AWS Websocket 403 Using PostToConnect

Using the V2 Golang SDK for AWS and trying to call PostToConnection from a Lambda I was consistently getting this 403 error result: I was trying to make the call from a different stack than the websocket connection was on so I thought that might be the problem. After much research the issue actually turned out to be simpler than that. There is nothing special about the stack that requires extra permission (unless the stages are in different regions, I haven’t done that yet but it looks like there is more work required if you are). The issue for me [Read on…]

Success With AWS Web Socket Endpoint Configuration

I had a lot of trouble getting the API Gateway socket management calls to work using the AWS SDK V2 version of the Golang SDK. The problem was that I was not invoking the right endpoint. So that I remember in the future how to do this and to help anyone having similar problems here’s the magic formula I finally learned. Endpoint Value First you need to know the endpoint to use to make calls against. You can either look it up in the AWS console or get it dynamically from the request. I chose to get it from the [Read on…]

Working AWS Websocket JWT Authorizer

I was trying to add JWT authentication to an AWS web socket endpoint and it wasn’t working. My problem was simple and it was even spelled out mentioned in passing somewhere in the AWS docs and it still took me a long time to figure it out. The answer is that only request style authenticators are supported, not token. The docs say that here in that it doesn’t mention a token authorizer and explicitly states that only request is supported here. This post also makes the same point. In Serverless the configuration for the authorizer looks like this: Then a [Read on…]

Custom Domains for AWS API Gateway Without Route 53

There’s some very good articles on using the Serverless Framework to setup custom domains for API Gateway endpoints. For my use case I wasn’t planning to use Route 53 for DNS hosting for the domain so they were missing a crucial step. This post documents that step. Configuration Follow the article linked above to setup the plugin and basic configuration. The configuration for the custom domain in theserverless.yml file is almost exactly as shown in the article with the exception of the createRoute53Record line which I changed to turn off the Route 53 DNS interaction. Setup Steps With that change [Read on…]

‘What’s My Name’ for Serverless Framework

It is frequently useful to know the name of a generated resource in the Serverless Framework when building for AWS. I had been struggling with this when I needed to refer to a generated resource in a separate CloudFormation section. After much searching I found a very useful trick that is probably already well documented but I’ll add my small bit of amplification here. Finding the Generated CloudFormation Serverless works by generating a CloudFormation template based on the serverless.yml file. This generated file is accessible in a hidden subdirectory of the directory that contains the serverless.yml file if you run [Read on…]

Character Encoding and Go on AWS

Ah character encoding, my old friend, I have not missed you. I was visited recently by a recurring demon from my past, character encoding. Sometimes it seems like every new environment is just waiting to spring some encoding problem on me. Since pretty much all modern environments use utf-8, these are at least getting rarer. This post describes how to ensure that responses from API Gateway endpoints from Go are properly interpreted by the receiver. Lambda Proxy Response The response from a Lambda proxy integration to API Gateway in Go is usually an APIGatewayResponse object. In my case I was [Read on…]

Lambda Go API Gateway Integration and Parameters

As part of a recent project, I was trying to get the parameters from a REST call on AWS API Gateway in a Go Lambda. I found the documentation to be a bit scattered and hard to find so I have documented what I learned. The answer is simple so hopefully this doc helps someone else who struggled with the docs. API Gateway to Lambda Integration There are two main ways of invoking a Lambda from an API Gateway endpoint. All of my code uses proxy integration. There’s a section here that describes the differences, and as far as I [Read on…]

AWS API Gateway & Access Tokens

AWS supports authenticating API calls using a token issued by Cognito authentication. This allows for good integration of identity into AWS APIs. Setting up the integration is relatively easy, create an authorizer of type COGNITO_USER_POOLS and attach it to the endpoint. Now provide the id token from a Cognito authorization response in a request through the Authorization header and the call will succeed. Without that header, or with an invalid value, the gateway will reject the call with a 403 error. That’s the simple path, unfortunately OAuth doesn’t have just one token and using the id token for this is [Read on…]