堆栈内存溢出
  简体   繁体   English

AWS Websocket 多区域权限

[英]AWS Websocket Multi-Region permissions

 原文  2022-08-23 22:41:45       amazon-web-services/ aws-lambda/ websocket/ aws-api-gateway/ aws-regions

问题描述

I'm trying to setup multi-region for our Typescript application that supports websockets.我正在尝试为支持 websocket 的 Typescript 应用程序设置多区域。

I've created Route53 records that are weighted evenly to distribute requests to the different regions.我创建了加权平均的 Route53 记录,以将请求分发到不同的区域。 When I try to call the postToConnection function, I get the following error message (when I try to call cross-region):当我尝试调用postToConnection function 时,我收到以下错误消息(当我尝试调用跨区域时):

{
  "code": "InvalidSignatureException",
  "message": "Credential should be scoped to a valid region, not 'us-east-1'. ",
  "statusCode": 403,
  ...
}

Referenced here: https://docs.aws.amazon.com/general/latest/gr/signature-v4-troubleshooting.html此处引用: https://docs.aws.amazon.com/general/latest/gr/signature-v4-troubleshooting.html

I then tried to create separate clients (ApiGatewayManagementApi[]) that are region specific, and received this error message:然后,我尝试创建特定于区域的单独客户端 (ApiGatewayManagementApi[]),并收到以下错误消息:

{
  "code": "ForbiddenException",
  "message": "Forbidden",
  "statusCode": 403,
  ...
}

The lambda function that is called for the $default route (which is throwing the above errors) has the following permissions:为 $default 路由(抛出上述错误)调用的 lambda function 具有以下权限:

{
  "effect": "allow",
  "actions": ["execute-api:*"],
  "resources": ["arn:aws:execute-api:*:${ACCOUNT-ID}:*/*"],
}

Any ideas on how to get these calls working?关于如何让这些电话正常工作的任何想法?

1 个解决方案

解决方案1
 0 已采纳  2022-09-06 13:25:14

The problem was in my instantiation of the ApiGatewayManagementApi array that was meant to be region specific.问题在于我对 ApiGatewayManagementApi 数组的实例化,该数组是针对特定区域的。 I was not setting the region of the client (just the region specific endpoint).我没有设置客户端的region (只是区域特定的端点)。 Once I ensured that the region was set properly, then I was able to get the cross-region websockets working!一旦我确保region设置正确,我就可以让跨区域 websocket 正常工作!

** I also found this solution, which would've been a lot more effort for my configuration, but if you're just getting started, it may be better to follow as it is well documented: https://aws.amazon.com/blogs/compute/building-serverless-multi-region-websocket-apis/ ** 我还找到了这个解决方案,这对我的配置来说会花费更多的精力,但如果您刚刚开始,最好遵循它,因为它有据可查: https://aws.amazon。 com/blogs/compute/building-serverless-multi-region-websocket-apis/

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 多区域访问 AWS CLI - Multi-region access AWS CLI 多区域应用程序的 AWS 延迟改进 - AWS latency improvements for multi-region applications AWS多区域Web应用程序 - AWS multi-region web app AWS 中的多区域 Cassandra 仅在本地显示“节点工具状态” - Multi-Region Cassandra in AWS only local shows on "nodetool status" 失效在 AWS DynamoDB DAX 多区域中如何工作 - How does invalidation work in AWS DynamoDB DAX multi-region 具有集中登录服务的AWS多区域Web应用程序 - AWS Multi-Region webapp with centralised login services 哪个Snitch用于AWS上的多az,多区域dse集群? - Which Snitch to use for a multi-az, multi-region dse cluster on AWS? Hadoop超时尝试在AWS多区域配置中写入Cassandra - Hadoop timing out trying to write to Cassandra in AWS multi-region configuration aws-cdk kms 多区域密钥。 什么构造函数用于设置区域? - aws-cdk kms multi-region key. What constructors use to setup regions? 为多区域保持 AWS API Gateway-Rest APIs 同步 - Keeping AWS API Gateway-Rest APIs on Sync for multi-region
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM