I defined my Lambda integration in API Gateway using a stage variable. Why do I get an "Internal server error" and a 500 status code when I invoke the API method?

This error occurs if your Lambda function's resource-based policy doesn't include permission for your API to invoke the function.

When you build an API Gateway API with standard Lambda integration using the API Gateway console, the console automatically adds the required permissions. However, when you set up a stage variable to call a Lambda function through your API, you must manually add these permissions.

Check the API's logs

To verify that the error is caused by missing permissions, review your API's logs.

For REST APIs and WebSocket APIs, check the execution logs for a message similar to "Invalid permissions on Lambda function." For more information, see How do I enable CloudWatch Logs for troubleshooting my API Gateway REST API or WebSocket API?

For HTTP APIs, check the access logs for a similar message about permissions. The integrationErrorMessage context variable ($context.integrationErrorMessage) includes the error message to review. For more information, see Configuring logging for an HTTP API.

Add the required permissions

To add the lambda:InvokeFunction permission for your API, run the Lambda add-permission command from the AWS Command Line Interface (AWS CLI).

Replace the following variables in the example command:

• Replace arn:aws:lambda:region:account-id:function:function-name with your Lambda function's Amazon Resource Name (ARN).
• Replace statement-id-guid with a unique statement ID, such as api-gateway-invoke.
• Replace arn:aws:execute-api:region:account-id:api-id/*/GET/lambdasv1 with the ARN of the API Gateway resource that invokes your function. For the ARN format for HTTP APIs and REST APIs, see Resource format of permissions for executing API in API Gateway. For the ARN format for WebSocket APIs, see Using IAM authorization.