TransWikia.com

AWS API Gateway: 403 forbidden with disabled API key; error from cloudfront

DevOps Asked by Peter Muryshkin on August 22, 2021

How can happen that with a Lambda/API Gateway combination, if no explicit Cloud Front configuration has been done, in an error response header they mention CloudFront?

header: x-amzn-ErrorType: ForbiddenException
header: x-amz-apigw-id: P3mmbT_DREF8bg=
header: X-Cache: Error from cloudfront

Actual problem: with a disabled API key, API keeps responding "forbidden".

UPDATE. As it seems the problem is not related to the Edge API/CloudFront, as the problem with disabled key persists also on changing API type to regional.

UPDATE. I can now disable API key checking as suggested by @Harish i.e. it’s not about disabling the API key itself but telling the API whether it’s required or not.

What is yet open though is why if created by Zappa, there is no option to change this setting in the UI, because there are not single methods.

zappa-methods

One Answer

When you deploy an edge-optimized API, API Gateway sets up an Amazon CloudFront distribution and a DNS record to map the API domain name to the CloudFront distribution domain name. Requests for the API are then routed to API Gateway through the mapped CloudFront distribution.

Source: API Gateway documentation — Edge-optimized custom domain names.


To allow calls to a method of a resource in your API without API key, set its API Key Required setting to false:

enter image description here

Correct answer by Harish KM on August 22, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP