使用Lambda Authorizer的AWS API网关
使用Lambda Authorizer的AWS API网关
提问于 2019-10-29 03:55:18
我正在尝试配置一个API Gateway,它从请求路径获取一个代理参数,并从Lambda authorizer返回一个参数并将其放入报头中,这样它就可以传递给我运行Spring Boot的Elastic Beanstalk REST API。
代理路径工作正常;根据文档,我的Lambda函数在"context“映射中返回变量"x-api-auth”。
唯一不起作用的是将"x-api-auth“添加到请求头。:(每当我运行我的Jenkins构建来更新Cloudformation堆栈时,我都会收到这个错误:
Errors found during import: Unable to put integration on 'ANY' for resource at path '/sfdc/v1/feature-api/{proxy+}': Invalid mapping expression specified: Validation Result: warnings : [], errors : [Invalid mapping expression specified: $context.authorizer.x-api-auth] (Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException这非常令人沮丧,我已经仔细检查了OpenAPI文档以确保我的语法是正确的。如有任何帮助或建议,我们将不胜感激!
这是我拥有的Cloudformation模板:
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Data API pipeline initial Cloudformation template
Mappings:
EnvironmentMapping:
alpha:
certificationArn: ""
carfaxIpWhitelistRuleId: ""
hostedZoneId: XYZ
authLambda: ""
sfdcAuthLambda: ""
myApiNetworkLoadBalancer: ""
sfdcAuthTimeout: 1
beta:
certificationArn: ""
carfaxIpWhitelistRuleId: ""
hostedZoneId: XYZ
authLambda: ""
sfdcAuthLambda: ""
myApiNetworkLoadBalancer: ""
sfdcAuthTimeout: 1
prod:
certificationArn: ""
carfaxIpWhitelistRuleId: ""
hostedZoneId: ABC
authLambda: ""
sfdcAuthLambda: ""
myApiNetworkLoadBalancer: ""
sfdcAuthTimeout: 1
Parameters:
EnvironmentType:
Type: "String"
AllowedValues:
- alpha
- beta
- prod
Conditions:
UseProdCondition: !Equals [!Ref EnvironmentType, prod]
Resources:
MyApiVpcLink:
Type: AWS::ApiGateway::VpcLink
Properties:
Name: MyApiVpcLink
Description: Allows data-api-gateway to access the VPC that my-api is on.
TargetArns:
- !FindInMap [EnvironmentMapping, !Ref EnvironmentType, myApiNetworkLoadBalancer]
DataApi:
DependsOn:
- MyApiVpcLink
Type: AWS::Serverless::Api
Properties:
Name: !Sub "${EnvironmentType}-data-api"
StageName: !Ref EnvironmentType
DefinitionBody:
swagger: 2.0
security:
- ApiKey: []
info:
title: !Sub "${EnvironmentType}-data-api"
paths:
/sfdc/v1/my-api/{proxy+}:
x-amazon-apigateway-any-method:
produces:
- application/json
parameters:
- in: path
name: proxy
required: true
schema:
type: string
- in: header
name: x-api-auth
required: true
schema:
type: string
security:
- SfdcAuthorizer: []
ApiKey: []
x-amazon-apigateway-api-key-source: HEADER
x-amazon-apigateway-gateway-responses:
ACCESS_DENIED:
statusCode: 403
responseTemplates:
application/json: '{\n\"message\": \"Access Denied\"}'
x-amazon-apigateway-integration:
httpMethod: ANY
type: http_proxy
connectionType: VPC_LINK
connectionId: !Ref MyApiVpcLink
passthroughBehavior: when_no_match
uri: !If [UseProdCondition, 'http://myapp.production.aws-int.myorg.io/{proxy}',!Sub 'http://${EnvironmentType}-myapp.staging.aws-int.myorg.io/{proxy}']
requestParameters:
integration.request.path.proxy: "method.request.path.proxy"
# -------------------- this breaks it once added -------------------
integration.request.header.x-api-auth: "$context.authorizer.x-api-auth"
# ------------------------------------------------------------------
definitions:
Empty:
type: object
Error:
type: object
properties:
message:
type: string
securityDefinitions:
SfdcAuthorizer:
type: 'apiKey'
name: 'Authorization'
in: 'header'
x-amazon-apigateway-authtype: 'custom'
x-amazon-apigateway-authorizer:
authorizerUri: !Join ['', [!Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/', !FindInMap [EnvironmentMapping, !Ref EnvironmentType, sfdcAuthLambda], '/invocations']]
authorizerResultTtlInSeconds: !FindInMap [EnvironmentMapping, !Ref EnvironmentType, sfdcAuthTimeout]
type: 'token'
ApiKey:
type: apiKey
name: x-api-key
in: header回答 1
Stack Overflow用户
发布于 2019-10-29 05:07:00
好吧..。在遵循文档一无所获之后,我变得无法无天,从“Integration.request.header.x-api-auth”中删除了"$“...这招很管用。不知道我是怎么想的。
下面是完整的YAML工作文件。我把它贴在这里,以防它能帮助其他正在尝试设置网关的人,该网关采用代理路径,并期望从Lambda授权程序返回。
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Data API pipeline initial Cloudformation template
Mappings:
EnvironmentMapping:
alpha:
certificationArn: ""
carfaxIpWhitelistRuleId: ""
hostedZoneId: XYZ
authLambda: ""
sfdcAuthLambda: ""
myApiNetworkLoadBalancer: ""
sfdcAuthTimeout: 1
beta:
certificationArn: ""
carfaxIpWhitelistRuleId: ""
hostedZoneId: XYZ
authLambda: ""
sfdcAuthLambda: ""
myApiNetworkLoadBalancer: ""
sfdcAuthTimeout: 1
prod:
certificationArn: ""
carfaxIpWhitelistRuleId: ""
hostedZoneId: ABC
authLambda: ""
sfdcAuthLambda: ""
myApiNetworkLoadBalancer: ""
sfdcAuthTimeout: 1
Parameters:
EnvironmentType:
Type: "String"
AllowedValues:
- alpha
- beta
- prod
Conditions:
UseProdCondition: !Equals [!Ref EnvironmentType, prod]
Resources:
MyApiVpcLink:
Type: AWS::ApiGateway::VpcLink
Properties:
Name: MYApiVpcLink
Description: Allows data-api-gateway to access the VPC that feature-api is on.
TargetArns:
- !FindInMap [EnvironmentMapping, !Ref EnvironmentType, myApiNetworkLoadBalancer]
DataApi:
DependsOn:
- MyApiVpcLink
Type: AWS::Serverless::Api
Properties:
Name: !Sub "${EnvironmentType}-data-api"
StageName: !Ref EnvironmentType
DefinitionBody:
swagger: 2.0
security:
- ApiKey: []
info:
title: !Sub "${EnvironmentType}-data-api"
paths:
/sfdc/v1/my-api/{proxy+}:
x-amazon-apigateway-any-method:
produces:
- application/json
parameters:
- in: path
name: proxy
required: true
schema:
type: string
- in: header
name: x-api-auth
required: true
schema:
type: string
security:
- SfdcAuthorizer: []
ApiKey: []
x-amazon-apigateway-api-key-source: HEADER
x-amazon-apigateway-gateway-responses:
ACCESS_DENIED:
statusCode: 403
responseTemplates:
application/json: '{\n\"message\": \"Access Denied\"}'
x-amazon-apigateway-integration:
httpMethod: ANY
type: http_proxy
connectionType: VPC_LINK
connectionId: !Ref MyApiVpcLink
passthroughBehavior: when_no_match
uri: !If [UseProdCondition, 'http://myapp.production.aws-int.myorg.io/{proxy}',!Sub 'http://${EnvironmentType}-myapp.staging.aws-int.myorg.io/{proxy}']
requestParameters:
integration.request.path.proxy: "method.request.path.proxy"
integration.request.header.x-api-auth: "context.authorizer.x-api-auth"
definitions:
Empty:
type: object
Error:
type: object
properties:
message:
type: string
securityDefinitions:
SfdcAuthorizer:
type: 'apiKey'
name: 'Authorization'
in: 'header'
x-amazon-apigateway-authtype: 'custom'
x-amazon-apigateway-authorizer:
authorizerUri: !Join ['', [!Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/', !FindInMap [EnvironmentMapping, !Ref EnvironmentType, sfdcAuthLambda], '/invocations']]
authorizerResultTtlInSeconds: !FindInMap [EnvironmentMapping, !Ref EnvironmentType, sfdcAuthTimeout]
type: 'token'
ApiKey:
type: apiKey
name: x-api-key
in: header页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/58597567
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号