API Gateway CreateAuthorizer 因 InternalFailure 而失败

Question

当我尝试使用 CloudFormation 为我的 AWS API Gateway 创建自定义授权方时，它会一直冻结尝试执行 CreateAuthorizer 调用，但失败了。这是我可以重现该行为的最小 CloudFormation 模板：

AWSTemplateFormatVersion: "2010-09-09"
Resources:
    ApiGatewayV1:
        Type: "AWS::ApiGateway::RestApi"
        Properties:
            Name: "test"

    ApiAuthorizerV1:
        Type: "AWS::ApiGateway::Authorizer"
        Properties:
            RestApiId: !Ref "ApiGatewayV1"
            Name: "test"
            Type: "TOKEN"
            AuthorizerUri: !Sub "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:aws:lambda::${AWS::AccountId}:function:${!stageVariables.AuthorizerLambdaName}/invocations"
            IdentitySource: "method.request.header.Authorization"
            AuthorizerResultTtlInSeconds: 3600

CloudTrail 日志：

"errorCode": "InternalFailure",
"errorMessage": "An unknown error occurred",
"requestParameters": {
    "restApiId": "lweme6j3wk",
    "createAuthorizerInput": {
        "providerARNs": [],
        "identitySource": "method.request.header.Authorization",
        "authorizerResultTtlInSeconds": 3600,
        "type": "TOKEN",
        "name": "test",
        "authorizerUri": "arn:aws:apigateway:eu-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda::<ACCOUNT_ID>:function:${stageVariables.AuthorizerLambdaName}/invocations"
    },
    "template": false
},
"responseElements": null,
"requestID": "470e2efa-d3c1-11e7-b0cc-b7fd2383ef6b",
"eventID": "2ceccaa5-9b97-4b1e-93e5-3c4e6bca419d",

Answer 1

好的，那真是太奇怪了。当我在目标 lambda ARN 中明确指定区域时，它起作用了！

替换：

arn:aws:lambda::<ACCOUNT_ID>

与：

arn:aws:lambda:<REGION>:<ACCOUNT_ID>

（是的，它适用于 ${AWS::Region}:${AWS::AccountId} 占位符，我使用固定值进行检查。