403 - The request could not be satisfied

[ablankenship10]

After setting up my working API with this plugin, and pointing my domain in Route 53 to the distribution I can only get "403 The request could not be satisfied" errors. This is my config:

custom:
  apiCloudFront:
    certificate: arn:aws:acm:us-east-1:XXXXXXXXXXX:certificate/XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX
    domain: api.domain.com
    compress: true
    headers: all
    querystring: all

I tried using the url both as api.domain.com/stage/endpoint and api.domain.com/endpoint to no avail. (I want the former version so I can have both of my stages on the same api.domain.com address.)

What am I missing?

[rquast]

Get the same message. I think it might be something to do with headers. Works only when I have headers: - x-api-key and doesn't work with "all"

[El-Fitz]

@ablankenship10 Do you use IAM authorization for your Lambda ? Or send an "Authorization" header in your request ?

[Necromos]

Hey there!
You are correct, it is confirmed to be not working with all when you put CF in front of Api Gateway.
For more resources please take a look at:

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/forward-custom-headers.html Custom Headers that CloudFront Can't Forward to Your Origin section
and
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html

Also, if you want to use CF in front of AGW and pass Authorization header then one of the options is to set it like this: https://d.pr/i/XqsQui

Hope that it helps!