Amazon web services 如何在OpenApi端点定义中引用现有的API网关授权器
我有一个用JSON编写的AWS SAM/CloudFormation模板,其中包含:Amazon web services 如何在OpenApi端点定义中引用现有的API网关授权器,amazon-web-services,swagger,amazon-cloudformation,aws-api-gateway,openapi,Amazon Web Services,Swagger,Amazon Cloudformation,Aws Api Gateway,Openapi,我有一个用JSON编写的AWS SAM/CloudFormation模板,其中包含: API网关API的定义,端点使用 OpenAPIDefinitionBody格式 API网关授权器的定义,使用SAM/CF格式定义 我正试图找到一种方法,为我希望使用授权者的每个端点(1)引用授权者(2) 代码如下: 授权人定义: "LambdaAuthorizer":{ "Type": "AWS::ApiGateway::Authorizer", "Properties":{
DefinitionBody
格式"LambdaAuthorizer":{
"Type": "AWS::ApiGateway::Authorizer",
"Properties":{
"IdentitySource":"method.request.header.Authorization",
"Type":"TOKEN",
"RestApiId":{
"Ref": "ApiName"
},
"AuthorizerUri": {
"Fn::Join" : ["", ["arn:aws:apigateway:", {"Ref": "AWS::Region"}, ":lambda:path/2015-03-31/functions/", {"Fn::GetAtt": ["AuthLambda", "Arn"]}, "/invocations"]]
},
"IdentityValidationExpression": "^[a-zA-Z0-9]{3,32}$",
"AuthorizerResultTtlInSeconds": 300,
"AuthorizerCredentials": {
"Fn::GetAtt": ["LambdaAuthorizerRole", "Arn"]
},
"Name":"lambda-authorizer"
}
},
端点定义
"API": {
"Type": "AWS::Serverless::Api",
"Properties": {
...
"DefinitionBody": {
...
"paths": {
"/endpoint": {
"post": {
"responses": {
"200": {
"description": "200 response"
}
},
"x-amazon-apigateway-integration": {
"uri": {
"Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${AuthLambda.Arn}/invocations"
},
"responses": {
"default": {
"statusCode": "200",
"contentHandling": "CONVERT_TO_TEXT"
}
},
"passthroughBehavior": "when_no_match",
"httpMethod": "POST",
"contentHandling": "CONVERT_TO_TEXT",
"type": "aws_proxy"
},
"security" : [{
"NAME OF OPEN API SECURITY DEFINITION":[] // Can I reference my existing Authorizer?
}]
}
},
}
}
}
}
如您所见,我找到了OpenAPIsecurity
属性,根据,该属性被用作对可以定义授权人的securityDefinitions
的引用
但我已经在CloudFormation JSON中定义了我的授权人。我不能引用它吗?您是否在aws控制台的API->Authorizers下创建了LambdaAuthorizer?不,它是根据我的SAM/CF模板中的定义创建的。当您部署模板时,您是否在aws控制台的API->Authorizers下看到LambdaAuthorizer?如果您愿意,我可以向您展示一个使用CognitoAuthorizer和安全属性well的示例,如果我在OpenAPI端点位中部署时没有
“security”:[{…}]
声明,那么是的,授权器是按照预期创建的,可以在控制台中看到。当我包含我的“security”:[{…}]
声明时,授权人消失了——我怀疑被覆盖了,因为OpenAPI声明胜过CF模板声明。PS-我已经通过将授权人重新写入OpenAPI网关定义解决了我的用例中的这个问题,但是我仍然很好奇我之前尝试做的事情是否可行……在yaml中,它看起来是这样的:post:security:-MyCognitoAuth:[]