403 禁止从 AWS
[英]403 forbidden from AWS
问题描述
I have completed the Notes App tutorial on https://serverless-stack.com (the only change being that I am connecting to a MongoDB).
我已经完成了https://serverless-stack.com上的 Notes App 教程(唯一的变化是我连接到了 MongoDB)。 The Notes App was created by using the infrastructure ymls in 'Resources'. Notes 应用程序是通过使用“资源”中的基础结构 ymls 创建的。 Everything is working.一切正常。
I then decided to alter the serverless.yml and add back in the supplied 'hello' api (including adding the handler.js to the project).然后我决定更改 serverless.yml 并添加回提供的“hello”api(包括将 handler.js 添加到项目中)。 This API simply returns a message.此 API 仅返回一条消息。 With that done I then executed $serverless deploy —stage dev The Notes app continues to work.完成后,我然后执行$serverless deploy —stage dev Notes 应用程序继续工作。
Executing the 'hello' API in the Amazon API Gateway gives 200, ok.在 Amazon API Gateway 中执行 'hello' API 给出 200,好的。 When I run an npx aws-api-gateway-cli-test with the —path-template='/hello' it gives me a '403 forbidden'.当我使用—path-template='/hello'运行npx aws-api-gateway-cli-test ,它给了我一个“403 禁止”。 When I run npx aws-api-gateway-cli-test with the --path-template='/notes' it gives me 200, ok.当我使用--path-template='/notes'运行npx aws-api-gateway-cli-test ,它给了我 200,好的。
I don't understand why the call to 'hello' is 403 forbidden?我不明白为什么 'hello' 的调用是 403 被禁止的?
Aside : the reason I added the supplied 'hello' API back in is because I have also set up a new project (in the same way as the Notes app) that is having the same issue - I can't call any of this new projects APIs (which I have written) as they all give '403 forbidden'.旁白:我重新添加提供的“hello”API 的原因是因为我还设置了一个具有相同问题的新项目(与 Notes 应用程序的方式相同) - 我无法调用任何新项目项目 API(我已编写),因为它们都给出了“403 禁止”。
Here is the 'hello' API as defined in the serverless.yml:这是 serverless.yml 中定义的“hello”API:
hello:
handler: handler.hello
events:
- http:
path: hello
method: get
authorizer: aws_iam
I have verified that:我已经证实:
npx aws-api-gateway-cli-test is being called with --path-template='/hello' . npx aws-api-gateway-cli-test正在使用--path-template='/hello'调用。
npx aws-api-gateway-cli-test defaults to GET. npx aws-api-gateway-cli-test默认为 GET。
The --invoke-url='https://“ID”.execute-api.us-east-2.amazonaws.com/dev' looks ok too. --invoke-url='https://“ID”.execute-api.us-east-2.amazonaws.com/dev'看起来也不错。
The path is defined in serverless.yml as 'hello' with a method of GET.路径在 serverless.yml 中定义为“hello”,方法为 GET。
The handler is called handler.js and contains a function called hello (as supplied by the tutorial).处理程序称为handler.js并包含一个名为hello的函数(由教程提供)。
Checking in API Gateway > Stages > dev the Invoke URL is given as https://“ID”.execute-api.us-east-2.amazonaws.com/dev/hello .在API Gateway > Stages > dev检查 Invoke URL 为https://“ID”.execute-api.us-east-2.amazonaws.com/dev/hello 。 (In both cases “ID” is replaced with the correct matching ID without quotes) (在这两种情况下,“ID”都被替换为不带引号的正确匹配 ID)
The only other difference from the tutorial is, as I am not connecting to Dynamo, I don't have any iamRoleStatements defined in the serverless.yml.与本教程的唯一不同之处在于,由于我没有连接到 Dynamo,因此我没有在 serverless.yml 中定义任何 iamRoleStatements。
Any help greatly appreciated as I completely new to this.任何帮助都非常感谢,因为我对此完全陌生。 Thanks.谢谢。
1 个解决方案
解决方案1
0 2020-03-29 13:31:04
You basically answered your question你基本上回答了你的问题
I don't have any iamRoleStatements
You need to ensure proper IAM roles are supplied for lambda service and API gateway.您需要确保为 lambda 服务和 API 网关提供正确的 IAM 角色。 They do not come preconfigured.它们没有预先配置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.