AWS.Lambda.invoke_async 403 with signature mismatch

Question

AWS.Lambda.invoke_async 403 with signature mismatch

Closed this issue 3 years ago · 7 comments

When we try to invoke a Lambda, we get a 403 error:

client = %AWS.Client{
  access_key_id: Keyword.fetch!(config, :access_key_id),
  secret_access_key: Keyword.fetch!(config, :secret_access_key),
  region: Keyword.fetch!(config, :region)
}
    
function_name = "arn:aws:lambda:ca-central-1:3456789:function:foo_bar"

AWS.Lambda.invoke_async(client, function_name, %{foo: "bar"})

{:error,
 {:unexpected_response,
  %{
    body: "{\"message\":\"The request signature we calculated does not match the signature you provided.
      Check your AWS Secret Access Key and signing method. Consult the service documentation for details.\"}",
    headers: [
      {"Date", "Tue, 15 Jun 2021 06:08:39 GMT"},
      {"Content-Type", "application/json"},
      {"Content-Length", "192"},
      {"Connection", "keep-alive"},
      {"x-amzn-RequestId", "a1e8e46f-8024-40e9-9c48-5091cb6c4ea1"},
      {"x-amzn-ErrorType", "InvalidSignatureException"}
    ],
    status_code: 403
  }}}

I can't understand what I could possibly mess up here, since there is not a lot of complexity in the invoke_async/3 call?

Any ideas?

Answer 1 · 2021-06-15T15:00:58.000Z

Hi @ryanwinchester 👋
What the version of aws-elixir are you using?

I think we had some similar issues and we fixed in master. Can you try it?

Answer 2 · 2021-06-15T18:06:54.000Z

@philss happens using

{:aws, github: "aws-beam/aws-elixir", branch: "master"}

Answer 3 · 2021-06-15T19:07:54.000Z

@ryanwinchester thanks! I don't think it's something you are doing. It's probably another bug in the signature algorithm. I will investigate.

Answer 4 · 2021-06-16T19:56:49.000Z

@ryanwinchester I'm investigating this. But before I find the problem, can you try to use the invoke function as a substitute for invoke_async? You can call invoke with InvocationType as Event, like the docs suggest:

client = %AWS.Client{
  access_key_id: Keyword.fetch!(config, :access_key_id),
  secret_access_key: Keyword.fetch!(config, :secret_access_key),
  region: Keyword.fetch!(config, :region)
}
    
function_name = "arn:aws:lambda:ca-central-1:3456789:function:foo_bar"

AWS.Lambda.invoke(client, function_name, %{"foo" => "bar", "InvocationType" => "Event"})

Answer 5 · 2021-06-17T06:43:34.000Z

@philss same error for me

Answer 6 · 2021-06-18T02:08:47.000Z

@ryanwinchester please try again updating from master. I managed to fix the problem :)

Answer 7 · 2021-06-18T02:20:19.000Z

Yup :)

{:ok, nil,
 %{
   body: "",
   headers: [
     {"Date", "Fri, 18 Jun 2021 02:19:33 GMT"},
     {"Content-Type", "application/json"},
     {"Content-Length", "0"},
     {"Connection", "keep-alive"},
     {"x-amzn-RequestId", "88ee2cb4-f022-4d39-9b31-b6711581a679"}
   ],
   status_code: 202
 }}