apisix icon indicating copy to clipboard operation
apisix copied to clipboard
verified publisher icon apache

`aws-lambda` plugin returns `400 bad request` for wrong IAM credentials or wrong URL

Open kayx23 opened this issue 1 year ago • 1 comments

Current State

The aws-lambda plugin returns 400 Bad Request for wrong IAM credentials (wrong access key or secret key), or wrong URL.

For example, if the URL is missing the ending slash, APISIX will return 400 Bad Request without further information.

The error log is the following and it is not very informative:

2024/04/22 02:10:01 [warn] 277#277: *11342 [lua] plugin.lua:1160: run_plugin(): aws-lambda exits with http status code 400, client: 172.25.0.1, server: _, request: "GET / HTTP/1.1", host: "127.0.0.1:9080"

Desired State

As an enhancement, APISIX could return more telling error message to help users troubleshooting.

For example, with AWS CLI aws sts get-caller-identity, wrong secret key would lead to the following error msg:

The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

Wrong access key would lead to the following error msg:

The security token included in the request is invalid.

Environment

APISIX version (run apisix version): 3.9.0

kayx23 avatar Apr 22 '24 02:04 kayx23

Thanks for raising this issue! That's a good enhancement which can be added

nitishfy avatar Apr 22 '24 02:04 nitishfy