Reputation: 91
AWS SAM: AccessDeniedException: Unable to determine service/operation name to be authorized
I am receiving the following error in conjunction with a 502 on my API-Gateway.
Endpoint response body before transformations: <AccessDeniedException>
<Message>Unable to determine service/operation name to be authorized</Message>
</AccessDeniedException>
After some testing, this problem seems to only appear on endpoints that use Authorizer Lambdas. The authorizer successfully completes and all transformations occur, then the request is sent to the lambda.
Current Setup: Using AWS-SAM with a nested stack
Things I've tried:
Manually adding permissions to the lambda via aws-cli with no response.
Including Invoke Permissions as described by https://github.com/awslabs/serverless-application-model/issues/59
My current 'work-around' is to manually go into the API-Gateway -> Integration Request, then selecting the edit Lambda Function and checking the box (without any changes). After I do this, the problem doesn't arise again until I build the stack from scratch again.
Upvotes: 4
Views: 3418
Answers (1)
Reputation: 91
Looks like the issue was with out API Swagger yml file. As indicated in the docs, x-amazon-apigateway-integration MUST be a POST for lamba integrations.
Upvotes: 5
Related Questions
- aws sam invalid token included in the request is invalid
- API Gateway created by SAM runs locally but times out when deployed to API Gateway
- How to add a lambda authorizer to AWS SAM application using the same API Gateway
- AccessDeniedException: Unable to determine service/operation name to be authorized
- APIGateway returns `Internal server error` despite adding resource based permissions for Lambda
- Lambda function not authorized to perform apigateway:GET
- API Gateway Options method throwing 403
- AWS SAM AccessDeniedException on a Lambda that uses the AWS SDK
- AWS SAM Missing authentication token error on sample hello world app
- AWS SAM Template Fails to Create Configurations for API Gateway