I defined my Lambda integration in API Gateway using a stage variable. Why do I get an "Internal server error" and a 500 status code when I invoke the API method?

Last updated: 2020-04-30

I set up my Amazon API Gateway API to invoke an AWS Lambda function using a stage variable. When I invoke the API method, my API returns an "Internal server error" and a 500 status code. How do I fix this?

Short Description

This error occurs if your Lambda function's resource-based policy doesn't include permission for your API to invoke the function.

When you build an API Gateway API with standard Lambda integration using the API Gateway console, the console automatically adds the required permissions. However, when you set up a stage variable to call a Lambda function through your API, you must manually add these permissions.

Resolution

Check the API's logs

To verify that the error is caused by missing permissions, review your API's logs.

For REST APIs and WebSocket APIs, check the execution logs for a message similar to "Invalid permissions on Lambda function." For more information, see How do I enable CloudWatch Logs for troubleshooting my API Gateway REST API or WebSocket API?

For HTTP APIs, check the access logs for a similar message about permissions. The integrationErrorMessage context variable ($context.integrationErrorMessage) includes the error message to review. For more information, see Configuring logging for an HTTP API.

Add the required permissions

To add the lambda:InvokeFunction permission for your API, run the Lambda add-permission command from the AWS Command Line Interface (AWS CLI).

Replace the following variables in the example command:

aws lambda add-permission --function-name arn:aws:lambda:region:account-id:function:function-name --statement-id statement-id-guid --action lambda:InvokeFunction --source-arn arn:aws:execute-api:region:account-id:api-id/*/GET/lambdasv1