我正在尝试构建 AWS CloudFormation 模板来创建 API 网关。
当我手动创建 API Gateway 时,我使用阶段变量为不同阶段使用不同的 AWS 函数。
adminLogin 的阶段变量,adminLogin 的值将是 -
dev_adminLogin 当 API Gateway 的阶段为 devstage_adminLogin(当 API 网关的阶段为 stage 时)
API Gateway 的资源集成请求 -
阶段变量映射 -
CloudFormation 模板片段 -
test:
Type: 'AWS::ApiGateway::RestApi'
Properties:
Name: 'test'
Body:
swagger: "2.0"
info:
version: "2019-04-11T02:29:18Z"
title: "Test"
basePath: !Ref "testEnv"
schemes:
- "https"
paths:
/admin/login:
post:
consumes:
- "application/json"
produces:
- "application/json"
responses:
'200':
description: "200 response"
schema:
$ref: "#/definitions/Empty"
x-amazon-apigateway-integration:
#uri: !Sub "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${stageVariables.adminLogin}/invocations"
uri: !Join [
'', [
'arn:',
'aws:',
'apigateway:',
!Ref "AWS::Region",
':lambda:',
'path/2015-03-31/functions/',
'${stageVariables.adminLogin}',
'/invocations'
]
]
responses:
default:
statusCode: "200"
passthroughBehavior: "when_no_templates"
httpMethod: "POST"
contentHandling: "CONVERT_TO_TEXT"
type: "aws_proxy"
运行 cloudformation 模板时出现以下错误 -
Errors found during import: Unable to put integration on 'POST' for resource at path '/admin/login': Invalid lambda function
(Service: AmazonApiGateway;
Status Code: 400;
Error Code: BadRequestException;
问题肯定出在 uri 属性上,
我都尝试过 -
uri: !Sub "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${stageVariables.adminLogin}/invocations"
和
uri: !Join ['', ['arn:','aws:','apigateway:',!Ref "AWS::Region",':lambda:','path/2015-03-31/functions/','${!stageVariables.adminLogin}','/invocations']]
引用-
最佳答案
应使用 Lambda ARN(而不仅仅是 Lambda 函数名称)提及 Lambda 函数
例如:
uri: "arn:aws:apigateway:REGION:lambda:path/2015-03-31/functions/arn:aws:lambda:REGION:ACCOUNTID:function:dev_adminLogin/invocations"
按如下方式将其放在 cloudformation 中应该可以工作
uri: !Join
- ''
- - 'arn:aws:apigateway:'
- !Ref "AWS::Region"
- ':lambda:path/2015-03-31/functions/arn:aws:lambda:'
- !Ref "AWS::Region"
- ':'
- !Ref "AWS::AccountId"
- ':function:${stageVariables.adminLogin}/invocations'
还要记住添加 lambda 权限(对于 dev_adminLogin 和 stage_adminLogin),否则 apigateway 将无法调用 lambda 并会收到 5XX 错误
使用 CLI:
aws lambda add-permission --function-name "arn:aws:lambda:REGION:ACCOUNTID:function:dev_adminLogin" --source-arn "arn:aws:execute-api:REGION:ACCOUNTID:API_ID/*/POST/admin/login" --principal apigateway.amazonaws.com --statement-id stmt1 --action lambda:InvokeFunction
aws lambda add-permission --function-name "arn:aws:lambda:REGION:ACCOUNTID:function:stage_adminLogin" --source-arn "arn:aws:execute-api:REGION:ACCOUNTID:API_ID/*/POST/admin/login" --principal apigateway.amazonaws.com --statement-id stmt2 --action lambda:InvokeFunction
引用号:https://docs.aws.amazon.com/cli/latest/reference/lambda/add-permission.html
关于amazon-web-services - 如何使用 AWS CloudFormation 在 AWS API Gateway 集成中指定阶段变量?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56882123/