frengel
frengel

Reputation: 181

AWS API Gateway URL returns {"message":"Forbidden"}

I have a similar problem to this question: getting message: forbidden reply from AWS API gateway

I have followed a tutorial and set up the calc API on AWS API Gateway. Everything worked as described in the tutorial, deployed the api to the test stage and not able to access it. I tried to also import an Example API in AWS API Gateway, the pet's store. Again, test inside the AWS Console works, when I deploy to a stage, the URL provided by AWS does not work.

But from the comments and replies I was not able to resolve it.

I checked the usual solutions:

  1. It is not CORS related, I cannot access this URL via Chrome, or Postman
  2. It is not Custom domain related, I am using the default URL provided by AWS in the stage UI
  3. I am accessing the correct URL, i.e. stage_name/resource
  4. I have Authorization = NONE and API Key required = false

I also tried different Resource policies (and every time I changed, I redeployed)

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Principal": "*",
        "Action": "execute-api:Invoke",
        "Resource": "arn:aws:execute-api:eu-west-1:xxx:km1rmsmo1j/test/calc/POST/*"
    }
]

or

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Deny",
        "Principal": "*",
        "Action": "execute-api:Invoke",
        "Resource": "arn:aws:execute-api:eu-west-1:xxxxx:km1rmsmo1j/test/*/*"
    }
]

}

Still failing to call: https://km1rmsmo1j.execute-api.eu-west-1.amazonaws.com/test/calc

I think all the tutorials on AWS omits the last and most important question, how to make it publicly accessible. Because from my observation it looks like that by default it is not - at least something somewhere has to be changed to make it accessible from the public internet.

Thanks for the help.

Upvotes: 3

Views: 7846

Answers (1)

frengel
frengel

Reputation: 181

I figured out the problem, was accessing the endpoint from a VPN connection opened to AWS. Therefore the access to the API came from AWS EC2, I dont know why, but when I logged out from the VPN, it worked.

Upvotes: 3

Related Questions