For a Kinesis stream, I created a proxy API using AWS API Gateway. I added a custom authorizer using python Lambda for the proxy.
After publish of lambda function and deploy of API, I was able to successfully test the API using Gateway Test functionality. I could see the logs in cloudwatch which had detailed prints from custom auth lambda function. After successful authentication, API Gateway pushed the record to my Kinesis stream
However when I call the same API from Chrome Postman client, I get 500 Internal Server Error and response headers includes X-Cache → Error from cloudfront, x-amzn-ErrorType → AuthorizerConfigurationException
Lambda auth function returns the policy which allows execute request for my API. Policy Document returned is:
{
"policyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "execute-api:Invoke",
"Resource": [
"arn:aws:execute-api:us-east-1:1234567:myapiId/staging/POST/*"
],
"Effect": "Allow"
}
]
},
"principalId": "Foo"
}
Why does the request fail from Chrome or curl but the same API test works fine from API Gateway?
Figured out what was causing the issue. From python lambda function, I was returning a json string instance. Instead it should be json object. Its strange that the same lambda function did not error when I tested the API from API Gateway "test" feature. But when the API was called from internet (curl or chrome) it failed.
#return policy_string ... this is incorrect.
return json.loads(policy_string)