SJCNet

SJCNet is the home of architect/developer/techie, Simon Coope.

AWS Weirdness - Execution failed due to configuration error: Invalid permissions on Lambda function

After attending the brilliant Serverless conference last week I've been working to move some of my existing AWS APIs to follow the serverless paradigm. As part of this I came across a very strange error that I thought I should write down somewhere!

So, here's what I was trying to achieve:

basic architecture

In short I'm making a call to the API endpoint in AWS API Gateway. Here I pass in the table name (needed for the sample Lambda function) and from there it connects to an AWS DynamoDB database to retrieve the results.

TLDR

When first creating a Lambda function and setting it's trigger to be an API Gateway API, you will probably encounter the following error in the logs when trying to test the API from API Gateway:

Sun Oct 30 17:21:39 UTC 2016 : Execution failed due to configuration error: Invalid permissions on Lambda function
Sun Oct 30 17:21:39 UTC 2016 : Method completed with status: 500

So we get an Internal Server Error because of a permissions issue on the Lambda function. Which is weird because we've just set-up all of the required permissions.

To fix this we simply go into the Integration Request information in the API Gateway Method Execution screen and edit and re-save the Lambda Function name (images included in step 6 of the overview section below).

Once we save the change we get a message entitled Add Permission to Lambda Function*, asking us to confirm the change.

And... hey presto! You will now be able to test the API from API Gateway.

Overview

Here are the steps to completely reproduce and resolve the problem.

1. Create the Lambda Function

Create a new function in Lambda and select the microservice-http-endpoint blueprint.

lambda bluepint

2. Configure Triggers

Here you can select the default entries for the trigger from API Gateway.

3. Configure Function

Now give the function a name, and the new role a name (further down the page). Then click Next and finally click Create Function on the confirmation page.

4. Create Sample Data

Now in DynamoDB create a table and add items. The data can be anything you want. I used ID: 1, Name: 'One', etc.

5. Test Function

Now we can test the function in Lambda, by clicking Test where we'll be prompted to input the test event data. For this enter the following:

{
  "httpMethod": "GET",
  "queryStringParameters": {
    "TableName": "[ENTER TABLE NAME HERE]"
  }
}

Then click Test and you should see the results in the Execution Result.

6. Test in API Gateway

Here is where we see the problem. When we go into API Gateway and select the API we've just created for the new Lambda function, we can see the Method Execution screen with includes Request/Response and Integration Request/Response information. From here we can also test the API by clicking the Test link. Then in the test window we select the GET method and enter the table name in the querystring (e.g. TableName="TestTable1"), then we click the Test button.

In the Logs response we see the following message:

Sun Oct 30 17:21:39 UTC 2016 : Execution failed due to configuration error: Invalid permissions on Lambda function
Sun Oct 30 17:21:39 UTC 2016 : Method completed with status: 500

So we get an Internal Server Error because of a permissions issue on the Lambda function. Which is weird because we've just set-up all of the required permissions!

7. Fix!

To fix this go back to the Method Execution screen and click on the Integration Request link. Then click to edit the Lambda Function Name. Then (without changing the name) click the tick to accept the name.

editlambdafunctionname

Next you'll be presented with a confirmation message to add permissions to the Lambda function.

AddPermissionConfirmation

After you confirm this change you'll be able to test the API in API Gateway.

I'm going to do some more investigation into if I've missed anything with this, or if it's a bug in AWS. So I'll update this post if/when I find out more.

Author image
About Simon Coope
Sydney, Australia Website
Experienced developer/consultant. Loves all things development, technology, gadgets, football and running.