I have a Serverless backend that implements AWS_IAM authorizer using the serverless framework. My client is a React application. I am using AWS Cognito to authenticate users and AWS Federated Identities to retrieve temporary credentials for the user. The user is assuming an IAM Role that has APIGatewayInvokeFullAccess policy attached. I then sign my request using aws4 and make my request using Axios. To my understanding, I am doing everything right. But, I am still receiving a 403 error on my client request. I even logged the tokens that are being retrieved to the console and used those tokens in postman. When I use postman, the error message says “The security token included in the request is invalid”. I have read every doc and tried every possible solution, but I am still unable to debug this error. Any help at all would be incredible.
I am following this guide for the application flow.