Amazon web services AWS在使用授权人:AWS_iam后放大API网关cors错误
我有执行lambda函数的API网关端点。我想使用aws_iam作为授权人来保护我的api端点。我为此设置了一个具有联合身份的用户池。但是,在将其实现到cloudformation模板中后,我在angular应用程序中使用经过身份验证的用户调用它时遇到了一个cors错误:Amazon web services AWS在使用授权人:AWS_iam后放大API网关cors错误,amazon-web-services,amazon-cloudformation,aws-api-gateway,amazon-cognito,aws-amplify,Amazon Web Services,Amazon Cloudformation,Aws Api Gateway,Amazon Cognito,Aws Amplify,我有执行lambda函数的API网关端点。我想使用aws_iam作为授权人来保护我的api端点。我为此设置了一个具有联合身份的用户池。但是,在将其实现到cloudformation模板中后,我在angular应用程序中使用经过身份验证的用户调用它时遇到了一个cors错误: Access to XMLHttpRequest at 'api endpoint url' from origin 'http://localhost:4200' has been blocked by CORS polic
Access to XMLHttpRequest at 'api endpoint url' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
以下是我的cf模板的代码:
create:
handler: functions/api-create.create
events:
- http:
path: get/create
method: get
authorizer: aws_iam
cors: true
我的lambda函数如下所示:
export const create = async (event, context) => {
console.log('Create: ', event)
console.log('Context: ', context)
const response = {
statusCode: 200,
headers: {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Credentials': true,
},
body: JSON.stringify({
product: "hallo"
}),
};
return response;
};
Amplify.configure({
Auth: {
mandatorySignIn: true,
region: awsExports.cognito.REGION,
userPoolId: awsExports.cognito.USER_POOL_ID,
identityPoolId: awsExports.cognito.IDENTITY_POOL_ID,
userPoolWebClientId: awsExports.cognito.APP_CLIENT_ID,
},
API: {
endpoints: [
{
name: awsExports.api.name,
endpoint: awsExports.api.endpoint,
region: "eu-west-1" // <-- This was missing
}
]
}
没有
授权人:aws_iam
一切正常,我得到了预期的响应。有人知道我可能会错过什么吗。是我自己发现的。这就是我所做的
在为GatewayResponse创建资源后,默认错误是,它们在my Serverless.yml文件中也具有此模板的正确标题:
Resources:
GatewayResponseDefault4XX:
Type: 'AWS::ApiGateway::GatewayResponse'
Properties:
ResponseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
ResponseType: DEFAULT_4XX
RestApiId:
Ref: 'ApiGatewayRestApi'
GatewayResponseDefault5XX:
Type: 'AWS::ApiGateway::GatewayResponse'
Properties:
ResponseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
ResponseType: DEFAULT_5XX
RestApiId:
Ref: 'ApiGatewayRestApi'
我收到的错误变为403错误。现在我为我的api端点启用了cloud watch日志记录,因为我使用授权用户调用端点
现在我看到了错误:
"message": "Credential should be scoped to a valid region, not 'us-east-1'. "
经过一点尝试和错误之后,我发现由于我使用的是amplify,因此我必须通过amplify配置上api的区域,如下所示:
export const create = async (event, context) => {
console.log('Create: ', event)
console.log('Context: ', context)
const response = {
statusCode: 200,
headers: {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Credentials': true,
},
body: JSON.stringify({
product: "hallo"
}),
};
return response;
};
Amplify.configure({
Auth: {
mandatorySignIn: true,
region: awsExports.cognito.REGION,
userPoolId: awsExports.cognito.USER_POOL_ID,
identityPoolId: awsExports.cognito.IDENTITY_POOL_ID,
userPoolWebClientId: awsExports.cognito.APP_CLIENT_ID,
},
API: {
endpoints: [
{
name: awsExports.api.name,
endpoint: awsExports.api.endpoint,
region: "eu-west-1" // <-- This was missing
}
]
}
Amplify.configure({
认证:{
曼达托瑞辛:没错,
地区:awsExports.cognito.region,
userPoolId:awsExports.cognito.USER\u POOL\u ID,
identityPoolId:awsExports.cognito.IDENTITY\u POOL\u ID,
userPoolWebClientId:awsExports.cognito.APP\u CLIENT\u ID,
},
API:{
端点:[
{
名称:awsExports.api.name,
端点:awsExports.api.endpoint,
区域:“欧盟-西部-1”//