[英]Is it possible to use the same domain for API Gateway and Static S3 bucket behind a Cloudfront distribution?
I'm currently creating a feedback app in AWS.我目前正在 AWS 中创建一个反馈应用程序。 I have the backend in Lambda which is connected to API Gateway and the frontend of it is served by a Static S3 bucket behind a Cloudfront distribution.我的后端在 Lambda 中,它连接到 API 网关,它的前端由 Cloudfront 分布后面的 Static S3 存储桶提供服务。
I would like to enable TLS 1.2 on the API Gateway, however, this only seems possible via Cloudfront.我想在 API 网关上启用 TLS 1.2,但是,这似乎只能通过 Cloudfront 实现。 I also want to be able to serve it on the same domain name but a different path as the S3 bucket.我还希望能够在与 S3 存储桶相同的域名但不同的路径上提供它。 Currently, the S3 bucket sits on feedback.domain.com.目前,S3 存储桶位于 feedback.domain.com。 I did have a custom dodmain hooked up to the API Gateway on api.feedback.domain.com, which would work when I made requests to it via Postman. However, when I made requests via the JavaScript on the S3 bucket pages, it would never work and I'd get a CORS error.我确实有一个自定义域名连接到 api.feedback.domain.com 上的 API 网关,当我通过 Postman 向它发出请求时,它会起作用。但是,当我通过 S3 存储桶页面上的 JavaScript 发出请求时, 它会从不工作,我会收到 CORS 错误。 I am happy to use this if more viable but I would need to ask another question about CORS.如果更可行,我很乐意使用它,但我需要问另一个关于 CORS 的问题。
I would like to get the API Gateway to sit on feedback.domain.com/api, because as far as I know, using the same domain as the page making the request should overcome CORS. I've tried the below setup but cannot get this to work.我想让 API 网关位于 feedback.domain.com/api 上,因为据我所知,使用与发出请求的页面相同的域应该克服 CORS。我尝试了以下设置但无法获得这个工作。
When I browse to feedback.domain.com/api, I get the error page I set up in Cloudfront.当我浏览到 feedback.domain.com/api 时,我看到了我在 Cloudfront 中设置的错误页面。 I've tried creating an invalidation so it has cleared the cache on the Cloudfront distribution, but this hasn't changed anything.我已经尝试创建一个失效,所以它已经清除了 Cloudfront 分发上的缓存,但这并没有改变任何东西。
I modified the setup so the S3 bucket's origin path was /web/* however i then proceed to get AccessDenied errors everywhere Setup:我修改了设置,因此 S3 存储桶的原始路径是 /web/* 但是我继续在任何地方设置 AccessDenied 错误:
Thank you in advance to anyone that can offer their wise wisdom:)提前感谢任何可以提供智慧的人:)
UPDATE:更新:
Below are my Cloudwatch Logs for the API stage.以下是我在 API 阶段的 Cloudwatch 日志。 I go to feedback.domain.com/api, get a 403 error with my custom error page defined in Cloudfront, but no log in Cloudwatch:我 go 到 feedback.domain.com/api,我在 Cloudfront 中定义的自定义错误页面出现 403 错误,但没有登录 Cloudwatch:
A note to @Caldazar, You mention 403 means I'm hitting the API, however, if I go to a none-valid url, feedback.domain.com/IDoNotExist I still get a 403 error.给@Caldazar 的注释,你提到 403 意味着我正在点击 API,但是,如果我将 go 转换为无效的 url,feedback.domain.com/IDoNotExist 我仍然会收到 403 错误。 I believe this is something to do with S3?我相信这与 S3 有关?
The problem is in your Origin path
.问题出在您的Origin path
中。
The Origin path
value is actually what will be appended to your request when it's sent to the origin. Origin path
值实际上是将请求发送到源时附加到您的请求的内容。 For example, a request to https://example.com/api/test
would result in a request being sent to https://example.com/api/*/api/test
例如,对https://example.com/api/test
请求将导致请求被发送到https://example.com/api/*/api/test
For API Gateway, your Origin path
should be your API stage, for example /dev
, /prod
...对于 API 网关,您的Origin path
应该是您的 API 阶段,例如/dev
, /prod
...
You should create additional behavior
that would have Path pattern /api/*
and Origin
set to your API origin
that you created above.您应该创建其他behavior
,将路径模式/api/*
和Origin
设置为您在上面创建的API origin
。
Since you would have /api/
in your path, this wouldn't be matched properly to the path you have in API Gateway
.由于您的路径中有/api/
,因此这不会与您在API Gateway
中的路径正确匹配。 To deal with that, you should add a CloudFront Function
to your API behavior
created above as part of the Viewer request
.为了解决这个问题,您应该将CloudFront Function
添加到上面作为Viewer request
一部分创建的API behavior
中。 CloudFront Functions
are at the bottom of the Edit behavior
page. CloudFront Functions
位于Edit behavior
页面的底部。 This function should change /api
to /
.这个 function 应该将/api
更改为/
。 This is code that works for me for such situations:这是适用于这种情况的代码:
function handler(event) {
var request = event.request;
var uri = request.uri;
// Check whether the URI starts with "api"
if (uri.startsWith('/api/')) {
request.uri = uri.replace('/api/', '/');
}
return request;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.