search

apache / apisix

The Cloud-Native API Gateway
https://apisix.apache.org/blog/
Apache License 2.0
14.24k stars 2.48k forks source link

`aws-lambda` plugin returns `400 bad request` for wrong IAM credentials or wrong URL #11176

Open kayx23 opened 4 months ago

kayx23 commented 4 months ago

Current State

The aws-lambda plugin returns 400 Bad Request for wrong IAM credentials (wrong access key or secret key), or wrong URL.

For example, if the URL is missing the ending slash, APISIX will return 400 Bad Request without further information.

The error log is the following and it is not very informative:

2024/04/22 02:10:01 [warn] 277#277: *11342 [lua] plugin.lua:1160: run_plugin(): aws-lambda exits with http status code 400, client: 172.25.0.1, server: _, request: "GET / HTTP/1.1", host: "127.0.0.1:9080"

Desired State

As an enhancement, APISIX could return more telling error message to help users troubleshooting.

For example, with AWS CLI aws sts get-caller-identity, wrong secret key would lead to the following error msg:

The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

Wrong access key would lead to the following error msg:

The security token included in the request is invalid.

Environment

APISIX version (run apisix version): 3.9.0

nitishfy commented 4 months ago

Thanks for raising this issue! That's a good enhancement which can be added