Lambda invocation failed with status: 403 on new AWS region


I enabled a new AWS region (Africa, Cape Town)

I created a new lambda on the new region. I connected the mentioned lambda to my API-Gateway located in Frankfurt region and when trying to access it, there is a internal server error.

CloudWatch shows the following:

(ee2d73a9-e0ff-4ba2-a445-4348e86bcfc1) Lambda invocation failed with status: 403. Lambda request id: ed3b6fc8-0959-4f43-8c3c-32d6c811e9f2
(ee2d73a9-e0ff-4ba2-a445-4348e86bcfc1) Execution failed due to configuration error: The security token included in the request is invalid

However, when I create another API Gateway in Africa, I can only access African Lambdas, and I get the same error trying to access anything outside Africa. So basically, African region seems to be separated - it can't access other region lambdas from API gateway, and other regions can't access it's lambdas.

The following is true for any opt-in additional AWS region I enable.

Any solutions?

2 Respostas


I believe that API GTW and Lambda must be in same region (but not necessarily in same account).

So, you can create a proxy Lambda that will get the input payload from Account A in Region 1 to call Lambda in region 2. You can go with a direct Lamdda invoke() from the proxy Lambda to call the real one.



profile pictureAWS
respondido há 3 meses
profile picture
avaliado há 3 meses

Hi, Check IAM Roles and Policies: Ensure that the IAM role attached to your Lambda function has the necessary permissions to be invoked by API Gateway. Specifically, make sure that the IAM role has permissions for the lambda:InvokeFunction action.

API Gateway Integration: Double-check the integration settings for your API Gateway. Make sure that the integration is correctly configured to invoke the Lambda function in the other region.

Cross-Region Invocation: Confirm that cross-region invocation is allowed in your AWS configuration. Sometimes, there might be restrictions or configurations that prevent Lambda functions in one region from being invoked by services in another region.

API Gateway Endpoint Configuration: Verify that your API Gateway endpoint is correctly configured to communicate with the Lambda function in the other region. Ensure that the endpoint URL is correctly set up and that there are no typos or mistakes in the configuration.

CloudWatch Logs: Continue monitoring CloudWatch logs for any additional error messages or insights. The error message you provided indicates a 403 status code, which typically indicates a permissions issue.

Test with Different Methods: Try invoking the Lambda function directly using the AWS CLI or SDK from the Frankfurt region to see if the issue is specific to API Gateway or if it's a broader problem with the Lambda function's configuration.

profile picture
respondido há 3 meses

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas