'AWS AppSync Lambda authoriser always results in "Error: Request failed with status code 401"

I am currently playing around a bit with AWS AppSync and I am trying to use the Lambda authoriser feature to do some custom auth for the GraphQL API.

I have the Lambda function set up with the correct resource-based policy to allow AppSync to invoke the function and I have AppSync's Default authorization mode set to invoke my Lambda.

This is my lambda code:

exports.handler = (event) => {
  console.log(JSON.stringify(event));
  const response = {
    isAuthorized: true,
  };
  console.log(JSON.stringify(response));
  return response;
};

Now I am facing the issue that the Lambda authoriser is always giving me the following error when I attempt to run a GraphQL quarry:

Error: Request failed with status code 401

After debugging this problem for two hours I can say the following things:

  • The GraphQL endpoint is working fine, because if I set the Default authorization mode to API key or Amazon cognito user pool without changing anything else my Query executes successfully.
  • The lambda function is definitely being invoked whenever I make a request to the API and the lambda also receives the correct event from AppSync.
  • The Lambda returns {"isAuthorized":true} which means no Authorization Token would result in a 401.

So as far as I can tell everything is as it should but I am still getting the 401 no matter what I do and im getting pretty frustrated.

aws-lambdagraphqlaws-appsync


Solution 1:[1]

After some very frustrating debugging I finally figured out that the problem was the Lambda handler function. As it turns out a Node.js lambda handlers should be async.

So changing the lambda to the following code fixes the issue:

exports.handler = async (event) => {
    console.log(JSON.stringify(event));
    const response = {
        isAuthorized: true,
    };
    console.log(JSON.stringify(response));
    return response;
};

I didn't know this, since until no I only used Python for Lambdas, and the problem was hard to spot since the console.log's where still running correctly so I though the function was returning the correct data where as in fact it was returning null.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Mercury

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function