Troubleshooting issues with HTTP API Lambda integrations
The following provides troubleshooting advice for errors and issues that you might encounter when using Amazon Lambda integrations with HTTP APIs.
Issue: My API with a Lambda integration
returns {"message":"Internal Server Error"}
To troubleshoot the internal server error, add the
$context.integrationErrorMessage
logging variable to your log format,
and view your HTTP API's logs. To achieve this, do the following:
To create a log group by using the Amazon Web Services Management Console
Open the CloudWatch console at https://console.amazonaws.cn/cloudwatch/
. -
Choose Log groups.
-
Choose Create log group.
-
Enter a log group name, and then choose Create.
-
Note the Amazon Resource Name (ARN) for your log group. The ARN format is arn:aws:logs:
region:account-id:log-group:log-group-name. You need the log group ARN to enable access logging for your HTTP API.
To add the $context.integrationErrorMessage logging variable
Sign in to the API Gateway console at https://console.amazonaws.cn/apigateway
. -
Choose your HTTP API.
-
Under Monitor, choose Logging.
-
Select a stage of your API.
-
Choose Edit, and then enable access logging.
-
For Log destination, enter the ARN of the log group that you created in the previous step.
-
For Log format, choose CLF. API Gateway creates an example log format.
-
Add
$context.integrationErrorMessageto the end of the log format. -
Choose Save.
To view your API's logs
-
Generate logs. Use a browser or
curlto invoke your API.$curl https://api-id.execute-api.us-west-2.amazonaws.com/route Sign in to the API Gateway console at https://console.amazonaws.cn/apigateway
. -
Choose your HTTP API.
-
Under Monitor, choose Logging.
-
Select the stage of your API for which you enabled logging.
-
Choose View logs in CloudWatch.
-
Choose the latest log stream to view your HTTP API's logs.
-
Your log entry should look similar to the following:
Because we added $context.integrationErrorMessage to the log format, we
see an error message in our logs that summarizes the problem.
Your logs might include a different error message that indicates that there's a problem with your Lambda
function code. In that case, check your Lambda function code, and verify that your Lambda function returns a
response in the required format. If your logs
don't include an error message, add $context.error.message and
$context.error.responseType to your log format for more information to help troubleshoot.
In this case, the logs show that API Gateway didn't have the required permissions to invoke the Lambda function.
When you create a Lambda integration in the API Gateway console, API Gateway automatically configures permissions to invoke the Lambda function. When you create a Lambda integration by using the Amazon CLI, Amazon CloudFormation, or an SDK, you must grant permissions for API Gateway to invoke the function. The following example Amazon CLI commands grant permission for different HTTP API routes to invoke a Lambda function.
Example – For the $default stage and $default route of an HTTP API
aws lambda add-permission \ --function-namemy-function\ --statement-idapigateway-invoke-permissions\ --action lambda:InvokeFunction \ --principal apigateway.amazonaws.com \ --source-arn "arn:aws:execute-api:us-west-2:123456789012:api-id/\$default/\$default"
Example – For the prod stage and test route of an HTTP API
aws lambda add-permission \ --function-namemy-function\ --statement-idapigateway-invoke-permissions\ --action lambda:InvokeFunction \ --principal apigateway.amazonaws.com \ --source-arn "arn:aws:execute-api:us-west-2:123456789012:api-id/prod/*/test"
Confirm the function policy in the Permissions tab of the Lambda console.
Try invoking your API again. You should see your Lambda function's response.