堆栈内存溢出
  简体   繁体   English

在 SAM (AWS IAC) 中将私有 API 网关连接到 VPC 的正确方法

[英]Proper way to connect Private API Gateway to VPC in SAM (AWS IAC)

 原文  2020-02-28 23:19:14       amazon-web-services/ yaml/ serverless

问题描述

I am trying to connect an AWS Private API Gateway to my VPC through a VPC Endpoint that already exists in my deployment stack, but when I check in the console I don't see a connection.我正在尝试通过部署堆栈中已存在的 VPC 终端节点将 AWS 私有 API 网关连接到我的 VPC,但是当我检查控制台时,我没有看到连接。

Below is some code snippets from my YML file.下面是我的 YML 文件中的一些代码片段。

I have pulled the VPC endpoint from SSM and have confirmed that this is the Endpoint ID.我已从 SSM 中提取 VPC 端点并确认这是端点 ID。 My VPE Endpoint ID comes up as vpce-XXXXXXXXXXXX in SSM under "APIGW"我的 VPE 端点 ID 在“APIGW”下的 SSM 中显示为 vpce-XXXXXXXXXXXX

Parameters:
  TenantName:
    Type: String
  Profile:
    Type: String

  ...

  # VPC params for API GW
  VPC:
    Type: String
  APIGW:
    Type: String

I then make my Private API Gateway as follows.然后我按如下方式制作我的私有 API 网关。 It contains one Lambda defined above this API.它包含在此 API 之上定义的一个 Lambda。

  PrivateApi:
    Type: AWS::Serverless::Api
    Properties:
      Name: PrivateApi
      StageName: v1
      MethodSettings:
        - HttpMethod: '*'
          ResourcePath: /*/*/*
          LoggingLevel: ERROR
          ThrottlingBurstLimit: 5000
          ThrottlingRateLimit: 10000
      EndpointConfiguration: PRIVATE
      DefinitionBody:
        swagger: 2.0
        info:
          title: PrivateApi
        x-amazon-apigateway-api-key-source: "HEADER"
        schemes:
          - https
        x-amazon-apigateway-policy:
          Version: "2012-10-17"
          Statement:
            -
              Effect: "Allow"
              Principal: "*"
              Action:
                - "execute-api:Invoke"
              Resource: "execute-api:/*"


              Condition:
                StringEquals:
                  aws:sourceVpce: !Ref APIGW 


        paths:
          /{proxy+}:
            x-amazon-apigateway-any-method:
              produces:
              - application/json
              parameters:
              - name: proxy
                in: path
                required: true
                type: string
              x-amazon-apigateway-integration:
                uri:
                  Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${HandleSecurityRouter.Arn}/invocations
                httpMethod: POST
                type: aws_proxy

But if I look in the console after a successful deployment using the SAM tool, the API Gateway is not connected to any VPC endpoints.但是,如果我在使用 SAM 工具成功部署后查看控制台,API 网关未连接到任何 VPC 端点。

Any help in getting this VPC endpoint to connect to my Private API Gateway with SAM would be much appreciated!非常感谢让此 VPC 端点连接到我的私有 API 网关与 SAM 的任何帮助!

2 个解决方案

解决方案1
 3  2020-03-02 17:07:31

After making a version of what I needed in the console and turning it back into YML with the AWS "Export as Swagger" feature under "API"->Stages->"Stage"->Export, I found an undocumented or hard to find property of API Gateway swagger that needs to be added to link a Private Gateway to a VPC through a VPC endpoint.在控制台中制作了我需要的版本并使用 AWS“API”->“阶段”->“阶段”->“导出”下的“导出为 Swagger”功能将其转换回 YML 后,我发现了一个未记录或难以找到的需要添加 API Gateway swagger 属性以通过 VPC 端点将私有网关链接到 VPC。

What is needed is the following lines in your swagger:需要的是你的招摇中的以下几行:

      DefinitionBody:
        swagger: 2.0
        ...
        x-amazon-apigateway-endpoint-configuration:
          vpcEndpointIds:
            - !Ref API-Gateway-ID

解决方案2
 0  2020-11-18 23:23:57

It worked for me adding the line below servers -> url -> x-amazon-apigateway-endpoint-configuration :它对我有用,在下面添加行servers -> url -> x-amazon-apigateway-endpoint-configuration

openapi: "3.0.2"
info:
  title: "APIGW-TEST-01"
  version: "1.0"
servers:
- url: "https://asdf.execute-api.us-east-1.amazonaws.com/{basePath}"
  variables:
    basePath:
      default: "/test"
  x-amazon-apigateway-endpoint-configuration:
    vpcEndpointIds:
    - "vpce-0asdf"
paths:  
...

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS API 网关在私有 VPC 中调用 api - AWS API Gateway call api in private VPC 通过VPC端点的AWS私有API网关 - AWS private API Gateway through VPC Endpoint AWS VPC 私有链接 - API 网关 - AWS VPC private link - API gateway 如何将 lambda function(在 api 网关后面)连接到 vpc 中的私有 rds - how to connect a lambda function (behind an api gateway) to a private rds in a vpc 使用 SAM 将 VPC 端点附加到 PRIVATE Rest API - Attach VPC endpoint to PRIVATE Rest API with SAM 如何连接到私有 VPC 中的 AWS IAM API? - How can I connect to the AWS IAM API in a private VPC? AWS kinesis firehouse 无法连接到 AWS 私有 api 网关 - AWS kinesis firehouse not able to connect to aws private api gateway SAM 部署的具有持续响应的 AWS API 网关 - AWS API Gateway with constant response deployed by SAM SAM 中 AWS API 网关的授权设置 - Authorization setting in SAM for AWS API Gateway AWS SAM - 通过 SAM 模板在 API 网关方法中强制执行请求验证 - AWS SAM - Enforcing Request Validation in API Gateway Method by SAM Template
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM