Authorizer traces not correlated with API gateway traces

[arturenault]

Expected Behavior

If a lambda is gated behind an AWS API Gateway Authorizer, I'd expect the call to the authorizer to be part of the same trace as the overall API Gateway call and lambda execution.

Actual Behavior

The overarching trace that captures the full request trace goes through to the main lambda, but not to the authorizer lambda. That one has a separate trace.

Steps to Reproduce the Problem

1. Create a lambda with a function gated by an API Gateway authorizer
2. Cnfigure the datadog library and extension for both
3. See the traces separately on the dashboard

Specifications

• Serverless Framework version: 3.12.0 (upgraded to debug, was using 2.72.2 before)
• Datadog Serverless Plugin version: 4.3.0 (upgraded to debug, was using 3.7.1 before)
• Lambda function runtime (Python 3.7, Node 10, etc.): Node 14

Let me know if this isn't the right place for this issue - I'm using the plugin so I figured I'd start here.

[dls314]

A 'request' typed authorizer has access to the request headers while a token authorizer doesn't have the header data, so you might get something workable with the other authenticator type.

Even there, I'd expect that the layer may not automatically extract the trace context

[astuyve]

Hi @arturenault - this is true. Right now, we do not propagate trace context through authorizer functions. I will forward this on to the Product team and leave it open as a feature request.

Thanks!

[tianchu]

Just a quick update, @astuyve already have a RFC, will likely make some progress later this quarter. But it's non-trivial, so it will take some time.

[arturenault]

Thank you - for others hitting this, I was able to get correlated traces by switching to Request authorizers. But would be nice to get it in all kinds of authorizers.

[dls314]

Will this work for TOKEN and REQUEST typed authorizers?

[astuyve]

Yes!

[ranayash45]

@joeyzhao2018 Can you please also done this improvement for Go Lang??