Amazon web services AWS在使用授权人：AWS_iam后放大API网关cors错误

我有执行lambda函数的API网关端点。我想使用aws_iam作为授权人来保护我的api端点。我为此设置了一个具有联合身份的用户池。但是，在将其实现到cloudformation模板中后，我在angular应用程序中使用经过身份验证的用户调用它时遇到了一个cors错误：

Access to XMLHttpRequest at 'api endpoint url' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

以下是我的cf模板的代码：

create:
handler: functions/api-create.create
events:
  - http:
      path: get/create
      method: get
      authorizer: aws_iam
      cors: true

我的lambda函数如下所示：

export const create = async (event, context) => {


console.log('Create: ', event)
  console.log('Context: ', context)
  const response = {
    statusCode: 200,
    headers: {
      'Access-Control-Allow-Origin': '*',
      'Access-Control-Allow-Credentials': true,
    },
    body: JSON.stringify({
      product: "hallo"
    }),
  };

return response;
};

Amplify.configure({


Auth: {
    mandatorySignIn: true,
    region: awsExports.cognito.REGION,
    userPoolId: awsExports.cognito.USER_POOL_ID,
    identityPoolId: awsExports.cognito.IDENTITY_POOL_ID,
    userPoolWebClientId: awsExports.cognito.APP_CLIENT_ID,
  },
  API: {
    endpoints: [
        {
            name: awsExports.api.name,
            endpoint: awsExports.api.endpoint,
            region: "eu-west-1" // <-- This was missing
        }
    ]
}

---

没有

授权人：aws_iam

一切正常，我得到了预期的响应。有人知道我可能会错过什么吗。

是我自己发现的。这就是我所做的

在为GatewayResponse创建资源后，默认错误是，它们在my Serverless.yml文件中也具有此模板的正确标题：

 Resources:
  GatewayResponseDefault4XX:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
         gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
         gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
      ResponseType: DEFAULT_4XX
      RestApiId:
        Ref: 'ApiGatewayRestApi'
  GatewayResponseDefault5XX:
    Type: 'AWS::ApiGateway::GatewayResponse'
    Properties:
      ResponseParameters:
         gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
         gatewayresponse.header.Access-Control-Allow-Headers: "'*'"
      ResponseType: DEFAULT_5XX
      RestApiId:
        Ref: 'ApiGatewayRestApi'

我收到的错误变为403错误。现在我为我的api端点启用了cloud watch日志记录，因为我使用授权用户调用端点

现在我看到了错误：

"message": "Credential should be scoped to a valid region, not 'us-east-1'. "

经过一点尝试和错误之后，我发现由于我使用的是amplify，因此我必须通过amplify配置上api的区域，如下所示：

export const create = async (event, context) => {


console.log('Create: ', event)
  console.log('Context: ', context)
  const response = {
    statusCode: 200,
    headers: {
      'Access-Control-Allow-Origin': '*',
      'Access-Control-Allow-Credentials': true,
    },
    body: JSON.stringify({
      product: "hallo"
    }),
  };

return response;
};

Amplify.configure({


Auth: {
    mandatorySignIn: true,
    region: awsExports.cognito.REGION,
    userPoolId: awsExports.cognito.USER_POOL_ID,
    identityPoolId: awsExports.cognito.IDENTITY_POOL_ID,
    userPoolWebClientId: awsExports.cognito.APP_CLIENT_ID,
  },
  API: {
    endpoints: [
        {
            name: awsExports.api.name,
            endpoint: awsExports.api.endpoint,
            region: "eu-west-1" // <-- This was missing
        }
    ]
}

Amplify.configure({
认证：{
曼达托瑞辛：没错，
地区：awsExports.cognito.region，
userPoolId:awsExports.cognito.USER\u POOL\u ID，
identityPoolId:awsExports.cognito.IDENTITY\u POOL\u ID，
userPoolWebClientId:awsExports.cognito.APP\u CLIENT\u ID，
},
API:{
端点：[
{
名称：awsExports.api.name，
端点：awsExports.api.endpoint，
区域：“欧盟-西部-1”//