amazon-cloudformation - 在 AWS::Serverless::Api 中将 API key 源设置为 Authorizer

我有一个通过 CloudFormation AWS::Serverless::Api 对象定义的 API。我需要它从其自定义授权方获取使用计划 keys,相当于 https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-apikeysourcetype。如何才能做到这一点?

这是我正在使用的当前定义,包括从正确配置的 API 导出的 OpenAPI 定义。我确实认为即使在将配置设置为 AUTHORIZER 之后,仍然为 api_key 列出 x-api-key 是很奇怪的。

RestApi:
    Type: AWS::Serverless::Api
    Properties:
      Name: !Sub ${AWS::StackName}-API
      StageName: !Ref ApiStageName
      MethodSettings:
        - CachingEnabled: false
          DataTraceEnabled: false
          HttpMethod: '*'
          LoggingLevel: INFO
          MetricsEnabled: true
          ResourcePath: '/*'
          ThrottlingBurstLimit: !Ref ThrottlingBurstLimit
          ThrottlingRateLimit: !Ref ThrottlingRateLimit
      AccessLogSetting:
        DestinationArn: !GetAtt ApiLogs.Arn
        # format is copied from an example generated by the web console
        Format: '{ "requestId":"$context.requestId", "ip": "$context.identity.sourceIp", "requestTime":"$context.requestTime", "httpMethod":"$context.httpMethod","routeKey":"$context.routeKey", "status":"$context.status","protocol":"$context.protocol", "responseLength":"$context.responseLength" }'
      CacheClusterEnabled: false
      TracingEnabled: true
      DefinitionBody: !Sub |
        openapi: "3.0.1"
        paths:
          /v2/oauth2/token:
            post:
              x-amazon-apigateway-integration:
                connectionId: "${RestApiVpcLink}"
                httpMethod: "POST"
                uri: "http://${VPCLinkLB.DNSName}/v2/oauth2/token"
                passthroughBehavior: "when_no_match"
                connectionType: "VPC_LINK"
                type: "http_proxy"
          /{proxy+}:
            x-amazon-apigateway-any-method:
              parameters:
                - name: "proxy"
                  in: "path"
                  required: true
                  schema:
                    type: "string"
              security:
                - LambdaAuthorizer: []
                - api_key: []
              x-amazon-apigateway-integration:
                connectionId: "${RestApiVpcLink}"
                httpMethod: "ANY"
                uri: "http://${VPCLinkLB.DNSName}/{proxy}"
                requestParameters:
                  integration.request.path.proxy: "method.request.path.proxy"
                passthroughBehavior: "when_no_match"
                connectionType: "VPC_LINK"
                type: "http_proxy"
        components:
          securitySchemes:
            LambdaAuthorizer:
              type: apiKey
              name: Authorization
              in: header
              x-amazon-apigateway-authtype: custom
              x-amazon-apigateway-authorizer:
                authorizerUri: "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GatewayAuthorizerLambda.Arn}/invocations"
                authorizerResultTtlInSeconds: 300
                identityValidationExpression: "Bearer .*"
                type: "token"
            api_key:
              type: "apiKey"
              name: "x-api-key"
              in: "header"

我主要使用 Serverless::Api 而不是它的组件 ApiGateway 对象,因为否则我发现阶段/部署非常令人头疼。

回答1

x-amazon-apigateway-api-key-source: AUTHORIZER 需要添加为 openapi: "3.0.1" 的兄弟。 https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-api-key-source.html 记录了该 openAPI 扩展。

看起来舞台导出中一定存在一个错误,导致此错误丢失。

相似文章

最新文章