API 网关调用 Lambda {proxy+} 函数 - 内部服务器错误
问题描述 投票:0回答:3
我有一个具有以下 API 端点的 API 网关:
当我尝试测试它时,出现以下错误:
Request: /connect/list_users
Status: 500
Latency: 29 ms
Response Body
{"message": "Internal server error"}
Response Headers
{"x-amzn-ErrorType":["InternalServerErrorException"]}
Logs
Execution log for request 3ff47544-2f03-4e52-a52c-ce76e397aee7
Wed May 31 15:52:55 UTC 2023 : Starting execution for request: 3ff47544-2f03-4e52-a52c-ce76e397aee7
Wed May 31 15:52:55 UTC 2023 : HTTP Method: GET, Resource Path: /connect/list_users
Wed May 31 15:52:55 UTC 2023 : Method request path: {proxy=list_users}
Wed May 31 15:52:55 UTC 2023 : Method request query string: {}
Wed May 31 15:52:55 UTC 2023 : Method request headers: {}
Wed May 31 15:52:55 UTC 2023 : Method request body before transformations:
Wed May 31 15:52:55 UTC 2023 : Endpoint request URI: https://lambda.eu-west-2.amazonaws.com/2015-03-31/functions/arn:aws:lambda:eu-west-2:xxxxxxxxxxxx:function:connect_api/invocations
Wed May 31 15:52:55 UTC 2023 : Endpoint request headers: {X-Amz-Date=20230531T155255Z, x-amzn-apigateway-api-id=xxxxxxxxxxxx, Accept=application/json, User-Agent=AmazonAPIGateway_xxxxxxxxxxxx, Host=lambda.eu-west-2.amazonaws.com, X-Amz-Content-Sha256=xxxxxxxxxxxx, X-Amzn-Trace-Id=Root=1-64776d57-xxxxxxxxxxxx, x-amzn-lambda-integration-tag=xxxxxxxxxxxx, Authorization=*********************************************************************************************************************************************************************************************************************************************************************************************************************************************ca4e12, X-Amz-Source-Arn=arn:aws:execute-api:eu-west-2:xxxxxxxxxxxx:xxxxxxxxxxxx/test-invoke-stage/GET/connect/{proxy+}, X-Amz-Security-Token=xxxxxxxxxxxx/xxxxxxxxxxxx [TRUNCATED]
Wed May 31 15:52:55 UTC 2023 : Endpoint request body after transformations: {"resource":"/connect/{proxy+}","path":"/connect/list_users","httpMethod":"GET","headers":null,"multiValueHeaders":null,"queryStringParameters":null,"multiValueQueryStringParameters":null,"pathParameters":{"proxy":"list_users"},"stageVariables":null,"requestContext":{"resourceId":"xxxxxxxxxxxx","resourcePath":"/connect/{proxy+}","httpMethod":"GET","extendedRequestId":"xxxxxxxxxxxx=","requestTime":"31/May/2023:15:52:55 +0000","path":"/connect/{proxy+}","accountId":"xxxxxxxxxxxx","protocol":"HTTP/1.1","stage":"test-invoke-stage","domainPrefix":"testPrefix","requestTimeEpoch":xxxxxxxxxxxx,"requestId":"xxxxxxxxxxxx","identity":{"cognitoIdentityPoolId":null,"cognitoIdentityId":null,"apiKey":"test-invoke-api-key","principalOrgId":null,"cognitoAuthenticationType":null,"userArn":"arn:aws:iam::xxxxxxxxxxxx:user/[email protected]","apiKeyId":"test-invoke-api-key-id","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, li [TRUNCATED]
Wed May 31 15:52:55 UTC 2023 : Sending request to https://lambda.eu-west-2.amazonaws.com/2015-03-31/functions/arn:aws:lambda:eu-west-2:xxxxxxxxxxxx:function:connect_api/invocations
Wed May 31 15:52:55 UTC 2023 : Execution failed due to configuration error: Invalid permissions on Lambda function
Wed May 31 15:52:55 UTC 2023 : Method completed with status: 500现在,这是附加到调用 DynamoDB 表的 Lambda 函数的 IAM 角色的策略:
{
"Statement": [
{
"Action": [
"connect:ListRoutingProfiles",
"connect:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:connect:eu-west-2:xxxxxxxxxxxx:instance/xxxxxxxxxxxx/contact-flow/*/*",
"arn:aws:connect:eu-west-2:xxxxxxxxxxxx:instance/xxxxxxxxxxxx/contact-flow/*",
"arn:aws:connect:eu-west-2:xxxxxxxxxxxx:instance/xxxxxxxxxxxx/*",
"arn:aws:connect:eu-west-2:xxxxxxxxxxxx:instance/xxxxxxxxxxxx"
],
"Sid": ""
},
{
"Effect": "Allow",
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:eu-west-2:xxxxxxxxxxxx:function:connect_api"
},
{
"Action": "dynamodb:Query",
"Effect": "Allow",
"Resource": [
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/contactlens/index/timestamp",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/contactlens"
],
"Sid": ""
},
{
"Action": [
"dynamodb:Scan",
"dynamodb:GetItem"
],
"Effect": "Allow",
"Resource": [
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/ctr",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/agent_status"
],
"Sid": ""
},
{
"Action": "dynamodb:UpdateItem",
"Effect": "Allow",
"Resource": "arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/agent_status",
"Sid": ""
},
{
"Action": [
"logs:PutLogEvents",
"logs:CreateLogStream",
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:*",
"Sid": ""
}
],
"Version": "2012-10-17"
}这是附加到 IAM 角色的策略,供 API 网关调用 Lambda 函数:
{
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:PutLogEvents",
"logs:GetLogEvents",
"logs:FilterLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:*"
]
},
{
"Action": [
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:GetItem",
"dynamodb:Scan"
],
"Effect": "Allow",
"Resource": [
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/customers",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/accounts",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/cards",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/sinistres",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/email",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/appointment_slots",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/agencies",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/intent_history",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/authorization_requests",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/ctr",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/agent_status",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/missed_calls"
]
},
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:eu-west-2:xxxxxxxxxxxx:function:treat_authorization_request"
]
}
],
"Version": "2012-10-17"
}为了清楚起见,这就是我测试此 API 的方式:
最后,如果我在 Lambda 控制台的测试环境中测试 Lambda 函数,它工作正常,所以我想这意味着问题不在于函数和 DynamoDB 表之间,而是如果我测试来自 API 的 API 调用网关 我收到上面的错误。
您知道可能是什么问题吗?
3个回答
1
投票
投票
您的 API Gateway 执行角色仅有权调用名为
treat_authorization_requestconnect_api如果您这样更新政策会发生什么?
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:eu-west-2:xxxxxxxxxxxx:function:*"
]
}
0
投票
投票
我解决了这个问题。 如果我转到 API Gateway 控制台 -> 我的 API 端点 -> /connect 方法 -> ANY -> 集成请求:
然后我只需单击 Lambda 函数(铅笔符号),就像我想修改所选函数一样,我尝试保存所选函数并保持相同的函数(connect_api),在保存之前会弹出一个新窗口:
然后单击“确定”,API 就可以正常工作了。
所以基本上看来是与 API 网关使用的 IAM 角色相关的策略存在问题。
现在的问题是,我应该如何更改策略以避免从API网关控制台向API网关添加权限?
此 AWS 文档帮助了我:AWS 内部服务器错误故障排除
0
投票
投票
如果其他人也遇到这个问题。确保在 lambda 中返回正确的 json 响应。对我来说,问题是我体内没有有效负载。
我变了
return {statusCode: 200, result: "Hello world"}到
return {statusCode: 200, body: "Hello world"}https://repost.aws/knowledge-center/malformed-502-api-gateway
最新问题
- 如何在vb.net中裁剪图像?
- Mudblazor 数据网格 - 带 templateColumn 的 filterTemplate?
- 如何在嵌入模式下显示日期范围选择器
- 如何修复 https://docs.google.com 请求失败返回代码 404
- 计算旋转,当父容器旋转时,div 位于“前面”
- IBM JVM (AIX) 的 Java UTF-8 文件名
- 美化电子邮件中的 SNS JSON
- 如何从另一个类中停止SwingWorker
- 如何在 JS 中将 emoji 转换为 unicode 转义
- 在java中计算年龄(年月日)
- Forge Viewer - 无法随机加载模型
- 合并日期窗口
- 如何将 TailwindCSS 与来自 DB 的动态内容结合使用?
- 如何保证Cypress请求执行的顺序
- Excel 计算两个日期列之间差异的公式
- 在Remix.run中调用action后,加载器和action之间的共享对象没有更新?
- plot_grid 图表未对齐
- 用于在 Internet Explorer 中启用 cookie 的 Powershell 脚本
- Flutter 自动填充辅助建议不起作用
- 在 NodeJS 中在 Windows 上使用什么代理与 openSSH
© www.soinside.com 2019 - 2024. All rights reserved.