【问题标题】:adding authorizers and cors to CloudFormation json将授权人和 cors 添加到 CloudFormation json
【发布时间】:2021-01-01 00:24:19
【问题描述】:

我有这个资源:

"MyUserAuthorizer": {
      "Type": "AWS::Serverless::Function",
      "Properties": {
        "Handler": "MyProject::MyProject.Functions::UserAuthorizer",
        "Runtime": "dotnetcore3.1",
        "CodeUri": "",
        "Description": "authorizer",
        "MemorySize": 256,
        "Timeout": 30,
        "Role": null,
        "Policies": [
          "AWSLambdaFullAccess"
        ]
      }
    }

我想添加一个将使用此 MyUserAuthorizer lambda 的 AWS::ApiGateway::Authorizer 资源。 我试过这个:

"Auth": {
  "Type" : "AWS::ApiGateway::Authorizer",
  "Properties" : {
      "AuthorizerCredentials" : null,
      "AuthorizerResultTtlInSeconds" : 300,
       "IdentitySource": "method.request.header.Authorization",
      "Name" : "Auth",
      "Type" : "TOKEN"
    }
  }

, 如何将其连接到 lambda 授权函数? 我在 json 中只有其他 lambda 函数。我应该有 api 网关定义吗? 如何为所有 lambda 函数添​​加 CORS 支持?

【问题讨论】:

    标签: amazon-web-services aws-lambda amazon-cloudformation


    【解决方案1】:

    将你的函数与授权者联系起来:

                MYRestApiAuthorizer:
                Type: AWS::ApiGateway::Authorizer
                Properties:
                    RestApiId: !Ref HelloCORSRestApi
                    Name: "MyAuthorizer"
                    Type: TOKEN
                    IdentitySource: "method.request.header.Authorization"
                    AuthorizerUri: !GetAtt MyUserAuthorizer.Arn
    

    启用 CORS:

        .....
        
        HelloCORSRestApiResource:
            Type: 'AWS::ApiGateway::Resource'
            Properties:
            RestApiId: !Ref HelloCORSRestApi
            ParentId: !GetAtt 
                - HelloCORSRestApi
                - RootResourceId
            PathPart: hello
    
    
        HelloCORSRestApiRequestGET:
            Type: 'AWS::ApiGateway::Method'
            Properties:
            AuthorizationType: CUSTOM
            AuthorizerId: !MYRestApiAuthorizer
            HttpMethod: GET
            Integration:
                Type: AWS
                IntegrationHttpMethod: POST
                Uri: ....
                IntegrationResponses:
                - StatusCode: 200
                    ResponseParameters:
                        method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
                        method.response.header.Access-Control-Allow-Methods: "'GET,POST,PUT,DELETE,OPTIONS'"
                        method.response.header.Access-Control-Allow-Origin: "'*'"          
    
            ResourceId: !Ref HelloCORSRestApiResource
            RestApiId: !Ref HelloCORSRestApi
            MethodResponses:
                - StatusCode: 200
                ResponseParameters:
                    method.response.header.Access-Control-Allow-Headers: true
                    method.response.header.Access-Control-Allow-Methods: true
                    method.response.header.Access-Control-Allow-Origin: true 
    

    .....

        OptionsMethod:
            Type: AWS::ApiGateway::Method
            Properties:
                AuthorizationType: NONE
                RestApiId: !Ref HelloCORSRestApi
                ResourceId: !Ref: HelloCORSRestApiResource
                HttpMethod: OPTIONS
                Integration:
                IntegrationResponses:
                - StatusCode: 200
                    ResponseParameters:
                    method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
                    method.response.header.Access-Control-Allow-Methods: "'<UPDATE_HTTP_METHODS_HERE>'"
                    method.response.header.Access-Control-Allow-Origin: "'*'"
                    ResponseTemplates:
                    application/json: ''
                PassthroughBehavior: when_no_match
                RequestTemplates:
                    application/json: '{"statusCode": 200}'
                Type: MOCK
                MethodResponses:
                - StatusCode: 200
                ResponseModels:
                    application/json: 'Empty'
                ResponseParameters:
                    method.response.header.Access-Control-Allow-Headers: false
                    method.response.header.Access-Control-Allow-Methods: false
                    method.response.header.Access-Control-Allow-Origin: false
    

    如果您想查看here,还有更多内容

    【讨论】:

    • 您可以使用 this 将 json 转换为 yaml,反之亦然,还有另一个来自 aws 的工具,称为 cfn-flip
    • 我不确定我到底应该做什么。我有很多“AWS::Serverless::Function”定义。我是否应该为它们中的每一个都设置一个“AWS::ApiGateway::Method”?
    • 是的,您需要在您想要授权的AWS::ApiGateway::Method 中传递授权人设置。
    猜你喜欢
    • 2021-04-10
    • 2020-12-28
    • 1970-01-01
    • 2017-05-24
    • 2021-02-21
    • 1970-01-01
    • 2020-01-09
    • 2016-11-25
    • 1970-01-01
    相关资源
    最近更新 更多