Comments for Test the APIs

Chapter Comments
316

The npx aws-api-gateway-cli-test works out just fine for the dev stage:

{
  status: 200,
  statusText: 'OK',
  data: [
    {
      ProductId: '456d7760-6119-11ea-ba0b-1f24cdb58353',
      UserId: 'eu-central-1:89e011d5-907a-4375-ba19-b7b9d4dca4e0',
      CreatedAt: 1583657175510
    }
  ]
}

but for the prod stage I get an empty data array:

{ status: 200, statusText: 'OK', data: [] }

This is my call to prod:

npx aws-api-gateway-cli-test \
--username='admin@example.com' \
--password='Passw0rd!' \
--user-pool-id='eu-central-1_c8D3g4hxv' \
--app-client-id='7bsormil1soo7e1mpgkrpk4c64' \
--cognito-region='eu-central-1' \
--identity-pool-id='eu-central-1:58e6270f-f45b-4fe0-a876-a6546350d6c5' \
--invoke-url='https://3sj48f1a8d.execute-api.eu-central-1.amazonaws.com/prod' \
--api-gateway-region='eu-central-1' \
--path-template='/products'

And this is my repo:

Appreciate any ideas on what could have happened :slight_smile:

EDIT:
Iā€™ve made some changes to the key schema that might have broken the implementation. Still, the discrepancy between the output between the prod and dev stages is a bit weird.

317

Appreciate you sharing this!

318

403: Forbidden - I read the entire thread and tried all of the solutions suggested, and still got this error.

On a hunch based on some JSON issues I saw someone in the thread have I changed this:

--body='{"content":"hello world"}'

to this

--body='{}'

Was able to successfully hit my API with a 200 OK.

I canā€™t seem to format JSON in a way that the aws-api-gateway-cli-test will accept.

319

Had same issue on windows. Fixed it by having body as
ā€“body ā€˜{ ā€œā€œcontentā€ā€: ā€œā€œhello worldā€ā€, ā€œā€œattachmentā€ā€:"ā€œhello.jpgā€" }ā€™

320

Over and over I was getting 403s when running the npx aws-api-gateway-cli-test

CognitoIdentityCredentials is not authorized to perform: execute-api:Invoke on resource

I had to go back to the Policy Document and create a new policy with less stringent InvokeFunction Resources for that cognito role like this ā€¦

From

    {
        "Effect": "Allow",
        "Action": ["execute-api:Invoke"],
        "Resource": ["arn:aws:execute-api:us-east-1:*:8zXXXXh5/*/*/*"]
    },

to

    {
        "Effect": "Allow",
        "Action": ["execute-api:Invoke"],
        "Resource": ["*"]
    }

Really not happy about having to do this ā€“ but after 2 hours, I had no choice. Anyone have similar issues?

321

I found these comments very helpful and it resolved my issues ā€¦

https://github.com/AnomalyInnovations/serverless-stack-com/issues/112#issuecomment-317204545

You can check if the IAM Role has been set properly by going to your AWS Console

IAM -> Roles -> Cognito_notesAuth_Role -> oneClick_Cognito_notesAuth_Role_XXXXXXXXX -> Edit Policy -> JSON:

Just had to re-copy/paste of the code from the tutorial with the properly set app values as guided in the tutorial and it worked for me.

2 Likes
322

Glad you figure it out. These are super annoying to deal with.

1 Like
323

This fixed it for me as well. Somehow my original policy edit did not get saved. Thanks for this tip.

1 Like
324

Hi, when I run the cli test command, I got this info ā€œIncorrect username or password.ā€ Anyone has same issue? I used the same mock userName and password those mentioned in chapter.

325

Struggled with a 500 error for quite a while. I used the reserved keyword: name. Finally found the error by looking at the cloudlogs. In the future, I will use the cloudlog a lot more. Itā€™s awesome!

1 Like
327

Can you double-check the Cognito IDs that you are passing in to the test command?

328

Getting below error related to --body
Please helpā€¦

image
image2058Ɨ639 189 KB

329

Resolve by changing command
strong text --body ā€œ{"content":"hello world","attachment":"hello.jpg"}ā€

1 Like
330

Iā€™ve been following the tutorial and am getting the following error:

    {
  status: 403,
  statusText: 'Forbidden',
  data: {
    message: 'User: arn:aws:sts::499676075121:assumed-role/Cognito_notesidentitypoolAuth_Role/CognitoIdentityCredentials is not authorized to perform: execute-api:Invoke on resource: arn:aws:execute-api:us-east-1:********5121:mn5osswo0a/prod/POST/notes'
  }
}

However, I am getting an ā€˜allowedā€™ permission when I test through the policy simulator.

Screen Shot 2020-05-31 at 2.46.00 PM
Screen Shot 2020-05-31 at 2.46.00 PM1247Ɨ289 36.7 KB

Has anybody ran across the same issues or have any suggestions for me?
Thanks!

EDIT:
I was able to solve my issue. I had removed by accident :*: in the JSON that is provided at this step.

1 Like
331

Glad you figure it out!

332

Just in case this helps anyone:

I had an issue where running the aws command (ex. aws cognito-idp sign-up...) was making the request hang (I could tell because i added the --debug option, which logs everything).

Solution: My VPN was blocking any requests to AWS. Turning off my VPN made it work.

1 Like
333

Iā€™m getting the 500 error and I donā€™t think itā€™s the indentation. Hereā€™s my repo, maybe Iā€™m missing something?

334

I had to add admin access to lambda role. I donā€™t understand why itā€™s not workingā€¦

335

Hi Iā€™ve found a solution to the syntax problem for Windows 10 Powershell (this solution doesnā€™t work on cmd for some reason)

npx aws-api-gateway-cli-test --username admin@example.com --password Passw0rd! --user-pool-id YOUR_COGNITO_USER_POOL_ID --app-client-id YOUR_COGNITO_APP_CLIENT_ID --cognito-region YOUR_COGNITO_REGION --identity-pool-id YOUR_IDENTITY_POOL_ID --invoke-url YOUR_API_GATEWAY_URL --api-gateway-region YOUR_API_GATEWAY_REGION --path-template /notes --method POST --body '{\"content\":\"helloworld\",\"attachment\":\"hello.jpg\"}'

-The starting and ending quotation marks of {\"content\":\"helloworld\",\"attachment\":\"hello.jpg\"} needs to be closed with a single quote (') instead of (")
-There can be NO space in the content so it needs to be removed or replaced with an underscore (_)

Hereā€™s the original from the guide for Windows for comparison:-

npx aws-api-gateway-cli-test --username admin@example.com --password Passw0rd! --user-pool-id YOUR_COGNITO_USER_POOL_ID --app-client-id YOUR_COGNITO_APP_CLIENT_ID --cognito-region YOUR_COGNITO_REGION --identity-pool-id YOUR_IDENTITY_POOL_ID --invoke-url YOUR_API_GATEWAY_URL --api-gateway-region YOUR_API_GATEWAY_REGION --path-template /notes --method POST --body "{\"content\":\"hello world\",\"attachment\":\"hello.jpg\"}"

P.S. why Microsoft, why?

2 Likes
336

Hey! Iā€™m getting this kind of error:
Authenticating with User Pool
Getting temporary credentials
Invalid identity pool configuration. Check assigned IAM roles for this pool.

If anyone has an insight, do let me know. I checked my IAM role and Iā€™m pretty sure my YAML is perfect; I saw the posts above. Iā€™m supposed to have my UnAuth and Auth role as the same thing, right?