For context:

We have some devices handled in AWS IOT core. Sometimes there are some issues and these things don’t send data properly. So the idea is to have in the browser a terminal that allows the user to connect to the device and check the status of it and run some commands there.

In the project we have followed AWS docs for doing exactly this.

So we have the lambda implemented though proxy integration in API Gateway. It creates the tunnel and returns in the response the headers to set the cookie in the browser. This cookie would allow the connection with the tunnel through a web socket. But we cannot make it work.

When the lambda replies with the cookie domain set to .amazonwas.com (as specified in the docs), a warning appears complaining that the cookie domain is different from the domain that is making the request.

There is no clear reason why this is happening, as the proxy integration should solve this. Plus there are the right headers to set the cookie with a different domain.

In the set-cookie headers we have SameSite=None; Secure

The Access-Control-Allow-Origin is set to the same domain that is doing the request.

The Access-Control-Allow-Credentials is set to true.

But the cookie in the dev tools keep showing a warning and, checking on browser, the cookie is not set. We have checked many other forums and SO responses like this, but we are still getting the same result

I we change the domain of the cookie pointing to our site’s domain it works. The cookie is stored in the browser. The problem is that after that, we try to open a web socket and it fails. The error is not verbose at all.

We are hard stuck with this.

Any idea why is this failing? Is there something missing in the docs?