Link to chapter - https://serverless-stack.com/chapters/test-the-configured-apis.html
Hello, I’m getting a 403 error after running npx aws-api-gateway-cli-test. I went through the steps on troubleshooting, but still getting the same problem. Here is the command with the options and following error:
npx aws-api-gateway-cli-test \
--username='admin@example.com' \
--password='Password123!' \
--user-pool-id='us-west-2_CtNOyowR4' \
--app-client-id='7o2d13dnd76cr32bmalk5btdd' \
--cognito-region='us-west-2' \
--identity-pool-id='us-west-2:4bde746f-46e1-45f6-91b9-8ffdabf4f300' \
--invoke-url='https://s8xk7c9j6j.execute-api.us-west-2.amazonaws.com/prod' \
--api-gateway-region='us-west-2' \
--path-template='/notes' \
--method='POST' \
--body='{"content":"hello world","attachment":"hello.jpg"}'
npx: installed 103 in 13.668s
Authenticating with User Pool
Getting temporary credentials
Making API request
{ status: 403,
statusText: 'Forbidden',
data:
{ Message: 'User: arn:aws:sts::242648831828:assumed-role/Cognito_notesidentitypoolAuth_Role/CognitoIdentityCredentials is not authorized to perform: execute-api:Invoke on resource: arn:aws:execute-api:us-west-2:********1828:s8xk7c9j6j/prod/POST/notes' } }
Here is a screenshot showing that the role has been allowed:
Hmm I’m not sure if there was a typo in the simulator screenshot but the API Gateway ID CtNOyowR4 is not the same as the one you are making a request to using the aws-api-gateway-cli-test command.
What do you mean? I can’t find the inconsistency 
That’s the API you are invoking but in the screenshot for the policy simulator, it looks like the API Gateway ID is CtNOyowR4. You should test it against s8xk7c9j6j.
1 Like
Cool, thanks. Looked like that command worked with status 200!
1 Like
I have followed the steps in this chapter, but I am also running into an issue when running npx aws-api-gateway-cli-test. The output shows:
npx: installed 103 in 3.614s
Authenticating with User Pool
User does not exist.
When I navigate to the Cognito user pool in AWS, I do see my test user, but I do NOT see this test user in the Cognito identity pool. Should I?
This error specifically is pointing to you missing your User Pool user. Maybe the credentials you used were incorrect?
I get following error, please look into it:
npx: installed 103 in 12.345s
Authenticating with User Pool
Getting temporary credentials
Making API request
{ status: 500,
statusText: 'Internal Server Error',
data: { status: false } }
{
"errorMessage": "Unexpected token u in JSON at position 0",
"errorType": "SyntaxError",
"stackTrace": [
"JSON.parse (<anonymous>)",
"_callee$ (/var/task/webpack:/create.js:6:21)",
"tryCatch (/var/task/node_modules/regenerator-runtime/runtime.js:62:40)",
"Generator.invoke [as _invoke] (/var/task/node_modules/regenerator-runtime/runtime.js:296:22)",
"Generator.prototype.(anonymous function) [as next] (/var/task/node_modules/regenerator-runtime/runtime.js:114:21)",
"step (/var/task/node_modules/babel-runtime/helpers/asyncToGenerator.js:17:30)",
"/var/task/node_modules/babel-runtime/helpers/asyncToGenerator.js:35:14",
"new Promise (<anonymous>)",
"new F (/var/task/node_modules/core-js/library/modules/_export.js:36:28)",
"/var/task/node_modules/babel-runtime/helpers/asyncToGenerator.js:14:12"
]
}
Never mind its resolved!
Oh what was the issue?
Hi jayair,
I’m getting a 500 trying to test the API. Could you give me suggestions as to how to go about debugging the error? Thanks vm!
— below is my test run after creating a test user
bash-3.2$ npx aws-api-gateway-cli-test \
--username='admin@example.com' \
--password='Passw0rd!' \
--user-pool-id='us-east-2_ftYJN6YTE' \
--app-client-id='2etl65d6u2p5lsjrn1u9cmhkh1' \
--cognito-region='us-east-2' \
--identity-pool-id='us-east-2:9c7bbdf6-ebf7-4f68-8408-b17cec95e759' \
--invoke-url='https://cq6qo7q5n7.execute-api.us-east-2.amazonaws.com/dev' \
--api-gateway-region='us-east-2' \
--path-template='/notes' \
--method='POST' \
--body='{"content":"hello-dev0-world","attachment":"hello.jpg"}'
npx: installed 103 in 3.243s
Authenticating with User Pool
Getting temporary credentials
Making API request
{ status: 500,
statusText: 'Internal Server Error',
data: { status: false } }
bash-3.2$
– below is the end of the build log
Stack Outputs
AttachmentsBucketName: sls-api-dev-attachmentsbucket-1d6ippxpi7ewy
UserPoolClientId: 2etl65d6u2p5lsjrn1u9cmhkh1
UserPoolId: us-east-2_ftYJN6YTE
DeleteLambdaFunctionQualifiedArn: arn:aws:lambda:us-east-2:868242285281:function:sls-api-dev-delete:2
CreateLambdaFunctionQualifiedArn: arn:aws:lambda:us-east-2:868242285281:function:sls-api-dev-create:2
GetLambdaFunctionQualifiedArn: arn:aws:lambda:us-east-2:868242285281:function:sls-api-dev-get:2
UpdateLambdaFunctionQualifiedArn: arn:aws:lambda:us-east-2:868242285281:function:sls-api-dev-update:2
IdentityPoolId: us-east-2:9c7bbdf6-ebf7-4f68-8408-b17cec95e759
BillingLambdaFunctionQualifiedArn: arn:aws:lambda:us-east-2:868242285281:function:sls-api-dev-billing:1
ListLambdaFunctionQualifiedArn: arn:aws:lambda:us-east-2:868242285281:function:sls-api-dev-list:2
ServiceEndpoint: https://cq6qo7q5n7.execute-api.us-east-2.amazonaws.com/dev
ServerlessDeploymentBucketName: sls-api-dev-serverlessdeploymentbucket-1fvqmcj3wd4ef
====================
🗑 Cleanup
====================
2018/07/12 21:32:48 Post deploy cleanup
✅ Build v1 successfully deployed!
For 500 errors, it is most likely coming from your Lambda functions. You can add a console.log and check the logs in Seed to debug the issue. We cover how to check the logs in this chapter:
Thanks Jay!
The lambda function never gets a chance to be executed no matter how many console.log lines I add to the code. It 500s before getting to the code as far as I can tell.
I think the cause is the hard-coded “us-east-1” in the libs/ sub dir:
All my stuff lives in Ohio, us-east-2.
I suspect anyone whose region is different from what’s in that libs file will run into the same problem I have.
1 Like
Ah yeah. That is on our todo to remove that line. You shouldn’t need that since we are setting the region through the serverless.yml.
Hi
I am getting a Forbidden error and can’t seem to trace its origin.
npx: installed 105 in 14.884s
Authenticating with User Pool
Getting temporary credentials
Making API request
{ status: 403,
statusText: 'Forbidden',
data:
{ message: 'Credential should be scoped to a valid region, not \'us-east-1\'. ' } }
I am using ‘eu-west-1’ and have changed it within the code.
I’m not sure if this is related but we used to have the us-east-1 hardcoded in the dynamodb-lib.js. We updated the tutorial recently but you might still have that in there.
We were talking about it above:
I’m having the same problem after I implemented the new deployment methods for the deployment automation.
I’ve changed the lib back when it all worked but it keeps getting me the same error.
Any help? Is there something I can edit?
What’s the error you are having again?