AWS API Gateway with Lambda Authorizer
I am trying to configure an API Gateway which takes a proxy parameter from the request path, and also a parameter from the Lambda authorizer return and put it in the header,
-
Well... after getting nowhere with following the documentation, I went rogue and removed the "$" from "integration.request.header.x-api-auth"... AND THAT WORKED. Not sure how I feel about this.
Here is the complete working YAML file. I'm posting it here in case it should help someone else who is trying to set up a gateway which takes PROXY path and expects a return from a Lambda authorizer.
AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: Data API pipeline initial Cloudformation template Mappings: EnvironmentMapping: alpha: certificationArn: "" carfaxIpWhitelistRuleId: "" hostedZoneId: XYZ authLambda: "" sfdcAuthLambda: "" myApiNetworkLoadBalancer: "" sfdcAuthTimeout: 1 beta: certificationArn: "" carfaxIpWhitelistRuleId: "" hostedZoneId: XYZ authLambda: "" sfdcAuthLambda: "" myApiNetworkLoadBalancer: "" sfdcAuthTimeout: 1 prod: certificationArn: "" carfaxIpWhitelistRuleId: "" hostedZoneId: ABC authLambda: "" sfdcAuthLambda: "" myApiNetworkLoadBalancer: "" sfdcAuthTimeout: 1 Parameters: EnvironmentType: Type: "String" AllowedValues: - alpha - beta - prod Conditions: UseProdCondition: !Equals [!Ref EnvironmentType, prod] Resources: MyApiVpcLink: Type: AWS::ApiGateway::VpcLink Properties: Name: MYApiVpcLink Description: Allows data-api-gateway to access the VPC that feature-api is on. TargetArns: - !FindInMap [EnvironmentMapping, !Ref EnvironmentType, myApiNetworkLoadBalancer] DataApi: DependsOn: - MyApiVpcLink Type: AWS::Serverless::Api Properties: Name: !Sub "${EnvironmentType}-data-api" StageName: !Ref EnvironmentType DefinitionBody: swagger: 2.0 security: - ApiKey: [] info: title: !Sub "${EnvironmentType}-data-api" paths: /sfdc/v1/my-api/{proxy+}: x-amazon-apigateway-any-method: produces: - application/json parameters: - in: path name: proxy required: true schema: type: string - in: header name: x-api-auth required: true schema: type: string security: - SfdcAuthorizer: [] ApiKey: [] x-amazon-apigateway-api-key-source: HEADER x-amazon-apigateway-gateway-responses: ACCESS_DENIED: statusCode: 403 responseTemplates: application/json: '{\n\"message\": \"Access Denied\"}' x-amazon-apigateway-integration: httpMethod: ANY type: http_proxy connectionType: VPC_LINK connectionId: !Ref MyApiVpcLink passthroughBehavior: when_no_match uri: !If [UseProdCondition, 'http://myapp.production.aws-int.myorg.io/{proxy}',!Sub 'http://${EnvironmentType}-myapp.staging.aws-int.myorg.io/{proxy}'] requestParameters: integration.request.path.proxy: "method.request.path.proxy" integration.request.header.x-api-auth: "context.authorizer.x-api-auth" definitions: Empty: type: object Error: type: object properties: message: type: string securityDefinitions: SfdcAuthorizer: type: 'apiKey' name: 'Authorization' in: 'header' x-amazon-apigateway-authtype: 'custom' x-amazon-apigateway-authorizer: authorizerUri: !Join ['', [!Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/', !FindInMap [EnvironmentMapping, !Ref EnvironmentType, sfdcAuthLambda], '/invocations']] authorizerResultTtlInSeconds: !FindInMap [EnvironmentMapping, !Ref EnvironmentType, sfdcAuthTimeout] type: 'token' ApiKey: type: apiKey name: x-api-key in: header讨论(0)
加载中...
- 热议问题