cloudformation-coverage-roadmap icon indicating copy to clipboard operation
cloudformation-coverage-roadmap copied to clipboard

Published 20 hours ago verified publisher icon aws-cloudformation

400 InvalidParameter Error in AWS::ApiGateway::Method Integration with SNS Publish Action

Open eunier opened this issue 6 months ago • 0 comments

Resource Name

AWS::ApiGateway::Method

Details

Hi, I am encountering an issue with the AWS::ApiGateway::Method resource when integrating with the SNS Publish action. The API Gateway method is configured to send a request to an SNS FIFO topic, but the integration is failing with a 400 InvalidParameter error. The error message indicates that the TopicArn or TargetArn parameter is missing, even though it is explicitly included in the request template.

I have reviewed the documentation for the RequestTemplates property in the AWS CloudFormation documentation, but I could not find detailed examples or syntax guidance for this specific use case. Based on the documentation, the RequestTemplates property is described as:

Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value.

Resource Definition

Here is the relevant AWS::ApiGateway::Method resource definition from my CloudFormation template (sensitive data has been anonymized):

  Method:
    Type: AWS::ApiGateway::Method
    Properties:
      RestApiId: !Ref Api
      ResourceId: !Ref Resource
      HttpMethod: POST
      AuthorizationType: CUSTOM
      AuthorizerId: !Ref Authorizer
      Integration:
        Type: AWS
        IntegrationHttpMethod: POST
        Uri: !Sub arn:aws:apigateway:${AWS::Region}:sns:action/Publish
        Credentials: !GetAtt ApiGatewayToSnsRole.Arn
        PassthroughBehavior: WHEN_NO_MATCH
        RequestTemplates:
          application/json: |
            Action=Publish&TopicArn=arn:aws:sns:us-east-1:123456789012:my-sns-topic.fifo&Message=$util.urlEncode($input.body)&MessageGroupId=default
        IntegrationResponses:
          - StatusCode: 200
            ResponseTemplates:
              application/json: |
                {
                  "message": "SNS message published successfully."
                }
          - StatusCode: 500
            ResponseTemplates:
              application/json: |
                {
                  "message": "Failed to publish SNS message."
                }
      MethodResponses:
        - StatusCode: 200
          ResponseModels:
            application/json: Empty
        - StatusCode: 500
          ResponseModels:
            application/json: Empty

API Gateway Logs

Here are the relevant logs from API Gateway (sensitive data has been anonymized):

(12345678-1234-1234-1234-123456789012) Endpoint request body after transformations: Action=Publish&TopicArn=arn:aws:sns:us-east-1:123456789012:my-sns-topic.fifo&Message=%5B%0A%09%7B%0A%09%09%22PropAKey%22%3A+123%2C%0A%09%09%22PropBKey%22%3A+%22PropBValue%22%2C%0A%09%09%22PropCKey%22%3A+456%2C%0A%09%09%22PropDKey%22%3A+%22PropDValue%22%0A%09%7D%0A%5D&MessageGroupId=default
(12345678-1234-1234-1234-123456789012) Sending request to https://sns.us-east-1.amazonaws.com/?Action=Publish
(12345678-1234-1234-1234-123456789012) Received response. Status: 400, Integration latency: 8 ms
(12345678-1234-1234-1234-123456789012) Endpoint response headers: {x-amzn-RequestId=2b0e6598-903b-58da-a2b6-05e4041cfa1e, Date=Fri, 18 Apr 2025 17:54:47 GMT, Content-Type=application/json, Content-Length=197, connection=keep-alive}
(12345678-1234-1234-1234-123456789012) Endpoint response body before transformations: 
{
    "Error": {
        "Code": "InvalidParameter",
        "Message": "Invalid parameter: TopicArn or TargetArn Reason: no value for required parameter",
        "Type": "Sender"
    },
    "RequestId": "2b0e6598-903b-58da-a2b6-05e4041cfa1e"
}
(12345678-1234-1234-1234-123456789012) Method response body after transformations: 
{
    "message": "SNS message published successfully."
}

This is the request body been encoded in above logs:

[
	{
		"PropAKey": 123,
		"PropBKey": "PropBValue",
		"PropCKey": 456,
		"PropDKey": "PropDValue"
	}
]

Expected Behavior

The TopicArn parameter is included in the request template and should be passed to the SNS Publish action. The request should succeed, and the message should be published to the SNS topic.

Actual Behavior

The integration fails with a 400 InvalidParameter error, indicating that the TopicArn or TargetArn parameter is missing. However, the logs show that the TopicArn is present in the request body.

Environment

  • AWS Regionus-east-1
  • API Gateway Type: REST API
  • SNS Topic Type: FIFO
  • CloudFormation Template: YAML

Additional Notes

  • I used GitHub Copilot and Amazon Q AI from the AWS documentation website to validate the syntax of my template, and both tools suggest that the template is correct.
  • The ApiGatewayToSnsRole IAM role has the necessary sns:Publish permissions for the SNS topic.
  • The Uri for the integration is set to arn:aws:apigateway:${AWS::Region}:sns:action/Publish.

Please let me know if additional information is needed to debug this issue. Thank you!

eunier avatar Apr 18 '25 18:04 eunier