我正在尝试为 SAM 应用程序中的路由添加 Lambda 授权方。
虽然我可以通过 AWS 控制台(API 网关 -> 路由 -> 配置授权)轻松完成此操作,但当我尝试通过 template.yaml 文件实现授权时,会创建一个单独的 API 网关。因此,我有两个不同的 API 网关(调用 url)用于“ protected ”端点和公共(public)端点。
如何将 protected 路由和公共(public)路由保留在同一个 API 网关中?
# Settings for a public endpoint:
checkFunction:
Type: AWS::Serverless::Function
Properties:
Handler: src/handlers/check.handler
Runtime: nodejs14.x
Architectures:
- x86_64
MemorySize: 128
Timeout: 100
Description: Check function
Events:
HttpApiEvent:
Type: HttpApi
Properties:
Path: /check
Method: POST
# Settings for a protected endpoint:
protectedFunction:
Type: AWS::Serverless::Function
Properties:
Handler: src/handlers/protected.handler
Runtime: nodejs14.x
Architectures:
- x86_64
MemorySize: 128
Timeout: 100
Description: Protected function
Events:
HttpApiEvent:
Type: HttpApi
Properties:
ApiId: !Ref protectedApi
Path: /protected
Method: GET
protectedApi:
Type: AWS::Serverless::HttpApi
Properties:
StageName: Prod
Auth:
DefaultAuthorizer: bh_authorizer
Authorizers:
bh_authorizer:
FunctionArn: !GetAtt authorizerFunction.Arn
FunctionInvokeRole: !GetAtt authorizerFunctionRole.Arn
Identity:
Headers:
- Authorization
AuthorizerPayloadFormatVersion: 2.0
EnableSimpleResponses: true
authorizerFunction:
Type: AWS::Serverless::Function
Properties:
Handler: src/handlers/authorizer.handler
Runtime: nodejs14.x
Architectures:
- x86_64
MemorySize: 128
Timeout: 100
Description: Authorizer function
最佳答案
在您希望保持不 protected 事件下,添加单独的 Auth 属性:
Auth:
Authorizer: NONE
因此,在您的情况下,checkFunction 资源的事件将如下所示:
Events:
HttpApiEvent:
Type: HttpApi
Properties:
Path: /check
Method: POST
ApiId: !Ref protectedApi # ADD THIS TO MAKE SURE IT'S PART OF THE SAME API
Auth:
Authorizer: NONE
关于amazon-web-services - 如何使用同一 API 网关将 lambda 授权方添加到 AWS SAM 应用程序,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/72262440/