Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing 'credentials' when the integration type is Lambda function #3

Open
AlexOugh opened this issue Dec 11, 2015 · 7 comments
Open

Missing 'credentials' when the integration type is Lambda function #3

AlexOugh opened this issue Dec 11, 2015 · 7 comments

Comments

@AlexOugh
Copy link

Is this expected or is there anything I should add when running the command?
@isabinin
Copy link
Owner

Could you please provide more information what kind of credentials are missing?
Do you mean that "Invoke with caller credentials" flag is not exported into swagger file?

@AlexOugh
Copy link
Author

In "x-amazon-apigateway-integration" section, I got type / httpMethod / uri, but 'credentials' is not present, which is to set the role that makes the API call the target Lambda function.

@isabinin
Copy link
Owner

Interesting, how did you create your API? Did you use API Gateway Importer or created it manually?
I tested it on different APIs that were created using API Gateway Importer and 'credentials' were exported.

@AlexOugh
Copy link
Author

I created the API manually using the AWS API Gateway console.

@isabinin
Copy link
Owner

How do you specify the role when you select lambda integration type for your API resource/method?
When I tried to select lambda integration type using the AWS API Gateway console it didn't ask me to enter an execution role. When I exported the API -- 'credentials' were missing.

@AlexOugh
Copy link
Author

Yes, it does NOT ask the role and it seems like adding a necessary role internally. I tried to find the role in IAM console, but couldn't. Not sure how they manage it.

@isabinin
Copy link
Owner

After some research I found this
http://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started.html

Because the API Gateway console specifies for you the required invocation role/policy for the Lambda functions integrated with your API, you can skip the steps (below) to create the Lambda invocation role and its policy. However, if you set up the API without using the API Gateway console, such as when importing an API from Swagger, you must explicitly create, if necessary, and assign an invocation role/policy for the API Gateway to invoke the Lambda functions.

And I have the same observation: when I use API Gateway console for lambda integration it doesn't create or update anything in IAM. So looks like authorization is done internally.

To handle this case I can add a command line argument "default execution role". If no credentials were explicitly set for integration then it will use the default value while exporting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AlexOugh @isabinin