分享程序员开发的那些事...
更新时间:2023-01-18 11:39:11
好吧……在不了解文档的情况下,我流氓并从"integration.request.header.x-api-"中删除了"$" auth" ...并且有效.不知道我对此有何看法.
Well... after getting nowhere with following the documentation, I went rogue and removed the "$" from "integration.request.header.x-api-auth"... AND THAT WORKED. Not sure how I feel about this.
这是完整的可用YAML文件.我将其张贴在此处,以防它有助于尝试建立采用PROXY路径并期望Lambda授权者返回的网关的其他人.
Here is the complete working YAML file. I'm posting it here in case it should help someone else who is trying to set up a gateway which takes PROXY path and expects a return from a Lambda authorizer.
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Data API pipeline initial Cloudformation template
Mappings:
EnvironmentMapping:
alpha:
certificationArn: ""
carfaxIpWhitelistRuleId: ""
hostedZoneId: XYZ
authLambda: ""
sfdcAuthLambda: ""
myApiNetworkLoadBalancer: ""
sfdcAuthTimeout: 1
beta:
certificationArn: ""
carfaxIpWhitelistRuleId: ""
hostedZoneId: XYZ
authLambda: ""
sfdcAuthLambda: ""
myApiNetworkLoadBalancer: ""
sfdcAuthTimeout: 1
prod:
certificationArn: ""
carfaxIpWhitelistRuleId: ""
hostedZoneId: ABC
authLambda: ""
sfdcAuthLambda: ""
myApiNetworkLoadBalancer: ""
sfdcAuthTimeout: 1
Parameters:
EnvironmentType:
Type: "String"
AllowedValues:
- alpha
- beta
- prod
Conditions:
UseProdCondition: !Equals [!Ref EnvironmentType, prod]
Resources:
MyApiVpcLink:
Type: AWS::ApiGateway::VpcLink
Properties:
Name: MYApiVpcLink
Description: Allows data-api-gateway to access the VPC that feature-api is on.
TargetArns:
- !FindInMap [EnvironmentMapping, !Ref EnvironmentType, myApiNetworkLoadBalancer]
DataApi:
DependsOn:
- MyApiVpcLink
Type: AWS::Serverless::Api
Properties:
Name: !Sub "${EnvironmentType}-data-api"
StageName: !Ref EnvironmentType
DefinitionBody:
swagger: 2.0
security:
- ApiKey: []
info:
title: !Sub "${EnvironmentType}-data-api"
paths:
/sfdc/v1/my-api/{proxy+}:
x-amazon-apigateway-any-method:
produces:
- application/json
parameters:
- in: path
name: proxy
required: true
schema:
type: string
- in: header
name: x-api-auth
required: true
schema:
type: string
security:
- SfdcAuthorizer: []
ApiKey: []
x-amazon-apigateway-api-key-source: HEADER
x-amazon-apigateway-gateway-responses:
ACCESS_DENIED:
statusCode: 403
responseTemplates:
application/json: '{\n\"message\": \"Access Denied\"}'
x-amazon-apigateway-integration:
httpMethod: ANY
type: http_proxy
connectionType: VPC_LINK
connectionId: !Ref MyApiVpcLink
passthroughBehavior: when_no_match
uri: !If [UseProdCondition, 'http://myapp.production.aws-int.myorg.io/{proxy}',!Sub 'http://${EnvironmentType}-myapp.staging.aws-int.myorg.io/{proxy}']
requestParameters:
integration.request.path.proxy: "method.request.path.proxy"
integration.request.header.x-api-auth: "context.authorizer.x-api-auth"
definitions:
Empty:
type: object
Error:
type: object
properties:
message:
type: string
securityDefinitions:
SfdcAuthorizer:
type: 'apiKey'
name: 'Authorization'
in: 'header'
x-amazon-apigateway-authtype: 'custom'
x-amazon-apigateway-authorizer:
authorizerUri: !Join ['', [!Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/', !FindInMap [EnvironmentMapping, !Ref EnvironmentType, sfdcAuthLambda], '/invocations']]
authorizerResultTtlInSeconds: !FindInMap [EnvironmentMapping, !Ref EnvironmentType, sfdcAuthTimeout]
type: 'token'
ApiKey:
type: apiKey
name: x-api-key
in: header