Hey everyone, I’m stuck with a problem when trying to use AWS API Gateway to call a Lambda Function. I’ve got it working when I set the Authentication type to NONE, but that makes the API public. Anyone could use it if they have the URL.
I want to make it more secure, so I switched to AWS_IAM for Authentication. I even added the AmazonAPIGatewayInvokeFullAccess policy to my user. But now I’m getting this error:
{
message: "Authentication Token Missing"
}
I’m scratching my head here. What am I doing wrong? Is there something else I need to set up or configure? Any help would be really appreciated!
When using AWS_IAM authentication, you need to sign your requests with valid AWS credentials. This isn’t automatic - you have to implement it in your code. The AWS SDK can handle this for you if configured correctly with your access key and secret.
Make sure you’re not just sending a simple HTTP request. You need to use the SDK or a tool like Postman that can generate the proper signature. Also, verify that you’ve redeployed your API after changing the auth type.
If you’re still struggling, consider using API keys as an intermediate step. They’re easier to implement while still providing some security. Just remember to keep your keys safe and rotate them regularly.
yo benmoore, i feel ya. been there done that. aws_iam auth is tricky. you gotta sign ur requests with aws creds. the sdk does it for ya if u set it up right. or try postman, it can help too. if ur just testin, maybe go with api keys instead? easier to deal with. good luck man!
I’ve been in your shoes before, and it can be frustrating. The key here is that AWS_IAM authentication requires you to sign your requests with AWS credentials. Just having the policy attached to your user isn’t enough. You need to use the AWS SDK or a tool like Postman to generate the proper signature for your API calls. The SDK handles this automatically if you configure it with your access key and secret.
If you’re testing from a browser or simple HTTP client, you won’t be able to authenticate this way. Consider using API keys or Cognito User Pools for simpler authentication methods that still provide security.
Also, double-check your API Gateway settings. Make sure you’ve deployed your API after changing the auth type. Sometimes that trips people up.
Hope this helps point you in the right direction. Let me know if you need more specifics on implementation.