Amazon web services 使用Lambda授权器的awscognito和websocketapi
我在尝试为WebSocket API设置lambda授权时遇到问题 Serverless.ymlAmazon web services 使用Lambda授权器的awscognito和websocketapi,amazon-web-services,aws-lambda,aws-api-gateway,lambda-authorizer,aws-jwt-authorizer,Amazon Web Services,Aws Lambda,Aws Api Gateway,Lambda Authorizer,Aws Jwt Authorizer,我在尝试为WebSocket API设置lambda授权时遇到问题 Serverless.yml functions: sample-web-socket-authorizer: iamRoleStatementsName: stack-${opt:stage}-web-socket-authorizer iamRoleStatementsInherit: true iamRoleStatements: - Effect: "Allow"
functions:
sample-web-socket-authorizer:
iamRoleStatementsName: stack-${opt:stage}-web-socket-authorizer
iamRoleStatementsInherit: true
iamRoleStatements:
- Effect: "Allow"
Action:
- 'cognito-idp:*'
Resource: '*'
handler: sample-web-socket-authorizer/handler.handler
environment:
JWK_URL: ${self:custom.jwkUrl}
CLIENT_ID: ${self:custom.cognitoClientId}
...
connectionHandler:
handler: handler.connectionHandler
events:
- websocket:
route: $connect
authorizer:
name: sample-web-socket-authorizer
identitySource:
- 'route.request.querystring.Authorizer'
在前端,我想发送一个tokenId或accessToken以在授权程序中使用
wss://abcd1234.execute-api.ap-region-1.amazonaws.com/pre?Authorizer=${token}
你们能给我一个使用python为我的websocket api创建lambda授权器的示例代码吗
我现在正在看这篇文章:,所以我要做的就是将这段代码复制到我的授权人处理程序中: 然后基于这个文档 我改了密码
resourceArn = 'arn:aws:execute-api:{}:{}:{}/{}/{}/{}'.format(self.region, self.awsAccountId, self.restApiId, self.stage, verb, resource)
到
您还需要在AuthPolicy类中指定methodArn,如下所示:
class AuthPolicy(object):
# The AWS account id the policy will be generated for. This is used to create the method ARNs.
awsAccountId = ''
# The principal used for the policy, this should be a unique identifier for the end user.
principalId = ''
# The policy version used for the evaluation. This should always be '2012-10-17'
version = '2012-10-17'
# The regular expression used to validate resource paths for the policy
pathRegex = '^[/.a-zA-Z0-9-\*]+$'
methodArn = '*'
....
最后,在创建AuthPolicy时,添加methodArn Value comming from lambda事件:
policy = AuthPolicy(principalId, awsAccountId)
policy.restApiId = apiGatewayArnTmp[0]
policy.region = tmp[3]
policy.stage = apiGatewayArnTmp[1]
policy.methodArn = event["methodArn"]
policy.allowAllMethods()
policy = AuthPolicy(principalId, awsAccountId)
policy.restApiId = apiGatewayArnTmp[0]
policy.region = tmp[3]
policy.stage = apiGatewayArnTmp[1]
policy.methodArn = event["methodArn"]
policy.allowAllMethods()