identifier (principalId) and a policy document containing a list of policy statements.

A more detailed documentation on this can be found here.

Ritisha.