[英]AmazonWebService - Should i use AWS API Gateway or AWS SDK
I'm trying to call a lambda function from NodeJS.我正在尝试从 NodeJS 调用 lambda 函数。 After research i know 2 ways to do it:
经过研究,我知道有两种方法可以做到:
What are pros and cons of API Gateway and AWS SDK? API Gateway 和 AWS SDK 的优缺点是什么? And when to use each way above?
以及何时使用上述每种方式?
It depends.这取决于。 API Gateway is mostly used to give temporary access to Lambda functions in environments that are not secure (ie browsers, desktop apps, NOT servers).
API 网关主要用于在不安全的环境(即浏览器、桌面应用程序、非服务器)中提供对 Lambda 函数的临时访问。
If your environment is secure, as in it runs on an EC2 instance with an IAM role, or another server with secure stored credentials, then feel free to use the SDK and call the Lambda function correctly.如果您的环境是安全的,因为它在具有 IAM 角色的 EC2 实例上运行,或者在具有安全存储凭据的另一台服务器上运行,那么请随意使用 SDK 并正确调用 Lambda 函数。
If you need to expose your Lambda function to the entire internet, or to authorised users on the web, or to any user that has the potential to grab the access key and secret during transit, then you will want to stick API Gateway in front.如果您需要将您的 Lambda 函数公开给整个互联网,或公开给网络上的授权用户,或公开给任何有可能在传输过程中获取访问密钥和秘密的用户,那么您将希望将 API 网关放在前面。
With API Gateway you can secure your Lambda functions with API keys, or through other authorisers such as Amazon Cognito so that users need to sign in before they can use the API endpoint.借助 API Gateway,您可以使用 API 密钥或通过其他授权方(例如 Amazon Cognito)保护您的 Lambda 函数,以便用户需要先登录才能使用 API 终端节点。 This way they only gain temporary credentials, rather than permanent ones that shouldn't be available to anyone.
这样他们只能获得临时凭证,而不是任何人都不应获得的永久凭证。
I disagree with _DF about the security concern on invoking lambda directly through client.我不同意 _DF 关于直接通过客户端调用 lambda 的安全问题。 Over the 4 years I implementing Client + AWS SDK on my serverless approach.
在过去的 4 年里,我在我的无服务器方法中实施了客户端 + AWS SDK。 Direct hit to all microservices we have such as Lambda, DynamoDB, S3, SQS, etc.
直接访问我们拥有的所有微服务,例如 Lambda、DynamoDB、S3、SQS 等。
To work with this approach, we have to strong understand about IAM Role Policy including its statements concept, Authentication Token, AWS Credential, and Token - Credential exchange.要使用这种方法,我们必须深入了解 IAM 角色策略,包括其声明概念、身份验证令牌、AWS 凭证和令牌 - 凭证交换。
For me, using SDK is better to implement serverless rather than API Gateway.对我来说,使用 SDK 比 API Gateway 更适合实现 Serverless。 Why I prefer to implementing SDK instead of API on my serverless infra?
为什么我更喜欢在我的无服务器基础设施上实现 SDK 而不是 API?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.