Message": "Forbidden" from AWS API Gateway with ion/lambda

I deployed a Web App with Pedestal onto AWS API Gateway as an ion. It serves an HTML form. But while posting, I get the following error. Spent some time on it, but if anyone can shed some light on it, that would be great!

// 20200704144544
// https://{---------}.execute-api.us-west-2.amazonaws.com/signup

{
“message”: “Forbidden”
}

Thanks

How do you have the API Gateway endpoint(s) configured?

Thanks for asking!. No, I have’t configured the endpoints.

But, I switched my server (Datomic Ion cloud) to JSON API only. And moved all the HTML/JS serving (SPA) to S3. I don’t know/not sure whether I can go in the direction where I can serve all the JS/HTML from the ion, and whether I am going to face further problems in the future.

-hkrish

In API Gateway you need to configure, then deploy in a environment
API Gateway URL’s are aways something like
https://random-aws-stuff.amazonaws.com/dev/signup
where dev is the environment prefix
application you receive just /signup

Yeah—as @souenzzo wrote, you’ll need to use API Gateway if you want to expose your ion to the open web.

If you’re running a production topology, I recommend using HTTP Direct rather than the Lambda proxy from API Gateway. Otherwise, follow these directions.

Thanks again for the response. I did set up the API Gateway as per instructions, including the deploy with “dev”. It always worked for me if it is just an API with JSON. But when i try to deploy my SPA webapp also this way, I get the error. It may have something to do with the API Gateway permissions, I dont know. My plan was to host everything (HTML/CSS/JS, and the server ions using Pedestal etc) as an ion so that I can leverage the Ion-Push/Deploy. May be we need to more research. A few questions:

  1. How do we put a trace at the backend for ions?
  2. Has anyone tried to host all the SPA and the backend as IONS?
  3. How do we associate a domain name with the API Gateway?
  4. Can we associate an SSL?

Right now we are using a SOLO, but will move to Production topology sometime later.
Again, thanks for the responses.

I suspect you’re running into a CORS issue.

I don’t recommend serving everything from an ion via API Gateway, but I suppose it will work. YMMV.

You can associate a custom domain and SSL certificate (issued from ACM) with an API Gateway API.

Not sure what kind of trace you’re referring to.