Aws lambda 使用Cognito的未经身份验证和身份验证的API
我按照上的教程创建了一个“事件”API。管理员创建一个事件,然后可以将属性设置为“已发布”,以允许来宾查看这些事件 这工作得很好,我有后端设置。现在,我需要创建一个前端日历,用于获取所有Aws lambda 使用Cognito的未经身份验证和身份验证的API,aws-lambda,amazon-cognito,amazon-iam,serverless-framework,serverless,Aws Lambda,Amazon Cognito,Amazon Iam,Serverless Framework,Serverless,我按照上的教程创建了一个“事件”API。管理员创建一个事件,然后可以将属性设置为“已发布”,以允许来宾查看这些事件 这工作得很好,我有后端设置。现在,我需要创建一个前端日历,用于获取所有published:true事件。我创建了一个名为getPublished的服务,它将获取发布的事件 我希望允许来宾/未经身份验证的用户访问此服务,同时要求对所有其他路由进行身份验证(除listPublished外,但我可以在获得发布信息后确定这一点) 在无服务器框架中定义服务时,可以在serverless.ym
published:true
事件。我创建了一个名为getPublished
的服务,它将获取发布的事件
我希望允许来宾/未经身份验证的用户访问此服务,同时要求对所有其他路由进行身份验证(除listPublished外,但我可以在获得发布信息后确定这一点)
在无服务器框架中定义服务时,可以在
serverless.yml
文件中指定其行为,例如():
第行授权人:aws_iam
是将lambda功能配置为使用授权人(在这种情况下,是iam角色)
如果删除此行,将在没有授权的情况下部署功能。任何人都可以调用未经授权的功能
此配置特定于每个功能,因此您可以从一个规范中删除授权人
,并将其保留在另一个规范中
在您的情况下(没有代码,我只是猜测),您所需要做的就是从
getPublished
的规范中删除授权人
行我删除了授权人,现在我收到了消息:“缺少身份验证令牌”
OK-这意味着您试图在代码中的某个地方使用授权响应。你能在问题中包含你的处理程序代码吗?我直接在API网关中做了更改,它可以正常工作。
service: events-app-api
# Use the serverless-webpack plugin to transpile ES6
plugins:
- serverless-webpack
- serverless-offline
# serverless-webpack configuration
# Enable auto-packing of external modules
custom:
webpack:
webpackConfig: ./webpack.config.js
includeModules: true
provider:
name: aws
runtime: nodejs8.10
stage: prod
region: us-east-1
# 'iamRoleStatements' defines the permission policy for the Lambda function.
# In this case Lambda functions are granted with permissions to access DynamoDB.
iamRoleStatements:
- Effect: Allow
Action:
- dynamodb:DescribeTable
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
Resource: "arn:aws:dynamodb:us-east-1:*:*"
functions:
# Defines an HTTP API endpoint that calls the main function in create.js
# - path: url path is /events
# - method: POST request
# - cors: enabled CORS (Cross-Origin Resource Sharing) for browser cross
# domain api call
# - authorizer: authenticate using the AWS IAM role
create:
handler: create.main
events:
- http:
path: events
method: post
cors: true
authorizer: aws_iam
get:
# Defines an HTTP API endpoint that calls the main function in get.js
# - path: url path is /events/{id}
# - method: GET request
handler: get.main
events:
- http:
path: events/{id}
method: get
cors: true
authorizer: aws_iam
getPublic:
# Defines an HTTP API endpoint that calls the main function in get.js
# - path: url path is /events/{id}
# - method: GET request
handler: getPublic.main
events:
- http:
path: public/events/{id}
method: get
cors: true
list:
# Defines an HTTP API endpoint that calls the main function in list.js
# - path: url path is /events
# - method: GET request
handler: list.main
events:
- http:
path: events
method: get
cors: true
authorizer: aws_iam
listPublic:
# Defines an HTTP API endpoint that calls the main function in list.js
# - path: url path is /events
# - method: GET request
handler: listPublic.main
events:
- http:
path: public/events
method: get
cors: true
update:
# Defines an HTTP API endpoint that calls the main function in update.js
# - path: url path is /events/{id}
# - method: PUT request
handler: update.main
events:
- http:
path: events/{id}
method: put
cors: true
authorizer: aws_iam
delete:
# Defines an HTTP API endpoint that calls the main function in delete.js
# - path: url path is /events/{id}
# - method: DELETE request
handler: delete.main
events:
- http:
path: events/{id}
method: delete
cors: true
authorizer: aws_iam
# Create our resources with separate CloudFormation templates
resources:
# API Gateway Errors
- ${file(resources/api-gateway-errors.yml)}
get:
handler: get.main
events:
- http:
path: notes/{id}
method: get
cors: true
authorizer: aws_iam