Zappa icon indicating copy to clipboard operation
Zappa copied to clipboard
verified publisher icon Miserlou

Error - {"message":"Forbidden"}

Open daxeel opened this issue 8 years ago • 11 comments

I deployed my flask hello world with zappa on aws.

server.py

from flask import Flask
app = Flask(__name__)

@app.route('/')
def hello_world():
    return 'Hello, Ieacon!'

if __name__ == '__main__':
    app.run()

API Endpoint https://hj9weg9e9g.execute-api.ap-south-1.amazonaws.com/devstage

Expected Behavior

Hello, Ieacon! (Works locally)

Actual Behavior

{"message":"Forbidden"}

Possible Fix

Your Environment

  • Zappa version used: 0.45.1

  • Operating System and Python version: OSX & Python 2.7.10

  • The output of pip freeze: argcomplete==1.9.2 base58==0.2.4 boto3==1.5.6 botocore==1.8.20 certifi==2017.11.5 cfn-flip==1.0.0 chardet==3.0.4 click==6.7 docutils==0.14 durationpy==0.5 Flask==0.12.2 future==0.16.0 futures==3.1.1 hjson==3.0.1 idna==2.6 itsdangerous==0.24 Jinja2==2.10 jmespath==0.9.3 kappa==0.6.0 lambda-packages==0.19.0 MarkupSafe==1.0 placebo==0.8.1 python-dateutil==2.6.1 python-slugify==1.2.4 PyYAML==3.12 requests==2.18.4 s3transfer==0.1.12 six==1.11.0 toml==0.9.4 tqdm==4.19.1 troposphere==2.1.2 Unidecode==0.4.21 urllib3==1.22 Werkzeug==0.12 wheel==0.30.0 wsgi-request-logger==0.4.6 zappa==0.45.1

  • Link to your project (optional): https://hj9weg9e9g.execute-api.ap-south-1.amazonaws.com/devstage

  • Your zappa_settings.py: { "devstage": { "api_key_required": true, "api_key": "xxxxxx", "s3_bucket": "ieaconbucket", "app_function": "server.app", "aws_region": "ap-south-1" } }

Please help me why i am not able to get the expected output. This is my second project. Previously i was able to deploy the app and was working perfectly. I don't know why it stopped working.

[Edit markdown for code listing –@scoates]

daxeel avatar Dec 26 '17 09:12 daxeel

I get the same issue here described!

MileanCo avatar Feb 03 '18 12:02 MileanCo

Experienced this as well.

Fixed it by going into AWS Gateway API > Custom Domain Names and deleting the custom domain (zappa will have created on if you have run certify before). Re-running zappa certify should work.

If that doesn't work, run zappa certify and get back to the state of {"message":"Forbidden"}. Go into AWS Gateway API > Custom Domain Names. You will need to edit the card and add a Base Path Mappings. For the path enter / and select the project in the API select box. Then select the stage you want for this.

That should work perfectly.

nickpolet avatar Feb 17 '18 16:02 nickpolet

Not strictly an answer to your question @daxeel, but may help someone.

I got this when my app redirected to a uri not including the environment name (/uri instead of /dev/uri).

Needed to setup a custom domain.

mcameron avatar Feb 21 '18 12:02 mcameron

Yeah i resolved my error in a similar fashion as @mcameron , the URI I was calling was wrong. A better error message could be "404 not found" or something, instead of Forbidden... since it's not really a permission error, in this case.

MileanCo avatar Feb 21 '18 14:02 MileanCo

{"message": "Forbidden"} comes from API Gateway if it can't route your request (to a lambda, or otherwise).

Is there something Zappa actually did wrong here?

scoates avatar Feb 23 '18 21:02 scoates

Hello!

I've ran into this, and I'm not sure what is the fix here. I've deployed using zappa deploy and when I make a request using postman I get forbidden response. I've added x-api-key header to my postman request. When I try to do a request via API-Gateway site it ends up with 500 unless I use the proxy part to test a request. Then the request gets routed to the lambda properly. But I'm not sure how to target that proxy part of gateway using postman.

chubz avatar Aug 12 '20 12:08 chubz

Fixed it by going into AWS Gateway API > Custom Domain Names and deleting the custom domain (zappa will have created on if you have run certify before). Re-running zappa certify should work.

In addition to what @nickpolet shared I had to remove the Route53 entry. So

  1. undeply your app
  2. go to Route53 and remove your domain
  3. go to API Gateway and remove your custom domain name
  4. deploy your app
  5. run zappa certify

I am not 100% sure if all the un/deploying is necessary, though.

johannesjasper avatar Sep 23 '20 14:09 johannesjasper

Experienced this as well.

Fixed it by going into AWS Gateway API > Custom Domain Names and deleting the custom domain (zappa will have created on if you have run certify before). Re-running zappa certify should work.

If that doesn't work, run zappa certify and get back to the state of {"message":"Forbidden"}. Go into AWS Gateway API > Custom Domain Names. You will need to edit the card and add a Base Path Mappings. For the path enter / and select the project in the API select box. Then select the stage you want for this.

That should work perfectly.

Base Path Mappings worked for me. Thanks ❤️

Brdjx avatar Feb 05 '21 16:02 Brdjx