在 AWS 上使用带有 api 密钥的 2 个阶段时,如何修复无服务器错误“指定的 API 密钥标识符无效”?
[英]How to fix Serverless error "Invalid API Key identifier specified" when using 2 stages with api keys on AWS?
问题描述
I am using the following configuration to deploy a couple lambda functions to different stages prod and dev on AWS.
我正在使用以下配置将几个prod函数部署到 AWS 上不同的生产和dev阶段。 Both stages should be protected with an api key which is stored in SSM.这两个阶段都应使用存储在 SSM 中的 api 密钥进行保护。
serverless.yml无服务器.yml
service: my-service
frameworkVersion: "3"
provider:
name: aws
runtime: nodejs16.x
region: eu-central-1
apiGateway:
apiKeys:
- name: my-apikey
value: ${ssm:my-apikey}
functions:
v1_myfunc:
handler: src/api/myfunc/get_func.get
events:
- http:
path: /v1/myfunc
method: get
private: true
plugins:
- serverless-esbuild
- serverless-offline
- serverless-dotenv-plugin
My deployment scripts look like this:我的部署脚本如下所示:
package.json package.json
"scripts": {
"deploy:dev": "serverless deploy --stage dev",
"deploy:prod": "serverless deploy --stage prod"
}
The problem:问题:
When I deploy one of the stages then everything works fine.当我部署其中一个阶段时,一切正常。 But if I deploy the other one afterwards, I always get the following error (in this case I deployed prod first, and then dev):但是如果我之后部署另一个,我总是会收到以下错误(在这种情况下,我先部署了 prod,然后部署了 dev):
Deploying my-service to stage dev (eu-central-1)
✖ Stack my-service-dev failed to deploy (46s)
Environment: darwin, node 16.15.0, framework 3.23.0, plugin 6.2.2, SDK 4.3.2
Credentials: Local, "default" profile
Error:
Invalid API Key identifier specified
error Command failed with exit code 1.
Looking into AWS console, I noticed that the generated api key has the same id for both stacks (dev and prod).查看 AWS 控制台,我注意到生成的 api 密钥对于两个堆栈(开发和生产)具有相同的 ID 。 So, I'm guessing this is where the problem is: Both stacks sharing the same api key instance.所以,我猜这就是问题所在:两个堆栈共享相同的 api 密钥实例。
So, I tried to fix this by setting different api key names for each stage:因此,我尝试通过为每个阶段设置不同的 api 键名来解决此问题:
- name: my-apikey-${self:provider.stage}
value: ${ssm:my-apikey}
But this doesn't solve the problem, as I'm still getting this error:但这并不能解决问题,因为我仍然收到此错误:
Invalid API Key identifier specified
Question: How do I have to change my serverless.yml config to fix the issue?问题:如何更改我的serverless.yml配置以解决问题?
1 个解决方案
解决方案1
0 2023-02-02 08:11:21
I think what's going on here is your.serverless folder contains some output thatis being reused between stages and is breaking your deployment, normally you wouldn't deploy both(so you'd have staging for branches and then deploy master to prod).我认为这里发生的事情是 your.serverless 文件夹包含一些 output,它在阶段之间被重用并且正在破坏你的部署,通常你不会部署两者(所以你会为分支准备阶段,然后将 master 部署到 prod)。
To prove that remove the.serverless folder do the second deploy I suppose?我想要证明删除 the.serverless 文件夹会进行第二次部署吗?
Try this, please?试试这个,好吗? It's a bit of a guess since I'm travelling today so I'm on my phone and can't test it.这有点猜测,因为我今天正在旅行,所以我在手机上无法测试。 Basically what it does is a dynamic config depending on the stage you specify, that should trigger a change in the outputted cloudformation in the.serverless folder i think .基本上它的作用是根据您指定的阶段进行动态配置,我认为这应该会触发 the.serverless 文件夹中输出的 cloudformation 的变化。 (please check the indentation on the APIG section as you can't tab on mobile) (请检查 APIG 部分的缩进,因为您无法在移动设备上使用 Tab 键)
service: my-service
frameworkVersion: "3"
provider:
name: aws
runtime: nodejs16.x
region: eu-central-1
apiGateway:
apiKeys:
${self:custom.apiTest.${sls:stage}}
functions:
v1_myfunc:
handler: src/api/myfunc/get_func.get
events:
- http:
path: /v1/myfunc
method: get
private: true
plugins:
- serverless-esbuild
- serverless-offline
- serverless-dotenv-plugin
custom:
apiTest:
dev:
- name: // the name for dev
value: // the value for dev
prod:
- name: // the name for prod
value: // the value for prod
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.