Issues authenticating with AWS API Gateway error “IncompleteSignatureException”

Solution for Issues authenticating with AWS API Gateway error “IncompleteSignatureException”
is Given Below:

Hey all I made a lambda function that I then deployed to an API gateway using cloudformation. To authenticate I use cognito user pool. In the Header I pass in an Authorization token that works for other function. When I attempt to hit the API I get the “IncompleteSignatureException”. Im not sure how to go about solving this… I thought I set the cloudformation template to be similar to when I manually attach a lambda function, but I clearly missed something. Any thoughts would be greatly appreciated!

Thanks!

By the way it does work when I “test” it from the api gateway console

CreateMethod:
    Type: AWS::ApiGateway::Method
    Properties:
      RestApiId: !Ref baseApi
      ResourceId: !Ref NewResource
      HttpMethod: POST
      AuthorizationType: COGNITO_USER_POOLS
      AuthorizerId: !Ref cogId
      Integration:
        Type: AWS_PROXY
        IntegrationHttpMethod: POST
        Uri: !Sub
          - arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${lambdaArn}/invocations
          - lambdaArn: !GetAtt TheLambda.Arn
      MethodResponses:
        - StatusCode: 200
          ResponseModels: 
           application/json : Empty
LambdaApiGatewayInvoke:
    Type: AWS::Lambda::Permission
    Properties:
      Action: lambda:InvokeFunction
      FunctionName: !GetAtt TheLambda.Arn
      Principal: apigateway.amazonaws.com
      SourceArn: !Sub arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${baseApi}/*/POST/${basePath}/ChosenPath

I would recommend you look into using AWS SAM. This is an extension on cloudformation which provides you with extra CloudFormation types. AWS SAM also relieves a lot of the burden when it comes to permissions since AWS SAM creates the necessary permissions between the API and the lambdas themselves.

The CloudFormation reference for the SAM types can be found here.

If you will be using AWS SAM, you will need to add Transform: 'AWS::Serverless-2016-10-31' to the top of your CloudFormation template

Welp, I am an idiot. I figured out my problem accidentally. So for anyone who encounters this problem here is the solution: deploy the API.

Anytime you make a change to an API you need to use: AWS::ApiGateway::Deployment

My mistake was thinking it was just for new APIs. Nope, if you make any change to the API you’ll need to deploy it again