Lambda invocation failed with status: 403 on new AWS region


I enabled a new AWS region (Africa, Cape Town)

I created a new lambda on the new region. I connected the mentioned lambda to my API-Gateway located in Frankfurt region and when trying to access it, there is a internal server error.

CloudWatch shows the following:

(ee2d73a9-e0ff-4ba2-a445-4348e86bcfc1) Lambda invocation failed with status: 403. Lambda request id: ed3b6fc8-0959-4f43-8c3c-32d6c811e9f2
(ee2d73a9-e0ff-4ba2-a445-4348e86bcfc1) Execution failed due to configuration error: The security token included in the request is invalid

However, when I create another API Gateway in Africa, I can only access African Lambdas, and I get the same error trying to access anything outside Africa. So basically, African region seems to be separated - it can't access other region lambdas from API gateway, and other regions can't access it's lambdas.

The following is true for any opt-in additional AWS region I enable.

Any solutions?

2개 답변


I believe that API GTW and Lambda must be in same region (but not necessarily in same account).

So, you can create a proxy Lambda that will get the input payload from Account A in Region 1 to call Lambda in region 2. You can go with a direct Lamdda invoke() from the proxy Lambda to call the real one.



profile pictureAWS
답변함 3달 전
profile picture
검토됨 3달 전

Hi, Check IAM Roles and Policies: Ensure that the IAM role attached to your Lambda function has the necessary permissions to be invoked by API Gateway. Specifically, make sure that the IAM role has permissions for the lambda:InvokeFunction action.

API Gateway Integration: Double-check the integration settings for your API Gateway. Make sure that the integration is correctly configured to invoke the Lambda function in the other region.

Cross-Region Invocation: Confirm that cross-region invocation is allowed in your AWS configuration. Sometimes, there might be restrictions or configurations that prevent Lambda functions in one region from being invoked by services in another region.

API Gateway Endpoint Configuration: Verify that your API Gateway endpoint is correctly configured to communicate with the Lambda function in the other region. Ensure that the endpoint URL is correctly set up and that there are no typos or mistakes in the configuration.

CloudWatch Logs: Continue monitoring CloudWatch logs for any additional error messages or insights. The error message you provided indicates a 403 status code, which typically indicates a permissions issue.

Test with Different Methods: Try invoking the Lambda function directly using the AWS CLI or SDK from the Frankfurt region to see if the issue is specific to API Gateway or if it's a broader problem with the Lambda function's configuration.

profile picture
답변함 3달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠