HTTP node not using AWS Lambda IAM credentials from predefined credentials (AWS Lambda node works)

Ahmad_Rajput · April 29, 2025, 3:13pm

Describe the problem/error/question

The HTTP node isn’t picking up the AWS Lambda credentials. I configured credentials by attaching a policy directly to the IAM user, generating access keys and using them in the predefined credentials. The AWS Lambda node works fine. I want to use the HTTP node because it supports batching and concurrent executions, which the Lambda node doesn’t.

I have had the same issue before but I “fixed” that by not using authentication at all and now I want to use authentication.

What is the error message (if any)?

message:Forbidden - perhaps check your credentials?
name:NodeApiError
description:Forbidden
context:[empty object]
message:403 - “{"Message":"Forbidden"}”
name:AxiosError

Please share your workflow

Share the output returned by the last node

Information on your n8n setup

n8n version: 1.89.2
Database (default: SQLite): Postgres
n8n EXECUTIONS_PROCESS setting (default: own, main): queue maybe
Running n8n via (Docker, npm, n8n cloud, desktop app): Docker
Operating system: Docker

ThinkBot · April 29, 2025, 5:36pm

Are you sure the URL is correct?

Is there any subpaths / endpoints the URL should be formatted with? Usually you don’t just post to a raw URL but a specific endpoint. But I am not hyper familiar with AWS lambda, if that is a function, then maybe there aren’t any additional url paths.

Ahmad_Rajput · April 29, 2025, 6:47pm

I have worked with aws lambda before and I am pretty sure the url is correct. That is why it says unauthorized. The credentials also cannot be wrong as they are listing the function names correctly. I highly suspect that https node is not including the AWS predefined credentials in it.

ThinkBot · April 30, 2025, 1:54am

Are you able to try with adding a header for bearer or basic or perhaps JWT auth?

Ahmad_Rajput · April 30, 2025, 8:11am

your advice misses the fundamental point AWS doesn’t takes a simple bearer or basic auth header at Lambda and the HTTP node in n8n is not automatically picking up or applying AWS access keys, only the dedicated AWS Lambda node (which i believe uses the AWS SDK under the hood) does

AWS Lambda’s HTTPS API requires AWS Signature Version 4, not a bearer token. When we use the AWS Lambda node in n8n, it internally takes access key and secret, builds the request, computes the HMAC‐SHA256 signature and then sends it. I recommend you read this link:

or for more easy explaination:

The requests have clear X-Amz-* headers which i cannot see in the https node raw request output in the console. The only other option i can think of is using subworkflows but since there could be potentially 100s of requests I really want to avoid it. Https node is quite versatile and handles everything we can think of but in this case I am unable to understand what I am doing wrong.

mohamed3nan · April 30, 2025, 9:16am

Hi @Ahmad_Rajput

I have a suggestion that’s worked for me when AWS_IAM felt overly complicated.

Instead of using AWS_IAM for Lambda authorization, we can use a custom header and design the function to handle it.

Here’s how you can do it:

Disable built-in auth:
- On your Configure Function URL page, set Auth type to NONE.
- This removes the AWS_IAM requirement but still lets the HTTP node invoke your function.
Add a custom header:
- In the Allow headers list, add something like x-custom-header
- The HTTP node will forward this header in each request.
  
  image806×177 8.72 KB
Enforce your own check in Lambda, something like this

image702×503 18.1 KB
HTTP node config
- Under Headers, add x-custom-header with your value
  
  image1043×682 44.2 KB

If someone sends the wrong header value, your Lambda will automatically return the expected 403 error

Ahmad_Rajput · April 30, 2025, 11:32am

Thank you @mohamed3nan ,

I also suspected the same we have to do this, i was thinking about basic auth but this also works good. I will mark your answer as the solution.

Do you think i should raise this as a bug report? What about requesting a feature for batching AWS Lambda node requests?

mohamed3nan · April 30, 2025, 11:49am

You’re welcome!

To be honest, I haven’t personally dealt with X-Amz-* headers or AWS_IAM auth directly in this context, so I can’t say for sure whether it’s a bug.
But if you suspect it is, I’d definitely suggest opening a GitHub issue!

As for built-in batching AWS Lambda node, I think that’s a solid idea.
There are plenty of use cases where batching could be really useful, so it’s worth submitting a feature request as well Feature Requests

interss · April 30, 2025, 7:44pm

Excellent solution

system · May 7, 2025, 7:44pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.