5

我已经使用 CloudFormation 语法在我的 API Gateway 资源上声明了一个 HTTP 代理方法(在之前的这篇文章中有详细说明。)

我正在尝试附加一个“请求”类型的自定义授权方,它使用现有的 AWS Lambda 函数。无服务器文档有一个使用 CloudFormation 设置自定义授权者的不错示例。同时,serverless-offline 明确支持(源)请求范围的自定义授权。

在创建以下无服务器模板时,我已经密切交叉引用了AWS::ApiGateway::ResourceAWS::ApiGateway::Authorizer的相关 AWS CloudFormation 文档,以及相关的无服务器文档。但到目前为止,我没有从serverless-offline获得预期的输出或行为。

资源是在没有授权者的情况下创建的

当我启动以下无服务器配置时,没有为我的资源加载授权者。我看不到我的serverless.yml文件中有什么问题或缺失。你有什么建议吗?提前致谢!

➜  serverless-offline-attempt git:(master) ✗ npm start

> @ start /Users/freen/src/apig/serverless-offline-attempt
> ./node_modules/serverless/bin/serverless offline

Serverless: Starting Offline: dev/us-east-1.

Serverless: Routes defined in resources:
Serverless: ANY /upstream/{proxy*} -> http://upstream.company.cool/{proxy}

Serverless: Offline listening on http://localhost:3000

serverless.yml

以下模板文件包括 APIG 资源和授权方配置。

service: company-apig
provider:
  name: aws
  stage: dev
  runtime: python2.7

plugins:
  - serverless-offline

custom:
  serverless-offline:
    resourceRoutes: true

resources:
  Resources:
    # Parent APIG RestApi
    ApiGatewayRestApi:
      Type: AWS::ApiGateway::RestApi
      Properties:
        Name: company-apig
        Description: 'The main entry point of the APIG'

    # Shared Authorizers
    AuthorizeCompanyJWTAccessToken:
      Type: AWS::ApiGateway::Authorizer
      Properties:
        Name: AuthorizeCompanyJWTAccessToken
        Type: REQUEST
        RestApiId:
          Ref: ApiGatewayRestApi
        AuthorizerUri: 
          Fn::Join: 
            - ""
            - 
              - "arn:aws:apigateway:"
              - Ref: "AWS::Region"
              - ":lambda:path/2015-03-31/functions/"
              - "arn:aws:lambda:us-east-1:123456789012:function:jwt-tokens-staging-AccessTokenAuthorizer"
              - "/invocations"

    # Resource /upstream
    UpstreamResource:
      Type: AWS::ApiGateway::Resource
      Properties:
        ParentId:
          Fn::GetAtt:
            - ApiGatewayRestApi
            - RootResourceId
        PathPart: 'upstream'
        RestApiId:
          Ref: ApiGatewayRestApi

    # Resource /upstream/{proxy+}
    UpstreamProxyPath:
      Type: AWS::ApiGateway::Resource
      Properties:
        ParentId:
          Ref: UpstreamResource
        PathPart: '{proxy+}'
        RestApiId:
          Ref: ApiGatewayRestApi

    # Method ANY /upstream/{proxy+}
    UpstreamProxyAnyMethod:
      Type: AWS::ApiGateway::Method
      Properties:
        AuthorizationType: CUSTOM
        AuthorizerId:
          Ref: AuthorizeCompanyJWTAccessToken
        HttpMethod: ANY
        Integration:
          IntegrationHttpMethod: ANY
          Type: HTTP_PROXY
          Uri: http://upstream.company.cool/{proxy}
          PassthroughBehavior: WHEN_NO_MATCH
        MethodResponses:
          - StatusCode: 200
        ResourceId:
          Ref: UpstreamProxyPath
        RestApiId:
          Ref: ApiGatewayRestApi

有关的:

4

0 回答 0