'AWS User is not authorized to access this resource
I'm new to AWS API Gateway and Lambda and I am wondering if anyone could help?
I generate an access token using Auth0 and it works on postman returning all of the correct JSON data for the first lambda function call
When I call the second lambda function on postman it says that the user is not Authorised for this resource:
"Message": "User is not authorized to access this resource"
and
403 Forbidden
This only lasts for exactly 5 mins and then I can call the second function on Postman but cannot call the first anymore with the same error.
Any ideas as to how I can solve this
Thanks!
Solution 1:[1]
was also running into this issue. Turns out my authorizer had caching enabled which meant it would reuse the same policy previously generated. The TTL of the cache defaults to 5 minutes.
On the dashboard, you can access the authorizers and disable the caching to stop this from happening or change the policy being generated to allow for all resources.
Hope this helped!
Solution 2:[2]
Most probably caching related on the API, for anyone looking for a solution to this in AWS SAM / Cloudformation, include ReauthorizeEvery: 0 as below:
myAPI:
Type: AWS::Serverless::Api
Properties:
Description: Some API description
Name: someAPIName
EndpointConfiguration:
Type: REGIONAL
StageName: !Ref EnvType # dev or prod
Auth:
DefaultAuthorizer: AWS_IAM
Authorizers:
AuthFunction:
FunctionPayloadType: REQUEST
FunctionArn: !GetAtt AuthFunction.Arn # your auth lambda
Identity:
Headers: # amend as you require
- username
- password
ReauthorizeEvery: 0
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | Diogo Cruz |
Solution 2 | Leigh Mathieson |