Swift 4, iOS 13, Xcode 11. Using Amplify, GraphQL, Cognito
I want to trigger an AWS lambda function called onCall
. It has been written and is just a simple blank function. On the client side I am following [1] and have:
let lambdaInvoker = AWSLambdaInvoker.default()
let jsonObject: [String: Any] = [
"key1" : "value1",
"key2" : 2 ,
"key3" : [1, 2],
"isError" : false
lambdaInvoker.invokeFunction("onCall", jsonObject: jsonObject)
.continueWith(block: {(task:AWSTask<AnyObject>) -> Any? in
if( task.error != nil) {
print("Error: \(task.error!)")
return nil
print(">> lambda \(task)")
// Handle response in task.result
return nil
But I get a permission denied error:
Error: Error Domain=com.amazonaws.AWSLambdaErrorDomain Code=0 "AccessDeniedException" UserInfo={StatusCode=403, responseStatusCode=403, responseHeaders={type = immutable dict, count = 5, entries => 2 : x-amzn-requestid = {contents = "83047425-06c6-4193-b5c6-ac8461d84aa0"} 3 : Content-Length = 243 4 : Content-Type = {contents = "application/json"} 5 : x-amzn-errortype = {contents = "AccessDeniedException"} 6 : Date = {contents = "Thu, 07 May 2020 02:18:00 GMT"} } , Message=User: arn:aws:sts::870560247484:assumed-role/amplify-alpha-alphaenv-123654-authRole/CognitoIdentityCredentials is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-east-1:870560247484:function:onCall, responseDataSize=243, NSLocalizedFailureReason=AccessDeniedException}
I have this line in my awsconfiguration.json file
"LambdaInvoker" : {
"Default" : {
"Region": "us-east-1"
Now in the docs it says I should use Amplify API, but I cannot find any amplify API for triggering lambda, and the doc is very sparse beyond basic use cases.
Making the lambdaInvoker
work as is, regardless of the statement about Amplify
Point me or provide code example for calling lamdas in Amplify API
[1] https://docs.aws.amazon.com/aws-mobile/latest/developerguide/how-to-ios-lambda.html
First of all please check if you created the lambda with proper Policy:
f. Under Lambda function handler and role, select Create new role from template(s). Type a Role name. Select the Policy template named Simple Microservice permissions.