I’m working with AWS API Gateway using a Lambda function as a custom authorizer. Most of the time everything works fine and I see proper 401 responses when tokens are missing or invalid.
But I keep getting some weird 503 errors that I can’t figure out. When I check the API Gateway logs, I see something like this:
(api-req-12345) Authorizer started: auth-function-id for request: req-uuid-67890
(api-req-12345) Identity received: ***********************
(api-req-12345) Request URI: https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-east-1:account:function:my-auth-func:prod/invocations
(api-req-12345) Request headers: [TRUNCATED]
(api-req-12345) Request body: {"type":"TOKEN","methodArn":"arn:aws:execute-api:us-east-1:account:gateway/prod/POST/api_endpoint","authorizationToken":"valid-bearer-token"}
(api-req-12345) Sending to Lambda endpoint
(api-req-12345) Lambda call failed with status: 503. Lambda req id: lambda-req-98765
(api-req-12345) Configuration error: Authorizer failed
The strange thing is when I look for lambda-req-98765 in my Lambda function logs, there’s absolutely nothing. Not even a START event.
What could be causing this? Any ideas on how to troubleshoot these random failures?
I’ve encountered this exact issue before and it turned out to be a regional Lambda service disruption that wasn’t widely publicized. The fact that you’re not seeing any START events in your Lambda logs is the key indicator here - this means the Lambda service itself is failing to initialize your function, not that your code is throwing errors. I’d recommend checking the AWS Service Health Dashboard for your region during the times these 503s occur. Also worth setting up a CloudWatch alarm on your authorizer’s error rate so you can correlate these incidents with AWS service status. In my case, the issue resolved itself after AWS fixed their underlying infrastructure problems, but having monitoring in place helped me prove it wasn’t our code causing the failures.
This looks like Lambda service throttling at the account level rather than your function specifically. When API Gateway receives a 503 from Lambda without any corresponding logs, it usually indicates the Lambda service rejected the invocation before it reached your function. Check your account-level concurrent execution limits in the Lambda console - if you have other functions consuming your account’s total concurrency quota, new invocations get throttled. I had similar issues when batch jobs were eating up all available concurrency slots. You can either increase your account limits through AWS support or set reserved concurrency for your authorizer function to guarantee it always has execution capacity available. The intermittent nature suggests you’re hitting peak usage periods where total account concurrency gets maxed out.
yeah, could be cold starts. also, check if you’re hitting the concurrency limit. look at your lambda’s reserved concurrency and cloudwatch logs for any throttling issues. don’t forget to check the timeout settings too, authorizers can be sensitive about that!