我对 jwt 授权 lambda 函数的策略大小有疑问,所以我想通过配置 serverless.yml 文件来减少策略大小,以使用通配符(*)生成策略。我可以为 serverless.yml 中的所有功能设置全局授权者吗?
这是我的基于资源的策略的示例
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"Service": "apigateway.amazonaws.com"
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:ap-southeast-1-jwtAuthorizer",
"Condition": {
"ArnLike": {
"AWS:SourceArn": "arn:aws:execute-api:ap-southeast-1-abcdefg123"
}
}
},
{
"Sid": "2",
"Effect": "Allow",
"Principal": {
"Service": "apigateway.amazonaws.com"
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:ap-southeast-1-jwtAuthorizer",
"Condition": {
"ArnLike": {
"AWS:SourceArn": "arn:aws:execute-api:ap-southeast-1-abcdefg456"
}
}
},
我想像这样改变它。
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"Service": "apigateway.amazonaws.com"
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:ap-southeast-1-jwtAuthorizer",
"Condition": {
"ArnLike": {
"AWS:SourceArn": "arn:aws:execute-api:ap-southeast-1-*"
}
}
}
serverless.yml 文件示例。我为每个功能设置了授权人。我想把它改成全局的。
functions:
searchByProvince:
handler: handler.searchByProvince
reservedConcurrency: 10
events:
- http:
path: /
method: get
cors:
origin: "*"
authorizer:
arn: arn:aws:lambda:${self:provider.region}:${self:custom.accountId}:jwtAuthorizer
province:
handler: handler.province
reservedConcurrency: 10
events:
- http:
path: /provinces
method: get
cors:
origin: "*"
authorizer:
arn: arn:aws:lambda:${self:provider.region}:${self:custom.accountId}:-${self:provider.stage}-jwtAuthorizer