403 Forbidden

[alcinovanrooyen]

Hi,

I've deployed successfully.

Testing in Lambda Console works as well, but invoke from API Gateway causes this error:
Fatal error: Uncaught Exception: Error while calling the Lambda runtime API: The requested URL returned error: 403 Forbidden in /var/task/vendor/bref/bref/src/Runtime/LambdaRuntime.php:268

[mnapoli]

Hi, this error message is very surprising.

Is it just happening once or still happening? And just to be sure:

Testing in Lambda Console works as well, but invoke from API Gateway causes this error:

Did you create 2 different lambdas (one for HTTP and one for console)?

[alcinovanrooyen]

Hi,

It's the same lambda, just added API Gateway trigger to it.

I've also noticed that the function does execute as Hello World gets echo'd in the logs, but with this error preceding it.

Do you perhaps think this is a permission error - 403 Forbidden, perhaps IAM policy needed for API Gateway ?

[mnapoli]

OK this is not how things are supposed to run.

You need to have 2 different lambdas: one for HTTP, one for the console. Have a look here to create a HTTP lambda: https://bref.sh/docs/runtimes/http.html Make sure to have a separate lambda in serverless.yml with the correct configuration.

Let me know if you still have questions.

[leroy]

Hi,

I'm having the same issue, having followed the documentation on hosting a website.

Here's my configuration:

service: app

provider:
  stage: staging
  name: aws
  region: eu-central-1
  runtime: provided
  environment:
    WP_ENV: ''
    WP_HOME: ''
    DB_HOST: ${ssm:/app/database/host}
    DB_NAME: ''
    DB_USER: ${ssm:/app/database/username}
    DB_PASSWORD: ${ssm:/app/database/password}
    S3_UPLOADS_KEY: ${ssm:/app/s3/key}
    S3_UPLOADS_SECRET: ${ssm:/app/s3/secret}
    S3_UPLOADS_BUCKET: '<bucket>'

plugins:
  - ./vendor/bref/bref

functions:
  wordpress:
    handler: index.php
    description: ''
    timeout: 28 # in seconds (API Gateway has a timeout of 29 seconds)
    layers:
      - ${bref:layer.php-73-fpm}
    events:
      - http: 'ANY /'
      - http: 'ANY /{proxy+}'
    vpc:
      securityGroupIds:
        - <security-group>
      subnetIds:
        - <subnet>
        - <subnet>
        - <subnet>

resources:
  Resources:
    # The S3 bucket that stores the assets
    Assets:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: <bucket>
    # The policy that makes the bucket publicly readable
    AssetsBucketPolicy:
      Type: AWS::S3::BucketPolicy
      Properties:
        Bucket: !Ref Assets # References the bucket we defined above
        PolicyDocument:
          Statement:
            - Effect: Allow
              Principal: '*' # everyone
              Action: 's3:GetObject' # to read
              Resource: 'arn:aws:s3:::<bucket>/*' # things in the bucket

I'm trying to host a wordpress website. When i set the listening URL (SITE_URL) on Wordpress end it will give the 403 error.

[mnapoli]

@leroy this is not the same issue.

[leroy]

Are you sure?

This is my stacktrace:

Fatal error: Uncaught Exception: Error while calling the Lambda runtime API: The requested URL returned error: 403 Forbidden in /var/task/vendor/bref/bref/src/Runtime/LambdaRuntime.php:268
Stack trace:
#0 /var/task/vendor/bref/bref/src/Runtime/LambdaRuntime.php(175): Bref\Runtime\LambdaRuntime->postJson('http://127.0.0....', Array)
#1 /var/task/vendor/bref/bref/src/Runtime/LambdaRuntime.php(92): Bref\Runtime\LambdaRuntime->sendResponse('edfec18d-34dd-4...', Array)
#2 /opt/bootstrap(34): Bref\Runtime\LambdaRuntime->processNextEvent(Object(Closure))
#3 {main}PHP Fatal error: Uncaught Exception: Error while calling the Lambda runtime API: The requested URL returned error: 403 Forbidden in /var/task/vendor/bref/bref/src/Runtime/LambdaRuntime.php:268

I've tried googling Lambda runtime api 403 but to no avail. I'm sorry to be reopening this issue, i'm just not sure where to look.

[leroy]

I figured it out!

Turns out i implemented it as a https://bref.sh/docs/runtimes/function.html. I had to configure a proper handler file as documented in the https://bref.sh/docs/runtimes/http.html

[nickrupert7]

Hi there 👋

I'm running a Laravel app and getting the same issue myself on one particular endpoint. All of my other endpoints work, it's just this one that's failing. At first I thought it might have been a memory overload, but my site is currently deployed on a dedicated server with 1/2 the memory of my lambda functions (500 MB vs 1024 MB). I also thought it might have been a timeout issue, but the endpoint errors out after about 8 seconds, which isn't even close to the 28 second limit on my function (see my serverless config below).

This is the error response in my browser:

{"message":"Internal Server Error"}

Super helpful right?
Couldn't find anything useful on Google either - just this GitHub Issue here.

It seems like my endpoint code is all running successfully. I sent Log messages to Papertrail all the way up to the return statement in my Controller, and all the logs go in successfully. Plus, no exceptions seem to be thrown in Laravel.

Watching the invocation and response in my dev tools, I see the following response header: x-cache: Error from cloudfront. Not sure if that's useful, but i suppose it helps to determine where the error is NOT. It did at least spark my memory, and I decided to check my Cloudwatch logs for the Lambda function, and I found this (which shows up every single time I hit the failing endpoint)...

{
    "errorType": "Exception",
    "errorMessage": "Error while calling the Lambda runtime API: The requested URL returned error: 413",
    "stack": [
        "#0 /var/task/vendor/bref/bref/src/Runtime/LambdaRuntime.php(187): Bref\\Runtime\\LambdaRuntime->postJson()",
        "#1 /var/task/vendor/bref/bref/src/Runtime/LambdaRuntime.php(104): Bref\\Runtime\\LambdaRuntime->sendResponse()",
        "#2 /opt/bootstrap(43): Bref\\Runtime\\LambdaRuntime->processNextEvent()",
        "#3 {main}"
    ]
}

and

Fatal error: Uncaught Exception: Error while calling the Lambda runtime API: The requested URL returned error: 403 in /var/task/vendor/bref/bref/src/Runtime/LambdaRuntime.php:295

...thus the connection to this original Issue.

Here's the functions snippet of my serverless configuration file:

functions:
  # This function runs the Laravel website/API
  web:
    name: myapp-${opt:stage, 'dev'}-web
    handler: public/index.php
    timeout: 28 # in seconds (API Gateway has a timeout of 29 seconds)
    layers:
      - ${bref:layer.php-74-fpm}
    events:
      - httpApi: '*'

  # This function lets us run artisan commands in Lambda
  artisan:
    name: myapp-${opt:stage, 'dev'}-artisan
    handler: artisan
    timeout: 120 # in seconds
    layers:
      - ${bref:layer.php-74} # PHP
      - ${bref:layer.console} # The "console" layer
    events:
      - schedule:
          description: Running the Laravel Scheduler (schedule:run) every minute
          rate: rate(1 minute)
          input:
            cli: schedule:run

  worker:
    handler: worker.php
    timeout: 900 # in seconds
    layers:
      - ${bref:layer.php-74}
    events:
      - sqs:
          arn:
            Fn::GetAtt: [ Queue, Arn ]
          # Only 1 item at a time to simplify error handling
          batchSize: 1

One last final tidbit that makes this all particularly weird. When I return a hard-coded response in my endpoint like return 'abc'; It works, and the correct result is rendered in my browser. When I return my view without any of the data it needs, it also succeeds in loading the page. But when I try to load the page with all of the data, it goes back to failing. This is why I originally thought it might be a memory or timeout issue, but I just can't get past the fact that it currently works on a server with 1/2 the memory as my lambda, and it fails after only ~8 seconds which is way less than the timeout on my function... Plus I don't see how that would result in the 403 error from bref.

Help would be much appreciated :)

[mnapoli]

Hi, these messages are all generic errors. Even if it sounds like it, there is very likely no connection to the old issue.

I'll be locking this thread to avoid confusion (and avoid pinging previous contributors), feel free to open a GitHub discussion for community support.