Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
sam local start-api fails with "The security token included in the request is invalid"
See original GitHub issueDescription:
I have a small API which uses a KMS key to encrypt and decrypt strings. The API works exactly as expected when deployed to AWS, but fails when run locally with “The security token included in the request is invalid”.
There are several bugs that have variations on this theme, but all of them are at least six months old. I’m opening this one to address it in newer versions of SAM / the nodejs Docker image.
Steps to reproduce:
- Download and unzip the
encryption-test.zipfile - Follow the instructions in the “Deploying” section of the readme to deploy the API to AWS
- Follow the instructions in the “Running locally” section of the readme to run the API locally
- Run the following two curl commands:
$ curl \
--location \
--request POST \
'https://<your-api-id>.execute-api.<region>.amazonaws.com/stage/encrypt' \
--header 'Content-Type: application/json' \
--data-raw '{
"data": "hello"
}'
and
curl \
--location \
--request POST \
'http://127.0.0.1:3000/encrypt' \
--header 'Content-Type: application/json' \
--data-raw '{
"data": "hello"
}'
The first one (the one that points to AWS) will succeed, but the second one will fail.
Observed result:
sam local start-api --env-vars env.json --debug
2022-05-10 15:59:00,540 | Telemetry endpoint configured to be https://aws-serverless-tools-telemetry.us-west-2.amazonaws.com/metrics
2022-05-10 15:59:00,540 | Using config file: samconfig.toml, config environment: default
2022-05-10 15:59:00,540 | Expand command line arguments to:
2022-05-10 15:59:00,540 | --template_file=/Users/<REDACTED>/code/encryption-test/.aws-sam/build/template.yaml --env_vars=env.json --host=127.0.0.1 --port=3000 --static_dir=public --layer_cache_basedir=/Users/<REDACTED>/.aws-sam/layers-pkg --container_host=localhost --container_host_interface=127.0.0.1
2022-05-10 15:59:00,640 | local start-api command is called
2022-05-10 15:59:00,672 | Collected default values for parameters: {'PubSubnet1CidrBlock': '10.10.1.0/24', 'PrivateSubnet1CidrBlock': '10.10.2.0/24', 'StageName': 'stage', 'VpcCidrBlock': '10.10.0.0/16'}
2022-05-10 15:59:00,693 | There is no customer defined id or cdk path defined for resource Vpc, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,693 | There is no customer defined id or cdk path defined for resource PubSubnet1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,693 | There is no customer defined id or cdk path defined for resource InternetGateway, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,694 | There is no customer defined id or cdk path defined for resource InternetGatewayAttachment, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,694 | There is no customer defined id or cdk path defined for resource RouteTable, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,694 | There is no customer defined id or cdk path defined for resource PublicInternetRoute, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,694 | There is no customer defined id or cdk path defined for resource PubSubnet1RouteTableAssociation, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,694 | There is no customer defined id or cdk path defined for resource PrivateSubnet1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,694 | There is no customer defined id or cdk path defined for resource NatGateway1EIP, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,694 | There is no customer defined id or cdk path defined for resource NatGateway1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,694 | There is no customer defined id or cdk path defined for resource PrivateRouteTable1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,694 | There is no customer defined id or cdk path defined for resource DefaultPrivateRoute1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,694 | There is no customer defined id or cdk path defined for resource PrivateSubnet1RouteTableAssociation, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,694 | There is no customer defined id or cdk path defined for resource RestApiLambdasSg, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,694 | There is no customer defined id or cdk path defined for resource RestApi, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,694 | There is no customer defined id or cdk path defined for resource RestApiFunctionRole, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,694 | There is no customer defined id or cdk path defined for resource EncryptionKey, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,694 | Sam customer defined id is more priority than other IDs. Customer defined id for resource DecryptFunction is DecryptFunction
2022-05-10 15:59:00,694 | Sam customer defined id is more priority than other IDs. Customer defined id for resource EncryptFunction is EncryptFunction
2022-05-10 15:59:00,694 | There is no customer defined id or cdk path defined for resource EncryptFunctionLogGroup, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,694 | Sam customer defined id is more priority than other IDs. Customer defined id for resource RuntimeDependenciesLayer is RuntimeDependenciesLayer
2022-05-10 15:59:00,695 | Unable to resolve property AllocationId: OrderedDict([('Fn::GetAtt', ['NatGateway1EIP', 'AllocationId'])]). Leaving as is.
2022-05-10 15:59:00,696 | 21 stacks found in the template
2022-05-10 15:59:00,696 | Collected default values for parameters: {'PubSubnet1CidrBlock': '10.10.1.0/24', 'PrivateSubnet1CidrBlock': '10.10.2.0/24', 'StageName': 'stage', 'VpcCidrBlock': '10.10.0.0/16'}
2022-05-10 15:59:00,710 | There is no customer defined id or cdk path defined for resource Vpc, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,710 | There is no customer defined id or cdk path defined for resource PubSubnet1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,710 | There is no customer defined id or cdk path defined for resource InternetGateway, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,710 | There is no customer defined id or cdk path defined for resource InternetGatewayAttachment, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,710 | There is no customer defined id or cdk path defined for resource RouteTable, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,710 | There is no customer defined id or cdk path defined for resource PublicInternetRoute, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,710 | There is no customer defined id or cdk path defined for resource PubSubnet1RouteTableAssociation, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,710 | There is no customer defined id or cdk path defined for resource PrivateSubnet1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,710 | There is no customer defined id or cdk path defined for resource NatGateway1EIP, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,710 | There is no customer defined id or cdk path defined for resource NatGateway1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,710 | There is no customer defined id or cdk path defined for resource PrivateRouteTable1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,710 | There is no customer defined id or cdk path defined for resource DefaultPrivateRoute1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,710 | There is no customer defined id or cdk path defined for resource PrivateSubnet1RouteTableAssociation, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,710 | There is no customer defined id or cdk path defined for resource RestApiLambdasSg, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,711 | There is no customer defined id or cdk path defined for resource RestApi, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,711 | There is no customer defined id or cdk path defined for resource RestApiFunctionRole, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,711 | There is no customer defined id or cdk path defined for resource EncryptionKey, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,711 | Sam customer defined id is more priority than other IDs. Customer defined id for resource DecryptFunction is DecryptFunction
2022-05-10 15:59:00,711 | Sam customer defined id is more priority than other IDs. Customer defined id for resource EncryptFunction is EncryptFunction
2022-05-10 15:59:00,711 | There is no customer defined id or cdk path defined for resource EncryptFunctionLogGroup, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,711 | Sam customer defined id is more priority than other IDs. Customer defined id for resource RuntimeDependenciesLayer is RuntimeDependenciesLayer
2022-05-10 15:59:00,712 | Unable to resolve property AllocationId: OrderedDict([('Fn::GetAtt', ['NatGateway1EIP', 'AllocationId'])]). Leaving as is.
2022-05-10 15:59:00,712 | 21 resources found in the stack
2022-05-10 15:59:00,712 | Collected default values for parameters: {'PubSubnet1CidrBlock': '10.10.1.0/24', 'PrivateSubnet1CidrBlock': '10.10.2.0/24', 'StageName': 'stage', 'VpcCidrBlock': '10.10.0.0/16'}
2022-05-10 15:59:00,726 | There is no customer defined id or cdk path defined for resource Vpc, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,726 | There is no customer defined id or cdk path defined for resource PubSubnet1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,726 | There is no customer defined id or cdk path defined for resource InternetGateway, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,726 | There is no customer defined id or cdk path defined for resource InternetGatewayAttachment, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,726 | There is no customer defined id or cdk path defined for resource RouteTable, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,726 | There is no customer defined id or cdk path defined for resource PublicInternetRoute, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,726 | There is no customer defined id or cdk path defined for resource PubSubnet1RouteTableAssociation, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,726 | There is no customer defined id or cdk path defined for resource PrivateSubnet1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,726 | There is no customer defined id or cdk path defined for resource NatGateway1EIP, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,726 | There is no customer defined id or cdk path defined for resource NatGateway1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,726 | There is no customer defined id or cdk path defined for resource PrivateRouteTable1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,726 | There is no customer defined id or cdk path defined for resource DefaultPrivateRoute1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,726 | There is no customer defined id or cdk path defined for resource PrivateSubnet1RouteTableAssociation, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,726 | There is no customer defined id or cdk path defined for resource RestApiLambdasSg, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,726 | There is no customer defined id or cdk path defined for resource RestApi, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,726 | There is no customer defined id or cdk path defined for resource RestApiFunctionRole, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,726 | There is no customer defined id or cdk path defined for resource EncryptionKey, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,726 | Sam customer defined id is more priority than other IDs. Customer defined id for resource DecryptFunction is DecryptFunction
2022-05-10 15:59:00,727 | Sam customer defined id is more priority than other IDs. Customer defined id for resource EncryptFunction is EncryptFunction
2022-05-10 15:59:00,727 | There is no customer defined id or cdk path defined for resource EncryptFunctionLogGroup, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,727 | Sam customer defined id is more priority than other IDs. Customer defined id for resource RuntimeDependenciesLayer is RuntimeDependenciesLayer
2022-05-10 15:59:00,728 | Unable to resolve property AllocationId: OrderedDict([('Fn::GetAtt', ['NatGateway1EIP', 'AllocationId'])]). Leaving as is.
2022-05-10 15:59:00,728 | Collected default values for parameters: {'PubSubnet1CidrBlock': '10.10.1.0/24', 'PrivateSubnet1CidrBlock': '10.10.2.0/24', 'StageName': 'stage', 'VpcCidrBlock': '10.10.0.0/16'}
2022-05-10 15:59:00,743 | There is no customer defined id or cdk path defined for resource Vpc, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,743 | There is no customer defined id or cdk path defined for resource PubSubnet1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,743 | There is no customer defined id or cdk path defined for resource InternetGateway, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,743 | There is no customer defined id or cdk path defined for resource InternetGatewayAttachment, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,743 | There is no customer defined id or cdk path defined for resource RouteTable, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,743 | There is no customer defined id or cdk path defined for resource PublicInternetRoute, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,743 | There is no customer defined id or cdk path defined for resource PubSubnet1RouteTableAssociation, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,743 | There is no customer defined id or cdk path defined for resource PrivateSubnet1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,743 | There is no customer defined id or cdk path defined for resource NatGateway1EIP, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,743 | There is no customer defined id or cdk path defined for resource NatGateway1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,743 | There is no customer defined id or cdk path defined for resource PrivateRouteTable1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,744 | There is no customer defined id or cdk path defined for resource DefaultPrivateRoute1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,744 | There is no customer defined id or cdk path defined for resource PrivateSubnet1RouteTableAssociation, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,744 | There is no customer defined id or cdk path defined for resource RestApiLambdasSg, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,744 | There is no customer defined id or cdk path defined for resource RestApi, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,744 | There is no customer defined id or cdk path defined for resource RestApiFunctionRole, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,744 | There is no customer defined id or cdk path defined for resource EncryptionKey, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,744 | Sam customer defined id is more priority than other IDs. Customer defined id for resource DecryptFunction is DecryptFunction
2022-05-10 15:59:00,744 | Sam customer defined id is more priority than other IDs. Customer defined id for resource EncryptFunction is EncryptFunction
2022-05-10 15:59:00,744 | There is no customer defined id or cdk path defined for resource EncryptFunctionLogGroup, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,744 | Sam customer defined id is more priority than other IDs. Customer defined id for resource RuntimeDependenciesLayer is RuntimeDependenciesLayer
2022-05-10 15:59:00,745 | Unable to resolve property AllocationId: OrderedDict([('Fn::GetAtt', ['NatGateway1EIP', 'AllocationId'])]). Leaving as is.
2022-05-10 15:59:00,745 | --base-dir is not presented, adjusting uri RuntimeDependenciesLayer relative to /Users/<REDACTED>/code/encryption-test/.aws-sam/build/template.yaml
2022-05-10 15:59:00,745 | Found Serverless function with name='DecryptFunction' and CodeUri='DecryptFunction'
2022-05-10 15:59:00,745 | --base-dir is not presented, adjusting uri DecryptFunction relative to /Users/<REDACTED>/code/encryption-test/.aws-sam/build/template.yaml
2022-05-10 15:59:00,746 | Collected default values for parameters: {'PubSubnet1CidrBlock': '10.10.1.0/24', 'PrivateSubnet1CidrBlock': '10.10.2.0/24', 'StageName': 'stage', 'VpcCidrBlock': '10.10.0.0/16'}
2022-05-10 15:59:00,759 | There is no customer defined id or cdk path defined for resource Vpc, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,759 | There is no customer defined id or cdk path defined for resource PubSubnet1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,759 | There is no customer defined id or cdk path defined for resource InternetGateway, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,759 | There is no customer defined id or cdk path defined for resource InternetGatewayAttachment, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,759 | There is no customer defined id or cdk path defined for resource RouteTable, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,759 | There is no customer defined id or cdk path defined for resource PublicInternetRoute, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,759 | There is no customer defined id or cdk path defined for resource PubSubnet1RouteTableAssociation, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,760 | There is no customer defined id or cdk path defined for resource PrivateSubnet1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,760 | There is no customer defined id or cdk path defined for resource NatGateway1EIP, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,760 | There is no customer defined id or cdk path defined for resource NatGateway1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,760 | There is no customer defined id or cdk path defined for resource PrivateRouteTable1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,760 | There is no customer defined id or cdk path defined for resource DefaultPrivateRoute1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,760 | There is no customer defined id or cdk path defined for resource PrivateSubnet1RouteTableAssociation, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,760 | There is no customer defined id or cdk path defined for resource RestApiLambdasSg, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,760 | There is no customer defined id or cdk path defined for resource RestApi, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,760 | There is no customer defined id or cdk path defined for resource RestApiFunctionRole, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,760 | There is no customer defined id or cdk path defined for resource EncryptionKey, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,760 | Sam customer defined id is more priority than other IDs. Customer defined id for resource DecryptFunction is DecryptFunction
2022-05-10 15:59:00,760 | Sam customer defined id is more priority than other IDs. Customer defined id for resource EncryptFunction is EncryptFunction
2022-05-10 15:59:00,760 | There is no customer defined id or cdk path defined for resource EncryptFunctionLogGroup, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,760 | Sam customer defined id is more priority than other IDs. Customer defined id for resource RuntimeDependenciesLayer is RuntimeDependenciesLayer
2022-05-10 15:59:00,761 | Unable to resolve property AllocationId: OrderedDict([('Fn::GetAtt', ['NatGateway1EIP', 'AllocationId'])]). Leaving as is.
2022-05-10 15:59:00,762 | --base-dir is not presented, adjusting uri RuntimeDependenciesLayer relative to /Users/<REDACTED>/code/encryption-test/.aws-sam/build/template.yaml
2022-05-10 15:59:00,762 | Found Serverless function with name='EncryptFunction' and CodeUri='EncryptFunction'
2022-05-10 15:59:00,762 | --base-dir is not presented, adjusting uri EncryptFunction relative to /Users/<REDACTED>/code/encryption-test/.aws-sam/build/template.yaml
2022-05-10 15:59:00,769 | Collected default values for parameters: {'PubSubnet1CidrBlock': '10.10.1.0/24', 'PrivateSubnet1CidrBlock': '10.10.2.0/24', 'StageName': 'stage', 'VpcCidrBlock': '10.10.0.0/16'}
2022-05-10 15:59:00,785 | There is no customer defined id or cdk path defined for resource Vpc, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,785 | There is no customer defined id or cdk path defined for resource PubSubnet1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,785 | There is no customer defined id or cdk path defined for resource InternetGateway, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,785 | There is no customer defined id or cdk path defined for resource InternetGatewayAttachment, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,785 | There is no customer defined id or cdk path defined for resource RouteTable, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,785 | There is no customer defined id or cdk path defined for resource PublicInternetRoute, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,785 | There is no customer defined id or cdk path defined for resource PubSubnet1RouteTableAssociation, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,785 | There is no customer defined id or cdk path defined for resource PrivateSubnet1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,785 | There is no customer defined id or cdk path defined for resource NatGateway1EIP, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,785 | There is no customer defined id or cdk path defined for resource NatGateway1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,785 | There is no customer defined id or cdk path defined for resource PrivateRouteTable1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,786 | There is no customer defined id or cdk path defined for resource DefaultPrivateRoute1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,786 | There is no customer defined id or cdk path defined for resource PrivateSubnet1RouteTableAssociation, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,786 | There is no customer defined id or cdk path defined for resource RestApiLambdasSg, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,786 | There is no customer defined id or cdk path defined for resource RestApi, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,786 | There is no customer defined id or cdk path defined for resource RestApiFunctionRole, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,786 | There is no customer defined id or cdk path defined for resource EncryptionKey, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,786 | Sam customer defined id is more priority than other IDs. Customer defined id for resource DecryptFunction is DecryptFunction
2022-05-10 15:59:00,786 | Sam customer defined id is more priority than other IDs. Customer defined id for resource EncryptFunction is EncryptFunction
2022-05-10 15:59:00,786 | There is no customer defined id or cdk path defined for resource EncryptFunctionLogGroup, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,786 | Sam customer defined id is more priority than other IDs. Customer defined id for resource RuntimeDependenciesLayer is RuntimeDependenciesLayer
2022-05-10 15:59:00,787 | Unable to resolve property AllocationId: OrderedDict([('Fn::GetAtt', ['NatGateway1EIP', 'AllocationId'])]). Leaving as is.
2022-05-10 15:59:00,788 | Collected default values for parameters: {'PubSubnet1CidrBlock': '10.10.1.0/24', 'PrivateSubnet1CidrBlock': '10.10.2.0/24', 'StageName': 'stage', 'VpcCidrBlock': '10.10.0.0/16'}
2022-05-10 15:59:00,801 | There is no customer defined id or cdk path defined for resource Vpc, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,801 | There is no customer defined id or cdk path defined for resource PubSubnet1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,801 | There is no customer defined id or cdk path defined for resource InternetGateway, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,801 | There is no customer defined id or cdk path defined for resource InternetGatewayAttachment, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,801 | There is no customer defined id or cdk path defined for resource RouteTable, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,801 | There is no customer defined id or cdk path defined for resource PublicInternetRoute, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,801 | There is no customer defined id or cdk path defined for resource PubSubnet1RouteTableAssociation, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,801 | There is no customer defined id or cdk path defined for resource PrivateSubnet1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,802 | There is no customer defined id or cdk path defined for resource NatGateway1EIP, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,802 | There is no customer defined id or cdk path defined for resource NatGateway1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,802 | There is no customer defined id or cdk path defined for resource PrivateRouteTable1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,802 | There is no customer defined id or cdk path defined for resource DefaultPrivateRoute1, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,802 | There is no customer defined id or cdk path defined for resource PrivateSubnet1RouteTableAssociation, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,802 | There is no customer defined id or cdk path defined for resource RestApiLambdasSg, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,802 | There is no customer defined id or cdk path defined for resource RestApi, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,802 | There is no customer defined id or cdk path defined for resource RestApiFunctionRole, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,802 | There is no customer defined id or cdk path defined for resource EncryptionKey, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,802 | Sam customer defined id is more priority than other IDs. Customer defined id for resource DecryptFunction is DecryptFunction
2022-05-10 15:59:00,802 | Sam customer defined id is more priority than other IDs. Customer defined id for resource EncryptFunction is EncryptFunction
2022-05-10 15:59:00,802 | There is no customer defined id or cdk path defined for resource EncryptFunctionLogGroup, so we will use the resource logical id as the resource id
2022-05-10 15:59:00,802 | Sam customer defined id is more priority than other IDs. Customer defined id for resource RuntimeDependenciesLayer is RuntimeDependenciesLayer
2022-05-10 15:59:00,803 | Unable to resolve property AllocationId: OrderedDict([('Fn::GetAtt', ['NatGateway1EIP', 'AllocationId'])]). Leaving as is.
2022-05-10 15:59:00,803 | Detected Inline Swagger definition
2022-05-10 15:59:00,803 | Lambda function integration not found in Swagger document at path='/encrypt' method='post'
2022-05-10 15:59:00,803 | Lambda function integration not found in Swagger document at path='/decrypt' method='post'
2022-05-10 15:59:00,803 | Found '0' APIs in resource 'RestApi'
2022-05-10 15:59:00,804 | Found '1' API Events in Serverless function with name 'DecryptFunction'
2022-05-10 15:59:00,804 | Found '1' API Events in Serverless function with name 'EncryptFunction'
2022-05-10 15:59:00,804 | Removed duplicates from '2' Explicit APIs and '0' Implicit APIs to produce '2' APIs
2022-05-10 15:59:00,804 | 2 APIs found in the template
2022-05-10 15:59:00,810 | Mounting DecryptFunction at http://127.0.0.1:3000/decrypt [POST]
2022-05-10 15:59:00,810 | Mounting EncryptFunction at http://127.0.0.1:3000/encrypt [POST]
2022-05-10 15:59:00,810 | You can now browse to the above endpoints to invoke your functions. You do not need to restart/reload SAM CLI while working on your functions, changes will be reflected instantly/automatically. You only need to restart SAM CLI if you update your AWS SAM template
2022-05-10 15:59:00,810 | Localhost server is starting up. Multi-threading = True
2022-05-10 15:59:00 * Running on http://127.0.0.1:3000/ (Press CTRL+C to quit)
2022-05-10 15:59:21,139 | Constructed String representation of Event to invoke Lambda. Event: {"body": "{\n \"data\": \"hello\"\n }", "headers": {"Accept": "*/*", "Content-Length": "31", "Content-Type": "application/json", "Host": "127.0.0.1:3000", "User-Agent": "curl/7.79.1", "X-Forwarded-Port": "3000", "X-Forwarded-Proto": "http"}, "httpMethod": "POST", "isBase64Encoded": false, "multiValueHeaders": {"Accept": ["*/*"], "Content-Length": ["31"], "Content-Type": ["application/json"], "Host": ["127.0.0.1:3000"], "User-Agent": ["curl/7.79.1"], "X-Forwarded-Port": ["3000"], "X-Forwarded-Proto": ["http"]}, "multiValueQueryStringParameters": null, "path": "/encrypt", "pathParameters": null, "queryStringParameters": null, "requestContext": {"accountId": "123456789012", "apiId": "1234567890", "domainName": "127.0.0.1:3000", "extendedRequestId": null, "httpMethod": "POST", "identity": {"accountId": null, "apiKey": null, "caller": null, "cognitoAuthenticationProvider": null, "cognitoAuthenticationType": null, "cognitoIdentityPoolId": null, "sourceIp": "127.0.0.1", "user": null, "userAgent": "Custom User Agent String", "userArn": null}, "path": "/encrypt", "protocol": "HTTP/1.1", "requestId": "b59d7f61-2b01-40f7-994f-8112d7826c68", "requestTime": "10/May/2022:19:59:00 +0000", "requestTimeEpoch": 1652212740, "resourceId": "123456", "resourcePath": "/encrypt", "stage": "stage"}, "resource": "/encrypt", "stageVariables": null, "version": "1.0"}
2022-05-10 15:59:21,139 | Found one Lambda function with name 'EncryptFunction'
2022-05-10 15:59:21,139 | Invoking dist/handlers/encrypt.handler (nodejs14.x)
2022-05-10 15:59:21,139 | Environment variables overrides data is standard format
2022-05-10 15:59:21,139 | Loading AWS credentials from session with profile 'None'
2022-05-10 15:59:21,156 | Resolving code path. Cwd=/Users/<REDACTED>/code/encryption-test/.aws-sam/build, CodeUri=/Users/<REDACTED>/code/encryption-test/.aws-sam/build/EncryptFunction
2022-05-10 15:59:21,156 | Resolved absolute path to code is /Users/<REDACTED>/code/encryption-test/.aws-sam/build/EncryptFunction
2022-05-10 15:59:21,156 | Code /Users/<REDACTED>/code/encryption-test/.aws-sam/build/EncryptFunction is not a zip/jar file
2022-05-10 15:59:21,156 | Code /Users/<REDACTED>/code/encryption-test/.aws-sam/build/RuntimeDependenciesLayer is not a zip/jar file
2022-05-10 15:59:21,156 | RuntimeDependenciesLayer is a local Layer in the template
2022-05-10 15:59:21,157 | Resolving code path. Cwd=/Users/<REDACTED>/code/encryption-test/.aws-sam/build, CodeUri=/Users/<REDACTED>/code/encryption-test/.aws-sam/build/RuntimeDependenciesLayer
Building image........................
2022-05-10 15:59:24,740 | Skip pulling image and use local one: samcli/lambda:nodejs14.x-x86_64-f88a901bbe51b578e9260ae49.
2022-05-10 15:59:24,740 | Mounting /Users/<REDACTED>/code/encryption-test/.aws-sam/build/EncryptFunction as /var/task:ro,delegated inside runtime container
2022-05-10 15:59:25,109 | Starting a timer for 100 seconds for function 'EncryptFunction'
START RequestId: c5583bab-d999-4005-a2ae-dbedaedaa09c Version: $LATEST
2022-05-10T19:59:25.856Z c5583bab-d999-4005-a2ae-dbedaedaa09c ERROR UnrecognizedClientException: The security token include} retryDelay: 84.6510267486841a9-9f36-cd06e2612b08',es/aws-sdk/lib/sequential_executor.js:116:18) {
END RequestId: c5583bab-d999-4005-a2ae-dbedaedaa09c
REPORT RequestId: c5583bab-d999-4005-a2ae-dbedaedaa09c Init Duration: 0.26 ms Duration: 719.25 ms Billed Duration: 720 ms Memory Size: 1024 MB Max Memory Used: 1024 MB
2022-05-10 15:59:26,017 | Cleaning all decompressed code dirs
2022-05-10 15:59:26,017 | Unable to find Click Context for getting session_id.
2022-05-10 15:59:26 127.0.0.1 - - [10/May/2022 15:59:26] "POST /encrypt HTTP/1.1" 400 -
Expected result:
Making the curl call against sam local start-api should work the same as against API Gateway.
Additional environment details (Ex: Windows, Mac, Amazon Linux etc)
- OS: macos Moterrey 12.3.1
sam --version: SAM CLI, version 1.46.0- AWS region: us-east-2
I’m running nodejs 14.x with image samcli/lambda:nodejs14.x-x86_64-f88a901bbe51b578e9260ae49.
Add --debug flag to command you are running
Issue Analytics
- State:
- Created a year ago
- Comments:5 (2 by maintainers)
Top Results From Across the Web
aws sam invalid token included in the request is invalid
I get this error: Error: Failed to create managed resources: An error occurred (InvalidClientTokenId) when calling the CreateChangeSet operation ...
Read more >The Security Token included in the Request is Invalid
The error "the Security Token included in the Request in Invalid" can occur for multiple reasons: ... The user's access key ID and...
Read more >sam local start-lambda - AWS Serverless Application Model
This command starts a local endpoint that emulates AWS Lambda. ... AWS CLI or SDK, it locally executes the Lambda function that's specified...
Read more >CLI | What I Broke – Programming and Web Development
I ran into the following error while using the AWS SAM Cli: ... operation: The security token included in the request is invalid....
Read more >The security token included in the request is invalid - Seed.run
Error Message. The security token included in the request is invalid · Problem. This happens when the AWS credentials used for your Serverless...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Thanks for this!
I was able to get the sample to work using my local credentials. Closing.
Thanks for your feedback.
That is the reason why we have implemented Accelerate features. It is not possible to test all the aspects of serverless functions on your local machine. As you mentioned, we can’t assume the role that is used in the template with
sam localcommands. And also, we can’t provide local emulations for all other services that AWS offers.For that reason I would highly recommend giving Accelerate a try. If you have any questions or concern please feel free to comment under this issue https://github.com/aws/aws-sam-cli/issues/3264 or create a new one.
I will keep this one until I got your feedback to see if there are any issues with emulation image that we have.