api网关-http代理-将sigv4安全性添加到特定资源
在下面的swagger文件中,我为aws api网关定义了一个api。api已使用IAM进行保护,因此只有授权用户才能访问它。api还使用http代理定义,这样它就可以坐在api网关-http代理-将sigv4安全性添加到特定资源,api,amazon-web-services,express,proxy,amazon-iam,Api,Amazon Web Services,Express,Proxy,Amazon Iam,在下面的swagger文件中,我为aws api网关定义了一个api。api已使用IAM进行保护,因此只有授权用户才能访问它。api还使用http代理定义,这样它就可以坐在express应用程序前面,而不必在swagger文件中单独定义每个资源。这样我就可以像不在aws上运行一样开发我的express应用程序,然后简单地将其移植到aws()!但是,我现在需要允许对所有GET方法的访问是不安全的,并且在所有其他方法上只有sigv4安全定义。 在当前设置的api网关+express中,这是否可行 -
express
应用程序前面,而不必在swagger文件中单独定义每个资源。这样我就可以像不在aws上运行一样开发我的express应用程序,然后简单地将其移植到aws()!但是,我现在需要允许对所有GET
方法的访问是不安全的,并且在所有其他方法上只有sigv4
安全定义。
在当前设置的api网关
+express
中,这是否可行
---
swagger: 2.0
info:
title: ServerlessExpress
basePath: /internal
schemes:
- https
paths:
/:
x-amazon-apigateway-any-method:
produces:
- application/json
responses:
200:
description: 200 response
schema:
$ref: "#/definitions/Empty"
security:
- sigv4: []
x-amazon-apigateway-integration:
responses:
default:
statusCode: 200
uri: <my uri>
passthroughBehavior: when_no_match
httpMethod: POST
type: aws_proxy
options:
consumes:
- application/json
produces:
- application/json
responses:
200:
description: 200 response
schema:
$ref: "#/definitions/Empty"
headers:
Access-Control-Allow-Origin:
type: string
Access-Control-Allow-Methods:
type: string
Access-Control-Allow-Headers:
type: string
x-amazon-apigateway-integration:
responses:
default:
statusCode: 200
responseParameters:
method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS,POST'"
method.response.header.Access-Control-Allow-Headers: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token'"
method.response.header.Access-Control-Allow-Origin: "'*'"
passthroughBehavior: when_no_match
requestTemplates:
application/json: "{\"statusCode\": 200}"
type: mock
/{proxy+}:
x-amazon-apigateway-any-method:
produces:
- application/json
parameters:
- name: proxy
in: path
required: true
type: string
responses: {}
security:
- sigv4: []
x-amazon-apigateway-integration:
uri: <my uri>
httpMethod: POST
type: aws_proxy
options:
consumes:
- application/json
produces:
- application/json
responses:
200:
description: 200 response
schema:
$ref: "#/definitions/Empty"
headers:
Access-Control-Allow-Origin:
type: string
Access-Control-Allow-Methods:
type: string
Access-Control-Allow-Headers:
type: string
x-amazon-apigateway-integration:
responses:
default:
statusCode: 200
responseParameters:
method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS,POST'"
method.response.header.Access-Control-Allow-Headers: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token'"
method.response.header.Access-Control-Allow-Origin: "'*'"
passthroughBehavior: when_no_match
requestTemplates:
application/json: "{\"statusCode\": 200}"
type: mock
securityDefinitions:
sigv4:
type: "apiKey"
name: "Authorization"
in: "header"
x-amazon-apigateway-authtype: "awsSigv4"
definitions:
Empty:
type: object
title: Empty Schema
---
大摇大摆:2.0
信息:
标题:ServerlessExpress
基本路径:/internal
计划:
-https
路径:
/:
x-amazon-apigateway-any-method:
生产:
-应用程序/json
响应:
200:
说明:200响应
模式:
$ref:“#/definitions/Empty”
安全:
-sigv4:[]
x-amazon-apigateway-integration:
响应:
违约:
状态代码:200
uri:
传递行为:当没有匹配时
httpMethod:POST
类型:aws_代理
选项:
消耗:
-应用程序/json
生产:
-应用程序/json
响应:
200:
说明:200响应
模式:
$ref:“#/definitions/Empty”
标题:
访问控制允许来源:
类型:字符串
访问控制允许方法:
类型:字符串
访问控制允许标头:
类型:字符串
x-amazon-apigateway-integration:
响应:
违约:
状态代码:200
响应参数:
method.response.header.Access-Control-Allow-Methods:“'GET,OPTIONS,POST'”
method.response.header.Access-Control-Allow-Headers:“'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token'”
方法.response.header.Access-Control-Allow-Origin:“'*'”
传递行为:当没有匹配时
请求模板:
application/json:“{\'statusCode\':200}”
类型:模拟
/{proxy+}:
x-amazon-apigateway-any-method:
生产:
-应用程序/json
参数:
-姓名:代理
在:路径
必填项:true
类型:字符串
答复:{}
安全:
-sigv4:[]
x-amazon-apigateway-integration:
uri:
httpMethod:POST
类型:aws_代理
选项:
消耗:
-应用程序/json
生产:
-应用程序/json
响应:
200:
说明:200响应
模式:
$ref:“#/definitions/Empty”
标题:
访问控制允许来源:
类型:字符串
访问控制允许方法:
类型:字符串
访问控制允许标头:
类型:字符串
x-amazon-apigateway-integration:
响应:
违约:
状态代码:200
响应参数:
method.response.header.Access-Control-Allow-Methods:“'GET,OPTIONS,POST'”
method.response.header.Access-Control-Allow-Headers:“'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token'”
方法.response.header.Access-Control-Allow-Origin:“'*'”
传递行为:当没有匹配时
请求模板:
application/json:“{\'statusCode\':200}”
类型:模拟
证券定义:
sigv4:
类型:“apiKey”
名称:“授权”
在:“标题”
x-amazon-apigateway-authtype:“awsSigv4”
定义:
空的:
类型:对象
标题:空模式
所以我决定在这里回答我自己的问题!这比我想象的要简单得多。。。然而,招摇过市的定义有点重复,它节省了以后在api中开发新资源时的时间
---
swagger: 2.0
info:
title: YOUR_API_GATEWAY_NAME
basePath: /YOUR_API_GATEWAY_STAGE
schemes:
- https
paths:
/:
get:
produces:
- application/json
responses:
200:
description: 200 response
schema:
$ref: "#/definitions/Empty"
x-amazon-apigateway-integration:
responses:
default:
statusCode: 200
uri: <my uri>
passthroughBehavior: when_no_match
httpMethod: POST
type: aws_proxy
post:
produces:
- application/json
responses:
200:
description: 200 response
schema:
$ref: "#/definitions/Empty"
security:
- sigv4: []
x-amazon-apigateway-integration:
responses:
default:
statusCode: 200
uri: <my uri>
passthroughBehavior: when_no_match
httpMethod: POST
type: aws_proxy
patch:
produces:
- application/json
responses:
200:
description: 200 response
schema:
$ref: "#/definitions/Empty"
security:
- sigv4: []
x-amazon-apigateway-integration:
responses:
default:
statusCode: 200
uri: <my uri>
passthroughBehavior: when_no_match
httpMethod: POST
type: aws_proxy
put:
produces:
- application/json
responses:
200:
description: 200 response
schema:
$ref: "#/definitions/Empty"
security:
- sigv4: []
x-amazon-apigateway-integration:
responses:
default:
statusCode: 200
uri: <my uri>
passthroughBehavior: when_no_match
httpMethod: POST
type: aws_proxy
delete:
produces:
- application/json
responses:
200:
description: 200 response
schema:
$ref: "#/definitions/Empty"
security:
- sigv4: []
x-amazon-apigateway-integration:
responses:
default:
statusCode: 200
uri: <my uri>
passthroughBehavior: when_no_match
httpMethod: POST
type: aws_proxy
options:
consumes:
- application/json
produces:
- application/json
responses:
200:
description: 200 response
schema:
$ref: "#/definitions/Empty"
headers:
Access-Control-Allow-Origin:
type: string
Access-Control-Allow-Methods:
type: string
Access-Control-Allow-Headers:
type: string
x-amazon-apigateway-integration:
responses:
default:
statusCode: 200
responseParameters:
method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS,POST,DELETE,PUT,PATCH'"
method.response.header.Access-Control-Allow-Headers: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token,Link,Total-Count,X-XX-Cereberus-Auth,Client-Origin'"
method.response.header.Access-Control-Allow-Origin: "'*'"
passthroughBehavior: when_no_match
requestTemplates:
application/json: "{\"statusCode\": 200}"
type: mock
/{proxy+}:
get:
produces:
- application/json
parameters:
- name: proxy
in: path
required: true
type: string
responses: {}
x-amazon-apigateway-integration:
uri: <my uri>
httpMethod: POST
type: aws_proxy
post:
produces:
- application/json
parameters:
- name: proxy
in: path
required: true
type: string
responses: {}
security:
- sigv4: []
x-amazon-apigateway-integration:
uri: <my uri>
httpMethod: POST
type: aws_proxy
put:
produces:
- application/json
parameters:
- name: proxy
in: path
required: true
type: string
responses: {}
security:
- sigv4: []
x-amazon-apigateway-integration:
uri: <my uri>
httpMethod: POST
type: aws_proxy
patch:
produces:
- application/json
parameters:
- name: proxy
in: path
required: true
type: string
responses: {}
security:
- sigv4: []
x-amazon-apigateway-integration:
uri: <my uri>
httpMethod: POST
type: aws_proxy
delete:
produces:
- application/json
parameters:
- name: proxy
in: path
required: true
type: string
responses: {}
security:
- sigv4: []
x-amazon-apigateway-integration:
uri: <my uri>
httpMethod: POST
type: aws_proxy
options:
consumes:
- application/json
produces:
- application/json
responses:
200:
description: 200 response
schema:
$ref: "#/definitions/Empty"
headers:
Access-Control-Allow-Origin:
type: string
Access-Control-Allow-Methods:
type: string
Access-Control-Allow-Headers:
type: string
x-amazon-apigateway-integration:
responses:
default:
statusCode: 200
responseParameters:
method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS,POST,DELETE,PUT,PATCH'"
method.response.header.Access-Control-Allow-Headers: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token,Link,Total-Count,X-XX-Cereberus-Auth,Client-Origin'"
method.response.header.Access-Control-Allow-Origin: "'*'"
passthroughBehavior: when_no_match
requestTemplates:
application/json: "{\"statusCode\": 200}"
type: mock
securityDefinitions:
sigv4:
type: "apiKey"
name: "Authorization"
in: "header"
x-amazon-apigateway-authtype: "awsSigv4"
definitions:
Empty:
type: object
title: Empty Schema
---
大摇大摆:2.0
信息:
标题:您的\u API\u网关\u名称
基本路径:/u API\u网关\u阶段
计划:
-https
路径:
/:
获取:
生产:
-应用程序/json
响应:
200:
说明:200响应
模式:
$ref:“#/definitions/Empty”
x-amazon-apigateway-integration:
响应:
违约:
状态代码:200
uri:
传递行为:当没有匹配时
httpMethod:POST
类型:aws_代理
职位:
生产:
-应用程序/json
响应:
200:
说明:200响应
模式:
$ref:“#/definitions/Empty”
安全:
-sigv4:[]
x-amazon-apigateway-integration:
响应:
违约:
状态代码:200
uri:
传递行为:当没有匹配时
httpMethod:POST
类型:aws_代理
补丁:
生产:
-应用程序/json
响应:
200:
说明:200响应
模式:
$ref:“#/definitions/Empty”
安全:
-sigv4:[]
x-amazon-apigateway-integration:
响应:
违约:
状态代码:200
uri:
传递行为:当没有匹配时
httpMethod:POST
类型:aws_代理
付诸表决:
生产:
-应用程序/json
响应:
200:
说明:200响应
模式:
$ref:“#/definitions/Empty”
安全:
-sigv4:[]
x-amazon-apigateway-integration:
响应:
违约:
状态代码:200
uri:
传递行为:当没有匹配时
httpMethod:POST
类型:aws_代理
删除:
生产:
-应用程序/json
响应