Why am I getting “Execution failed due to configuration” errors from API Gateway after using a CloudFormation template or OpenAPI definition to create a REST API with a Lambda integration?

Last updated: 2022-05-04

I used an AWS CloudFormation template (or OpenAPI definition) to create an Amazon API Gateway REST API with AWS Lambda integration. When I try to invoke my Lambda function using the API method, I get the following error message and a 500 status code: "Execution failed due to configuration error." What's causing the error, and how do I troubleshoot the issue?

Short description

If you have an API Gateway REST API with Lambda integration, then the API must invoke the backend Lambda function using the HTTP method, POST. If you use any other HTTP method (for example, ANY or GET) for the backend integration request, then invocation fails. API Gateway then returns an error message similar to the following example in your Amazon CloudWatch logs:

Mon Oct 14 14:08:49 UTC 2019 : Received response. Status: 403, Integration latency: 3 ms
Mon Oct 14 14:08:49 UTC 2019 : Endpoint response headers: {Date=Mon, 14 Oct 2019 14:08:49 GMT, Content-Length=130, Connection=keep-alive, x-amzn-RequestId=abc1d2ef-34ab-56c7-de8f-90123a456789}
Mon Oct 14 14:08:49 UTC 2019 : Endpoint response body before transformations: <AccessDeniedException>
<Message>Unable to determine service/operation name to be authorized</Message>
</AccessDeniedException>
Mon Oct 14 14:08:49 UTC 2019 : Lambda invocation failed with status: 403. Lambda request id: abc1d2ef-34ab-56c7-de8f-90123a456789
Mon Oct 14 14:08:49 UTC 2019 : Execution failed due to configuration error:
Mon Oct 14 14:08:49 UTC 2019 : Method completed with status: 500

Note: You can still set up any HTTP method for your REST API's frontend.

You must specify the POST method for the backend integration request if you create a REST API with Lambda integration using any of the following:

Note: If you use the API Gateway console to configure a Lambda integration the backend integration request is automatically set to POST.

Resolution

The CloudFormation best practice is to Manage all stack resources though AWS CloudFormation and not to make stack resource changes outside of CloudFormation.

The method used to change the HTTP method to POST for the backend integration request depends upon the original template definition. For example, the process is different to update an API Gateway deployed using CloudFormation verses an API Gateway created with OpenAPI or the AWS CLI.

To change the integration’s request method to POST for API Gateways created using CloudFormation

For instructions, see Modifying a stack template.

A. If your method was created by defining the AWS::ApiGateway::Method resource in your CloudFormation template, update the HttpMethod property to POST. For instructions, see the Examples section of the AWS::ApiGateway::Method documentation.

B. If your method included an OpenAPI definition as the value of the Body property of the AWS::ApiGateway::RestAPI resource: Set the httpMethod property value in your API definition file to POST.  For instructions, see x-amazon-apigateway-integration object and the example Swagger template on the aws-samples GitHub repository.

Update your API by running AWS CloudFormation stack updates with the edited template:

"x-amazon-apigateway-integration" : {
    "type" : "aws",

    "httpMethod" : "POST"

To change the backend integration's HTTP method to POST for API Gateways created outside of CloudFormation

Update method using the console

  1. In the API Gateway console, choose your API.
  2. In the Resources pane, choose the HTTP method that has the Lambda integration.
  3. In the Method Execution pane, choose Integration Request.
  4. In the Integration Request pane, for HTTP method, edit the Lambda function name by clicking on the pencil icon to the right of the function name, then click on the checkmark icon that appears on the right.
  5. When prompted to Add Permission to Lambda Function, choose OK.
  6. Deploy your API.
  7. (Optional) Test the HTTP method that has the Lambda integration.

Note: The console adds a new statement to the Lambda function’s resource policy each time OK is selected in the Add Permission to Lambda Function prompt. Note your function’s resource policy size to make sure that it doesn't hit the resource policy size limit. See: Function configuration, deployment, and execution.

For more information, see Getting started with API Gateway and Set up an API integration request using the API Gateway console.

Update the method using AWS CLI

  1. Run the put-integration method to update the integration http method to POST:
aws apigateway put-integration \
--rest-api-id 1234123412 \
--resource-id a1b2c3 \
--http-method ANY \
--type AWS \
--integration-http-method POST \
--uri 'arn:aws:apigateway:us-west-2:lambda:path//2015-03-31/functions/arn:aws:lambda:us-east-1:123412341234:function:function_name/invocations

2. Deploy the configured resources for an API to an existing stage:

aws apigateway create-deployment \
--rest-api-id 1234123412 \
--stage-name dev \
--description 'Deployment to an existing dev stage'

Note: If you receive errors when running AWS CLI commands, make sure that you're using the most recent version of the AWS CLI.

Update the method using OpenAPI definition import

  1. Set the httpMethod property value in your API definition file to POST. For instructions, see x-amazon-apigateway-integration object and the example Swagger template on the aws-samples GitHub repository.
  2. Update your API by importing the edited API definition file into API Gateway. See Import an OpenAPI file to update an existing API definition.