API Gateway not have permissions for my Authorizer lambda when using Swagger

Hi all,

I have an API defined using Swagger, which defines the following API Key authorizer:

securityDefinitions:
  api_key:
    type: apiKey
    name: x-api-key
    in: header
    x-amazon-apigateway-authtype: "oauth2"
    x-amazon-apigateway-authorizer:
      type: token
      authorizerUri: arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:[accountid]:function:ApiKeyAuthorizerLambdaFunction/invocations
      authorizerResultTtlInSeconds: 0

However, when I pass this Swagger definition into my CloudFormation script and call an endpoint secured with this authorizer, I get a 500. The API Gateway logs show the following:

Incoming identity: ***key
Execution failed due to configuration error: Invalid permissions on Lambda function
Execution failed due to configuration error: Authorizer error

Note that I have given API Gateway permission to execute this lambda:

LambdaPermissionAuthorizerApiGateway:
  Type: AWS::Lambda::Permission
  Properties:
    FunctionName:
      Fn::GetAtt:
      - ApiKeyAuthorizerLambdaFunction
      - Arn
    Action: lambda:InvokeFunction
    Principal: apigateway.amazonaws.com

In fact, when I compare the CloudFormation script which Serverless generates for authoized endpoints (using Serverless’s notation) with my own CloudFormation script using Swagger, I see little difference between them, except that my authorizer is defined with Swagger rather than directly as a CF resource.

Can anyone shed any light on this? Is this a bug when using Swagger with CloudFormation?

Also for full disclosure I also posted this on SO too! https://stackoverflow.com/q/48950793/628881

Thanks in advance :slight_smile: