Amazon web services 如何将特定API网关路径锁定为仅由特定lambda调用
为我的天真道歉,我是新来的 情景:Amazon web services 如何将特定API网关路径锁定为仅由特定lambda调用,amazon-web-services,aws-lambda,amazon-cloudformation,openapi,api-gateway,Amazon Web Services,Aws Lambda,Amazon Cloudformation,Openapi,Api Gateway,为我的天真道歉,我是新来的 情景: 我有一个lambda函数(F1) 在同一AWS帐户的单独堆栈中,我有一个API网关(API1)连接到另一个lambda函数(F2) 第二个堆栈template.yaml: Resources: ############# # Rest Api # ############# API1: Type: AWS::Serverless::Api Properties: StageName: Prod DefinitionBo
Resources:
#############
# Rest Api #
#############
API1:
Type: AWS::Serverless::Api
Properties:
StageName: Prod
DefinitionBody:
"Fn::Transform":
Name: "AWS::Include"
Parameters:
Location: !Ref OpenApiDefinitionLocation
##############
# Functions #
#############
F2:
Type: AWS::Serverless::Function
Properties:
CodeUri: lambda/dist
Handler: handler/code.foo
Role: !GetAtt F2Role.Arn
Events:
bobEvents:
Type: Api
Properties:
Path: /bob/{proxy+}
Method: any
RestApiId: !Ref API1
以及openapi.yml:
openapi: "3.0.1"
paths:
/jim/{bar+}:
get:
x-amazon-apigateway-integration:
uri:
Fn::Sub: "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${foo.Arn}/invocations"
passthroughBehavior: "when_no_match"
httpMethod: "POST"
type: "aws_proxy"
/bob/{proxy+}:
x-amazon-apigateway-any-method:
parameters:
- name: "proxy"
in: "path"
required: true
schema:
type: "string"
x-amazon-apigateway-integration:
uri:
Fn::Sub: "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${F2.Arn}/invocations"
responses:
default:
statusCode: "200"
passthroughBehavior: "when_no_match"
httpMethod: "post"
contentHandling: "CONVERT_TO_TEXT"
type: "aws_proxy"
我想使路径/bob/{proxy+}
只允许F1(在第一个堆栈中)访问(或者锁定,不允许从AWS帐户外部访问)。但我仍然希望/jim/{bar+}
能够公开访问
任何建议或指点都会令人惊讶,谢谢 听起来您需要为私有端点部署一个单独的私有API网关。或者让一个Lambda直接调用另一个Lambda,而不通过API网关。谢谢,是的,但是第一个Lambda必须调用API网关,因为“原因”而拥有一个单独的API网关是很难看的:(.我只是认为有一种简单的方法可以“锁定”一个单独的路径而不是整个网关,这似乎是一个常见的用例?