【问题标题】:API HTTP Gateway lambda integration 'null' in Resource Path资源路径中的 API HTTP 网关 lambda 集成“空”
【发布时间】:2020-08-18 19:47:23
【问题描述】:

我正在通过 Cloudformation 设置一个带有 lambda 集成的 API HTTP 网关 (V2),到目前为止一切正常。我有 2 个有效的集成,但我的第三个集成不起作用:从 API 网关端看起来一切正常(它列出了正确的路由以及到 Lambda 的链接),但 lambda 中的 API 端点被列为“https://c59boisn2k.execute-api.eu-central-1.amazonaws.com/productionnull ”。当我尝试调用路线时,它显示“未找到”。奇怪的是,我对所有三个集成都使用了相同的模板。

我认为这可能是一个“dependsOn”问题,但我认为我拥有所有正确的依赖项。我尝试从头开始重新创建堆栈,现在三个函数中的两个在其 URL 中显示“null”,而 API 网关仍然声明正确的路由。这可能是一个“依赖”问题吗?

这是我的单一集成模板:

{
  "Resources": {
    "api": {
      "Type": "AWS::ApiGatewayV2::Api",
      "Properties": {
        "Name": { "Ref": "AWS::StackName" },
        "ProtocolType": "HTTP",
        "CorsConfiguration": {
          "AllowMethods": ["*"],
          "AllowOrigins": ["*"]
        }
      }
    },

    "stage": {
      "Type": "AWS::ApiGatewayV2::Stage",
      "Properties": {
        "Description": { "Ref": "AWS::StackName" },
        "StageName": "production",
        "AutoDeploy": true,
        "ApiId": { "Ref": "api" },
        "AccessLogSettings": {
          "DestinationArn": {
            "Fn::GetAtt": ["stageLogGroup", "Arn"]
          }
        }
      }
    },

    "getSignedS3LambdaRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "RoleName": {
          "Fn::Sub": "${AWS::StackName}-getSignedS3"
        },
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": ["lambda.amazonaws.com"]
              },
              "Action": ["sts:AssumeRole"]
            }
          ]
        },
        "Policies": [
          {
            "PolicyName": "root",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Resource": "arn:aws:logs:*:*:*",
                  "Action": "logs:*"
                },
                {
                  "Effect": "Allow",
                  "Action": ["s3:*"],
                  "Resource": ["arn:aws:s3:::euromomo.eu/uploads/*"]
                }
              ]
            }
          }
        ]
      }
    },

    "getSignedS3Lambda": {
      "Type": "AWS::Lambda::Function",
      "DependsOn": ["getSignedS3LambdaRole"],
      "Properties": {
        "FunctionName": {
          "Fn::Sub": "${AWS::StackName}-getSignedS3"
        },
        "Code": {
          "S3Bucket": { "Ref": "operationsS3Bucket" },
          "S3Key": { "Ref": "getSignedS3S3Key" }
        },
        "Runtime": "nodejs10.x",
        "Handler": "index.handler",
        "Role": { "Fn::GetAtt": ["getSignedS3LambdaRole", "Arn"] }
      }
    },

    "getSignedS3Permission": {
      "Type": "AWS::Lambda::Permission",
      "DependsOn": ["api", "getSignedS3Lambda"],
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": { "Ref": "getSignedS3Lambda" },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Sub": "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${api}/*/*"
        }
      }
    },

    "getSignedS3Integration": {
      "Type": "AWS::ApiGatewayV2::Integration",
      "DependsOn": ["getSignedS3Permission"],
      "Properties": {
        "ApiId": { "Ref": "api" },
        "IntegrationType": "AWS_PROXY",
        "IntegrationUri": {
          "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${getSignedS3Lambda.Arn}/invocations"
        },
        "PayloadFormatVersion": "2.0"
      }
    },

    "getSignedS3Route": {
      "Type": "AWS::ApiGatewayV2::Route",
      "DependsOn": ["getSignedS3Integration"],
      "Properties": {
        "ApiId": { "Ref": "api" },
        "RouteKey": "POST /getSignedS3",
        "AuthorizationType": "NONE",
        "Target": { "Fn::Sub": "integrations/${getSignedS3Integration}" }
      }
    }
  }
}

【问题讨论】:

    标签: amazon-web-services aws-lambda amazon-cloudformation aws-api-gateway


    【解决方案1】:

    在花了几个小时调试后,我发现问题出在我的 Lambda 权限上。我需要在权限中使用正确的路径。

    这不起作用:

    arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${api}/*/*
    

    这确实有效:

    arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${api}/*/*/getSignedS3
    

    我相信我可以将其范围扩大到这个:

    arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${api}/*/POST/getSignedS3
    

    这解决了我的所有问题,并在 lambda web 控制台中显示了正确的路径。

    【讨论】:

      猜你喜欢
      • 2020-03-10
      • 2017-02-07
      • 1970-01-01
      • 1970-01-01
      • 2016-03-24
      • 1970-01-01
      • 2020-12-17
      • 2020-07-26
      • 2021-01-11
      相关资源
      最近更新 更多