2

Hello AWS Cloud Gurus,

I am trying to allow my REST API to return a 405 when an unsupported HTTP verb is used on any resource.

I see there are ways to define GatewayResponses.

However, I don't see any obvious approach to return a 405 (other than to define it as the DEFAULT_4XX which seems incorrect)

  ExampleApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      OpenApiVersion: '3.0.1'
      GatewayResponses:
        DEFAULT_4XX:
          StatusCode: 405
          ResponseTemplates:
            "application/*": '{ "message": "Method Not Allowed" }'

Does anyone know how to do this?

Improve this question

3 Answers 3

Reset to default
3

I had similar requirement:

  • return response for GET method
  • return 405 for any other HTTP method.

I've solved it following way:

#1 added to my resource in API Gateway method ANY (in addition to already existed GET method)

  • Then for ANY method Integration Response -> Mapping Templates -> New template application/json
  • Added following code to template: #set($context.responseOverride.status = 405)

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

One solution is to create a lambda function, attached to the API, to handle a specific endpoint which needs to indicate 405

  ExampleApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      OpenApiVersion: '3.0.1'

  MethodNotAllowedResponse:
    Type: AWS::Serverless::Function
    Properties:
      Runtime: nodejs14.x
      Handler: index.handler
      InlineCode: |
        let response;
        exports.handler = (event, context, callback) => {
          response = {
            "statusCode": 405,
            "headers": {
              "Content-Type": "application/problem+json"
            },
            "body": JSON.stringify({
              "type": "https://tools.ietf.org/html/rfc7231#section-6",
              "status": 405,
              "title": "Method Not Allowed",
              "detail": `Method ${event.httpMethod} is not allowed on ${event.path}`
            })
            }
          callback(null, response);
        }
      Events:
        Televisions:
          Type: Api
          Properties:
            Auth:
              Authorizer: NONE
            RestApiId: !Ref ExampleApi
            Path: '/not/allowed/path'
            Method: patch
Improve this answer

1 Comment

The HTTP protocol spec requires a 405 response to include the ALLOW header. It's missing here, and that can cause issues like this: docs.apigee.com/api-platform/troubleshoot/runtime/…
0

This can be implemented as a mock integration that you then use for any methods that are not implemented/supported.

Integration request mapping

{
  "statusCode": 405,
  "message": "The invoked method is not supported on the API resource."
}
Improve this answer

3 Comments

I'm confused, so for every endpoint I have a GET for, I would define mock integrations for all the other verbs (e.g PUT, PATCH, etc) just to return a 405?
Yep. I haven’t included the response template but it should be straightforward to implement.
@jakebrinkmann - Stack overflow does not work like a discussion forum, so you should add that to your question, or ask another question, not add it to an answer.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.