[英]Using an existing API key with the Serverless Framework in AWS
In the serverless.yml
file you can specify the name of an API key to use with functions in the deployed API. 在serverless.yml
文件中,您可以指定要与已部署API中的函数一起使用的API密钥的名称。 You list the API key name(s), and then mark the methods you wish to secure with it as private. 列出API密钥名称,然后将要保护的方法标记为私有。 For example: 例如:
provider:
name: aws
runtime: nodejs4.3
cfLogs: true
apiKeys:
- MyAPIKey
Upon deploy, the framework generates the API key and assigns it to the functions. 部署后,框架会生成API密钥并将其分配给函数。 It generates the key even if one with the same name already exists in the environment. 即使环境中已存在具有相同名称的密钥,它也会生成密钥。
Is there a way to specify an existing API key, rather than have the framework generate it? 有没有办法指定现有的API密钥,而不是让框架生成它? We really wish to keep generating the key separate from deployments. 我们真的希望继续生成与部署分开的密钥。
I know this is old, but I've had this problem recently and solved it, so I thought I'd put what I found here. 我知道这是旧的,但我最近遇到了这个问题并解决了它,所以我想我会把我在这里找到的东西。
This answer is based on this forum post, which required a bit of context for me to get working: https://forum.serverless.com/t/using-an-existing-api-key/770 这个答案是基于这个论坛帖子,这需要一些上下文让我工作: https : //forum.serverless.com/t/using-an-existing-api-key/770
Using the resources section it is possible to add custom CloudFormation configs into your deployment. 使用资源部分,可以将自定义CloudFormation配置添加到部署中。 This includes adding in a custom usage plan with specific api keys enabled: 这包括添加启用了特定api密钥的自定义使用计划:
https://serverless.com/framework/docs/providers/aws/guide/resources/ https://serverless.com/framework/docs/providers/aws/guide/resources/
The structure is roughly as follows, with explanations below: 结构大致如下,解释如下:
resources:
Resources:
MyServiceUsagePlan:
Type: "AWS::ApiGateway::UsagePlan"
DependsOn: ApiGatewayRestApi
Properties:
UsagePlanName: ${self:service}-${self:provider.stage}-usagePlan
Quota:
Limit: 10000
Offset: 0
Period: DAY
Throttle:
BurstLimit: 20
RateLimit: 10
ApiStages:
-
ApiId:
Ref: ApiGatewayRestApi
Stage: ${self:provider.stage}
MyServiceKey:
Type: "AWS::ApiGateway::UsagePlanKey"
DependsOn: MyServiceUsagePlan
Properties :
KeyId: ${file(./conf/${self:provider.stage}.yml):MyServiceKeyId}
KeyType: API_KEY
UsagePlanId:
Ref: MyServiceUsagePlan
Each of these Resources are named after the key you give them. 这些资源中的每一个都以您提供的密钥命名。 Serverless gives you the name of the serverless-generated Resource names in case you wish to overwrite parts of them or reference them. 无服务器为您提供无服务器生成的资源名称的名称,以防您要覆盖它们的一部分或引用它们。 You can name them pretty much anything, though, as long as it matches CloudFormation naming requirements. 但是,只要符合CloudFormation命名要求,您就可以为它们命名。
Serverless does add a few variables, though: 但无服务器确实添加了一些变量:
Additionally, some behaviour about usage plans and usage plan keys: 此外,有关使用计划和使用计划密钥的一些行为:
You may be interested in creating your auth structure outside of any one api deployment and using CloudFormation's (via Serverless) Outputs service to get the ARN and/or ID of each of the resources you've created: 您可能有兴趣在任何一个api部署之外创建auth结构,并使用CloudFormation(通过无服务器)输出服务来获取您创建的每个资源的ARN和/或ID:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/outputs-section-structure.html http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/outputs-section-structure.html
Outputs uses the same format as Resources and an example can be seen in the example aws serverless.yml. 输出使用与Resources相同的格式,示例aws serverless.yml中可以看到一个示例。 This will allow you to change the usage plans independent of the apis themselves and maintain that separately. 这将允许您独立于apis本身更改使用计划并单独维护。 You can save those outputs for use by your apis, using a javascript variable reference to add only the plans that should be enabled on a per-stage, per-api basis. 您可以保存这些输出以供api使用,使用javascript变量引用仅添加应在每个阶段per-api上启用的计划。
tl;dr - Use the resources structure to make raw CloudFormation configs. tl; dr - 使用资源结构进行原始CloudFormation配置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.