-
Notifications
You must be signed in to change notification settings - Fork 0
Troubleshooting
Open the src/sam/.bundle/config file and comment out the BUNDLE_DEPLOYMENT: "true" line and then run cd src/sam && bundle install. Once Bundler has finished, reopen the file and uncomment that line. You should then be able to build the application again.
In the AWS console, navigate to the API Gateway page and then the 'Authorizers' section. Then verify that the Cognito Authorizer is pointed at the correct Cognito UserPool.
You can see which UserPool generated the access_token by pasting the token here to inspect it's contents: https://jwt.io
If it is not, select the correct UserPool and then redeploy the API. This can happen after a SAM deploy because the src/sam/sam_build_deploy.sh uses the aws resource-groups search-resources CLI command which can return stale or deleted resources. If it grabs the wrong UserPool ARN, the SAM/CloudFormation build will not error!
If that does not seem to be the issue, please refer to: https://aws.amazon.com/premiumsupport/knowledge-center/api-gateway-cognito-401-unauthorized/
A 403 is often a misleading response from API Gateway. It is the default for scenarios where the Gateway does not know how to respond to a request. For example if you had a typo in the path (e.g. /dmp/10.12345/ABC123 instead of /dmps/10.12345/ABC123) the gateway will return a 403.
If the path looks correct, see this AWS article for more debugging options
CloudFront automatically caches resources in S3 for 24 hours. If you updated them and need to force CloudFront to clear its cache you can run aws cloudfront create-invalidation --distribution-id $CLOUDFRONT_DISTRO_ID --paths "/*" --region $AWS_REGION.
Note that the Cloudfront distribution can be found in the console and is not the same as the Name or the ARN.