4

You defined your Lambda function as a stage variable; you must manually give permissions to all the functions you will use. You can do this by running the below AWS CLI command for each function, replacing the stage variable in the function-name parameter with the necessary function name.

aws lambda add-permission --function-name arn:aws:lambda:eu-west-1:12345:function:test${stageVariables.functionAlias} --source-arn arn:aws:execute-api:eu-west-1:12345:dsad667asd/*/GET/test/test --principal apigateway.amazonaws.com --statement-id d5a14508-22bb-4413-87c9-d9715e36435d --action lambda:InvokeFunction

Getting this message and suggestion to run this command , unfortunately it does not work here throwing 

zsh: bad substitution

with or without zsh, what I am looking is a way to do this manualy (using aws interface)

thanks!

Improve this question
1
  • There are limitations in the AWS Console that mean that some particular combinations of permission are not possible to assign through the Console, and require a CLI command to implement. Lorenzo's answer gives the reason your CLI command didn't work. There is an alternative which is to provide an ARN of an IAM role to the API Gateway in the integration to provide invokeLambda permission. You can set up your IAM role permissions how you wish in the Console I believe. Commented Aug 21, 2023 at 9:26

5 Answers 5

Reset to default
3

Did you leave the "${stageVariables.functionAlias}" in your command? The --function-name parameter of this command needs to a valid fully-qualified or partial lambda function ARN following the pattern of:

(arn:aws:lambda:[region]:[account-id]:function:)[function-name](:[function-alias])

Where region, account-id, function-name and function-alias are substituted as appropriate.

If your function is in the same account and region as the user issuing the command, and you simply want to refer to the $LATEST function version, specifying just the function name would be perfectly valid and save a few keystrokes:

aws lambda add-permission --function-name test --source-arn arn:aws:execute-api:eu-west-1:12345:dsad667asd/*/GET/test/test --principal apigateway.amazonaws.com --statement-id d5a14508-22bb-4413-87c9-d9715e36435d --action lambda:InvokeFunction

See this document on usage of the aws lambda add-permission CLI command: http://docs.aws.amazon.com/cli/latest/reference/lambda/add-permission.html

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You need to replace ${stageVariables.functionAlias} to your own lambda function name from the command.

Also, make sure AWS environment variables setup correct in your bash.

It works for me.

Improve this answer

1 Comment

As described much more clearly and sufficiently by Lorenzo's answer, 6 months earlier. This answer is basically just spam.
1

What I did to figure this out, is I created the versions I needed, created aliases to each version. In my case I had Production pointing to Version 1, and Development pointing to $LATEST.

On the AWS CLI I changed the ${stageVariables.functionAlias} to the name of the alias, and performed that command for each alias.

I also referenced Using API Gateway Stage Variables. You can also look at the logs in CloudWatch for your endpoint and see which version/alias was called.

Hope this helps.

Improve this answer

1 Comment

As described more clearly by Lorenzo's answer, 18 months earlier. This answer just adds to the noise.
0

When a new function or new function alias is created, a permission must be added to enable the access to the API gateway. The way I do this is during the integration request, I enter the lambda function stage variable like:

${stageVariables.myFunctionName}

I run the command (shown by the console) on the CLI and replace the above variable with this format:

myFunctionName:myAliasName

Notice that if an alias was created, add the alias name after the function name separated by a single ":" colon

Note: You can get the function and alias name from the Lammda>functions > Qualifiers options.

I hope this helps.

Improve this answer

1 Comment

Another confusing answer that struggles to replicate Lorenzo's answer, from years earlier.
0

As of September 2022, I just followed the steps from this post and I can access the env variables through event.stageVariables in the lambda function. No need for any aws-cli manual configuration

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.