API 网关调用 Lambda {proxy+} 函数 - 内部服务器错误
问题描述 投票:0回答:3
我有一个具有以下 API 端点的 API 网关:
当我尝试测试它时,出现以下错误:
Request: /connect/list_users
Status: 500
Latency: 29 ms
Response Body
{"message": "Internal server error"}
Response Headers
{"x-amzn-ErrorType":["InternalServerErrorException"]}
Logs
Execution log for request 3ff47544-2f03-4e52-a52c-ce76e397aee7
Wed May 31 15:52:55 UTC 2023 : Starting execution for request: 3ff47544-2f03-4e52-a52c-ce76e397aee7
Wed May 31 15:52:55 UTC 2023 : HTTP Method: GET, Resource Path: /connect/list_users
Wed May 31 15:52:55 UTC 2023 : Method request path: {proxy=list_users}
Wed May 31 15:52:55 UTC 2023 : Method request query string: {}
Wed May 31 15:52:55 UTC 2023 : Method request headers: {}
Wed May 31 15:52:55 UTC 2023 : Method request body before transformations:
Wed May 31 15:52:55 UTC 2023 : Endpoint request URI: https://lambda.eu-west-2.amazonaws.com/2015-03-31/functions/arn:aws:lambda:eu-west-2:xxxxxxxxxxxx:function:connect_api/invocations
Wed May 31 15:52:55 UTC 2023 : Endpoint request headers: {X-Amz-Date=20230531T155255Z, x-amzn-apigateway-api-id=xxxxxxxxxxxx, Accept=application/json, User-Agent=AmazonAPIGateway_xxxxxxxxxxxx, Host=lambda.eu-west-2.amazonaws.com, X-Amz-Content-Sha256=xxxxxxxxxxxx, X-Amzn-Trace-Id=Root=1-64776d57-xxxxxxxxxxxx, x-amzn-lambda-integration-tag=xxxxxxxxxxxx, Authorization=*********************************************************************************************************************************************************************************************************************************************************************************************************************************************ca4e12, X-Amz-Source-Arn=arn:aws:execute-api:eu-west-2:xxxxxxxxxxxx:xxxxxxxxxxxx/test-invoke-stage/GET/connect/{proxy+}, X-Amz-Security-Token=xxxxxxxxxxxx/xxxxxxxxxxxx [TRUNCATED]
Wed May 31 15:52:55 UTC 2023 : Endpoint request body after transformations: {"resource":"/connect/{proxy+}","path":"/connect/list_users","httpMethod":"GET","headers":null,"multiValueHeaders":null,"queryStringParameters":null,"multiValueQueryStringParameters":null,"pathParameters":{"proxy":"list_users"},"stageVariables":null,"requestContext":{"resourceId":"xxxxxxxxxxxx","resourcePath":"/connect/{proxy+}","httpMethod":"GET","extendedRequestId":"xxxxxxxxxxxx=","requestTime":"31/May/2023:15:52:55 +0000","path":"/connect/{proxy+}","accountId":"xxxxxxxxxxxx","protocol":"HTTP/1.1","stage":"test-invoke-stage","domainPrefix":"testPrefix","requestTimeEpoch":xxxxxxxxxxxx,"requestId":"xxxxxxxxxxxx","identity":{"cognitoIdentityPoolId":null,"cognitoIdentityId":null,"apiKey":"test-invoke-api-key","principalOrgId":null,"cognitoAuthenticationType":null,"userArn":"arn:aws:iam::xxxxxxxxxxxx:user/[email protected]","apiKeyId":"test-invoke-api-key-id","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, li [TRUNCATED]
Wed May 31 15:52:55 UTC 2023 : Sending request to https://lambda.eu-west-2.amazonaws.com/2015-03-31/functions/arn:aws:lambda:eu-west-2:xxxxxxxxxxxx:function:connect_api/invocations
Wed May 31 15:52:55 UTC 2023 : Execution failed due to configuration error: Invalid permissions on Lambda function
Wed May 31 15:52:55 UTC 2023 : Method completed with status: 500现在,这是附加到调用 DynamoDB 表的 Lambda 函数的 IAM 角色的策略:
{
"Statement": [
{
"Action": [
"connect:ListRoutingProfiles",
"connect:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:connect:eu-west-2:xxxxxxxxxxxx:instance/xxxxxxxxxxxx/contact-flow/*/*",
"arn:aws:connect:eu-west-2:xxxxxxxxxxxx:instance/xxxxxxxxxxxx/contact-flow/*",
"arn:aws:connect:eu-west-2:xxxxxxxxxxxx:instance/xxxxxxxxxxxx/*",
"arn:aws:connect:eu-west-2:xxxxxxxxxxxx:instance/xxxxxxxxxxxx"
],
"Sid": ""
},
{
"Effect": "Allow",
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:eu-west-2:xxxxxxxxxxxx:function:connect_api"
},
{
"Action": "dynamodb:Query",
"Effect": "Allow",
"Resource": [
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/contactlens/index/timestamp",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/contactlens"
],
"Sid": ""
},
{
"Action": [
"dynamodb:Scan",
"dynamodb:GetItem"
],
"Effect": "Allow",
"Resource": [
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/ctr",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/agent_status"
],
"Sid": ""
},
{
"Action": "dynamodb:UpdateItem",
"Effect": "Allow",
"Resource": "arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/agent_status",
"Sid": ""
},
{
"Action": [
"logs:PutLogEvents",
"logs:CreateLogStream",
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:*",
"Sid": ""
}
],
"Version": "2012-10-17"
}这是附加到 IAM 角色的策略,供 API 网关调用 Lambda 函数:
{
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:PutLogEvents",
"logs:GetLogEvents",
"logs:FilterLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:*"
]
},
{
"Action": [
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:GetItem",
"dynamodb:Scan"
],
"Effect": "Allow",
"Resource": [
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/customers",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/accounts",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/cards",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/sinistres",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/email",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/appointment_slots",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/agencies",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/intent_history",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/authorization_requests",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/ctr",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/agent_status",
"arn:aws:dynamodb:eu-west-2:xxxxxxxxxxxx:table/missed_calls"
]
},
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:eu-west-2:xxxxxxxxxxxx:function:treat_authorization_request"
]
}
],
"Version": "2012-10-17"
}为了清楚起见,这就是我测试此 API 的方式:
最后,如果我在 Lambda 控制台的测试环境中测试 Lambda 函数,它工作正常,所以我想这意味着问题不在于函数和 DynamoDB 表之间,而是如果我测试来自 API 的 API 调用网关 我收到上面的错误。
您知道可能是什么问题吗?
3个回答
1
投票
投票
您的 API Gateway 执行角色仅有权调用名为
treat_authorization_requestconnect_api如果您这样更新政策会发生什么?
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:eu-west-2:xxxxxxxxxxxx:function:*"
]
}
0
投票
投票
我解决了这个问题。 如果我转到 API Gateway 控制台 -> 我的 API 端点 -> /connect 方法 -> ANY -> 集成请求:
然后我只需单击 Lambda 函数(铅笔符号),就像我想修改所选函数一样,我尝试保存所选函数并保持相同的函数(connect_api),在保存之前会弹出一个新窗口:
然后单击“确定”,API 就可以正常工作了。
所以基本上看来是与 API 网关使用的 IAM 角色相关的策略存在问题。
现在的问题是,我应该如何更改策略以避免从API网关控制台向API网关添加权限?
此 AWS 文档帮助了我:AWS 内部服务器错误故障排除
0
投票
投票
如果其他人也遇到这个问题。确保在 lambda 中返回正确的 json 响应。对我来说,问题是我体内没有有效负载。
我变了
return {statusCode: 200, result: "Hello world"}到
return {statusCode: 200, body: "Hello world"}https://repost.aws/knowledge-center/malformed-502-api-gateway
最新问题
- react-jsonschema-form 的多列支持
- 将图表装入父容器
- <13
- HTMLService中可以使用localStorage吗?
- Polars-python:检查另一个列表中列表列元素是否存在的最佳方法
- 当应用程序在flutter应用程序中终止时显示来电通知
- PHP 中的多维 Oracle 数据库数组问题
- IllegalArgumentException:不是托管类型:Spring GraalVM 原生编译中的实体
- Google Meet REST API 资源空间权限被拒绝(或者可能不存在)错误
- 头盔拒绝本地主机,即使它包含在 Script-Src 中?
- iOS 共享扩展可以在 Mac 上的“Designed for iPad”应用程序上运行吗?
- 使用 pandas 在 Python 中读取数据
- 使用 Python 中的 RAKE 库从文本中仅提取技术关键字
- 创建类型和属性值的字典?
- 我正在尝试在 .NetForms 中创建一个应用程序,在其中从文件中读取数据,然后使用该数据截断图表
- 即使未明确指定,AWS CDK Stack 也会以静默方式部署
- 从Android连接到grpc-web
- 安装了修补程序KB2731284或更高版本的更新,无需将数据文件清零?
- 如何通过 LlamaIndex 向 FastAPI 端点发送流响应?
- Flutter Web - ReorderableListView 中拖动时的填充更改
© www.soinside.com 2019 - 2024. All rights reserved.