AWS API Gateway Custom Authorizer AuthorizerConfigurationException

Question

For a Kinesis stream, I created a proxy API using AWS API Gateway. I added a custom authorizer using python Lambda for the proxy. After publishing of lambda function and deploy of API, I was able to successfully test the API using Gateway Test functionality. I could see the logs in cloud watch which had detailed prints from custom auth lambda function. After successful authentication, API Gateway pushed the record to my Kinesis stream

However, when I call the same API from Chrome Postman client, I get 500 Internal Server Error and response headers includes X-Cache → Error from CloudFront, x-amzn-ErrorType → AuthorizerConfigurationException  

Lambda auth function returns the policy which allows executing a request for my API. Policy Document returned is: 

            {

              "policyDocument": {

                "Version": "2012-10-17",

                "Statement": [

                  {

                    "Action": "execute-api:Invoke",

                    "Resource": [

                      "arn:aws:execute-api:us-east-1:1234567:myapiId/staging/POST/*"

                    ],

                    "Effect": "Allow"

                  }

                ]

              },

              "principalId": "Foo"

            }

Why does the request fail from Chrome or curl but the same API test works fine from API Gateway?

Answer 1

The Lambda function should return a JSON object rather than a JSON string. From the API the error doesn't occur, but from the internet, it occurs. 

#return policy_string ... this is incorrect.

return json.loads(policy_string)