1

Platform

Swift 4, iOS 13, Xcode 11. Using Amplify, GraphQL, Cognito

Problem

I want to trigger an AWS lambda function called onCall. It has been written and is just a simple blank function. On the client side I am following [1] and have:

    let lambdaInvoker = AWSLambdaInvoker.default()

    let jsonObject: [String: Any] = [
        "key1" : "value1",
         "key2" : 2 ,
         "key3" : [1, 2],
         "isError" : false
    ]

    lambdaInvoker.invokeFunction("onCall", jsonObject: jsonObject)
        .continueWith(block: {(task:AWSTask<AnyObject>) -> Any? in
        if( task.error != nil) {
            print("Error: \(task.error!)")
            return nil
        }

        print(">> lambda \(task)")

        // Handle response in task.result
        return nil
    })

But I get a permission denied error:

Error: Error Domain=com.amazonaws.AWSLambdaErrorDomain Code=0 "AccessDeniedException" UserInfo={StatusCode=403, responseStatusCode=403, responseHeaders={type = immutable dict, count = 5, entries => 2 : x-amzn-requestid = {contents = "83047425-06c6-4193-b5c6-ac8461d84aa0"} 3 : Content-Length = 243 4 : Content-Type = {contents = "application/json"} 5 : x-amzn-errortype = {contents = "AccessDeniedException"} 6 : Date = {contents = "Thu, 07 May 2020 02:18:00 GMT"} } , Message=User: arn:aws:sts::870560247484:assumed-role/amplify-alpha-alphaenv-123654-authRole/CognitoIdentityCredentials is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-east-1:870560247484:function:onCall, responseDataSize=243, NSLocalizedFailureReason=AccessDeniedException}

I have this line in my awsconfiguration.json file

"LambdaInvoker" : {
  "Default" : {
       "Region": "us-east-1"
  }
}

Now in the docs it says I should use Amplify API, but I cannot find any amplify API for triggering lambda, and the doc is very sparse beyond basic use cases.

Acceptable solutions

  1. Making the lambdaInvoker work as is, regardless of the statement about Amplify.

  2. Point me or provide code example for calling lamdas in Amplify API

[1] https://docs.aws.amazon.com/aws-mobile/latest/developerguide/how-to-ios-lambda.html

Improve this question

1 Answer 1

Reset to default
1

First of all please check if you created the lambda with proper Policy:

From the documentation

f. Under Lambda function handler and role, select Create new role from template(s). Type a Role name. Select the Policy template named Simple Microservice permissions.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

You also may use Gateway API and through him trigger the lambda. Meanwhile, I will try to find the missing policy.
I also tried lambda-role as a policy. same error message. Basically cognito account is not configured to invoke lambda functions from this territory.
what if you try to set the policy with "allow" action "invokeFunction" and set the principal: "Principal": { "Federated": "cognito-identity.amazonaws.com" }. Maybe it makes sense to drill in this direction
where would I specify that? In awsconfiguartion.json or in console.aws.amazon.com/lambda/ ?
You would need adjust the execution role of the lambda, which can be found in aws web console -> lambda -> tab Permissions
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.