Aws lambda 使用Cognito的未经身份验证和身份验证的API

我按照上的教程创建了一个“事件”API。管理员创建一个事件，然后可以将属性设置为“已发布”，以允许来宾查看这些事件

这工作得很好，我有后端设置。现在，我需要创建一个前端日历，用于获取所有

published:true

事件。我创建了一个名为

getPublished

的服务，它将获取发布的事件

我希望允许来宾/未经身份验证的用户访问此服务，同时要求对所有其他路由进行身份验证（除listPublished外，但我可以在获得发布信息后确定这一点）

---

在无服务器框架中定义服务时，可以在

serverless.yml

文件中指定其行为，例如（）：

第

行授权人：aws_iam

是将lambda功能配置为使用授权人（在这种情况下，是iam角色）

如果删除此行，将在没有授权的情况下部署功能。任何人都可以调用未经授权的功能

此配置特定于每个功能，因此您可以从一个规范中删除

授权人

，并将其保留在另一个规范中

---

在您的情况下（没有代码，我只是猜测），您所需要做的就是从

getPublished

的规范中删除

授权人

行

我删除了授权人，现在我收到了

消息：“缺少身份验证令牌”

OK-这意味着您试图在代码中的某个地方使用授权响应。你能在问题中包含你的处理程序代码吗？我直接在API网关中做了更改，它可以正常工作。

service: events-app-api

# Use the serverless-webpack plugin to transpile ES6
plugins:
  - serverless-webpack
  - serverless-offline

# serverless-webpack configuration
# Enable auto-packing of external modules
custom:
  webpack:
    webpackConfig: ./webpack.config.js
    includeModules: true

provider:
  name: aws
  runtime: nodejs8.10
  stage: prod
  region: us-east-1

  # 'iamRoleStatements' defines the permission policy for the Lambda function.
  # In this case Lambda functions are granted with permissions to access DynamoDB.
  iamRoleStatements:
    - Effect: Allow
      Action:
        - dynamodb:DescribeTable
        - dynamodb:Query
        - dynamodb:Scan
        - dynamodb:GetItem
        - dynamodb:PutItem
        - dynamodb:UpdateItem
        - dynamodb:DeleteItem
      Resource: "arn:aws:dynamodb:us-east-1:*:*"

functions:
  # Defines an HTTP API endpoint that calls the main function in create.js
  # - path: url path is /events
  # - method: POST request
  # - cors: enabled CORS (Cross-Origin Resource Sharing) for browser cross
  #     domain api call
  # - authorizer: authenticate using the AWS IAM role
  create:
    handler: create.main
    events:
      - http:
          path: events
          method: post
          cors: true
          authorizer: aws_iam

  get:
    # Defines an HTTP API endpoint that calls the main function in get.js
    # - path: url path is /events/{id}
    # - method: GET request
    handler: get.main
    events:
      - http:
          path: events/{id}
          method: get
          cors: true
          authorizer: aws_iam

  getPublic:
    # Defines an HTTP API endpoint that calls the main function in get.js
    # - path: url path is /events/{id}
    # - method: GET request
    handler: getPublic.main
    events:
      - http:
          path: public/events/{id}
          method: get
          cors: true

  list:
    # Defines an HTTP API endpoint that calls the main function in list.js
    # - path: url path is /events
    # - method: GET request
    handler: list.main
    events:
      - http:
          path: events
          method: get
          cors: true
          authorizer: aws_iam

  listPublic:
    # Defines an HTTP API endpoint that calls the main function in list.js
    # - path: url path is /events
    # - method: GET request
    handler: listPublic.main
    events:
      - http:
          path: public/events
          method: get
          cors: true

  update:
    # Defines an HTTP API endpoint that calls the main function in update.js
    # - path: url path is /events/{id}
    # - method: PUT request
    handler: update.main
    events:
      - http:
          path: events/{id}
          method: put
          cors: true
          authorizer: aws_iam

  delete:
    # Defines an HTTP API endpoint that calls the main function in delete.js
    # - path: url path is /events/{id}
    # - method: DELETE request
    handler: delete.main
    events:
      - http:
          path: events/{id}
          method: delete
          cors: true
          authorizer: aws_iam

# Create our resources with separate CloudFormation templates
resources:
  # API Gateway Errors
  - ${file(resources/api-gateway-errors.yml)}

  get:
    handler: get.main
    events:
      - http:
          path: notes/{id}
          method: get
          cors: true
          authorizer: aws_iam