Execution failed due to configuration error: API Gateway does not have permission to assume the provided role

When setting up a custom lambda authorizer in Amazon Web Service’s API Gateway you have the option to specify a role. If you run into permissions problem with this it is often due to a misconfigured “Trust Relationship” with the role it is assuming. You will see an error:

Execution failed due to configuration error: API Gateway does not have permission to assume the provided role
Execution failed due to configuration error: Authorizer error
AuthorizerConfigurationException

To fix this go to the role in your IAM and select the “Trust Relationships” tab. From here edit the policy and for the Principal Service add in “apigateway.amazonaws.com” as seen below. This will grant the API Gateway the ability to assume roles to run your function in addition to the existing lambda permission.

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": ["apigateway.amazonaws.com","lambda.amazonaws.com"]
},
"Action": "sts:AssumeRole"
}
]
}

Leave a Reply

Your email address will not be published. Required fields are marked *