I have a Quarkus (3.12.3) AWS lambda application deployed as a Java 21 zip package (for SnapStart, which doesn’t support containers as of writing). I’m using AWS HTTP v2 API gateway (payload format version 2.0) with a Cognito authorizer. All routes are currently set to be authorized by an admin role, which I understood to map from a Cognito group.
I’m using quarkus-hibernate-orm-rest-data-panache which I understood to not be reactive.
When deploying the application (lambda handler is io.quarkus.amazon.lambda.runtime.QuarkusStreamHandler::handleRequest) it seems the API authentication is successful (Bearer token in the authorization header) because Cognito is allowing the request through to the lambda.
However, the response is always 401. Setting QUARKUS_LOG_LEVEL to DEBUG shows the following entry in CloudWatch logs: