[英]CloudFront 403 Forbidden Exception (AWS SAM Template)
我正在使用 AWS SAM Cli 和模板部署无服务器应用程序,但是 API 网关资源在尝试 curl / Z03D476861AFD3841110F2CB80CCFA8 时返回 403 ForbiddenException 错误。 尝试在网上查找,但无法找到任何解决我问题的答案,并且想知道这里是否有人以前经历过这种情况。
模板.yaml:
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Globals:
Function:
Runtime: nodejs10.x
MemorySize: 256
Api:
Cors:
AllowMethods: "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'"
AllowHeaders: "'Content-Type,X-Amz-Date,X-Amz-Security-Token,Authorization,X-Api-Key,X-Requested-With,Accept,Access-Control-Allow-Methods,Access-Control-Allow-Origin,Access-Control-Allow-Headers'"
AllowOrigin: "'*'"
Parameters:
ApiKey:
Type: String
Default: none
Conditions:
CreateApiKey: !Not [!Equals [!Ref ApiKey, 'none']]
Resources:
# DynamoDB table setup
DyanmoDBStoryTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: Stories
AttributeDefinitions:
- AttributeName: short_id
AttributeType: S
KeySchema:
- AttributeName: short_id
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 0
WriteCapacityUnits: 0
BillingMode: PAY_PER_REQUEST
# Log group
DynamoSaveStoryLogGroup:
Type: AWS::Logs::LogGroup
DependsOn: [DynamoSaveStoryLambda]
Properties:
RetentionInDays: 30
LogGroupName: !Sub '/aws/lambda/${DynamoSaveStoryLambda}'
DynamoGetStoryLogGroup:
Type: AWS::Logs::LogGroup
DependsOn: [DynamoGetStoryLambda]
Properties:
RetentionInDays: 30
LogGroupName: !Sub '/aws/lambda/${DynamoGetStoryLambda}'
DynamoUpdateStoryLogGroup:
Type: AWS::Logs::LogGroup
DependsOn: [DynamoUpdateStoryLambda]
Properties:
RetentionInDays: 30
LogGroupName: !Sub '/aws/lambda/${DynamoUpdateStoryLambda}'
# Lambda Fn
DynamoSaveStoryLambda:
Type: AWS::Serverless::Function
Properties:
Policies:
- AmazonDynamoDBFullAccess
Handler: src/lambdas/save-story.handler
Timeout: 10
Events:
SaveStory:
Type: Api
Properties:
RestApiId: !Ref ApiGateway
Path: /story
Method: post
DynamoGetStoryLambda:
Type: AWS::Serverless::Function
Properties:
Policies:
- AmazonDynamoDBFullAccess
Handler: src/lambdas/get-story.handler
Timeout: 10
Events:
SaveStory:
Type: Api
Properties:
RestApiId: !Ref ApiGateway
Path: /story/{shortId}
Method: get
DynamoUpdateStoryLambda:
Type: AWS::Serverless::Function
Properties:
Policies:
- AmazonDynamoDBFullAccess
Handler: src/lambdas/update-story.handler
Timeout: 10
Events:
SaveStory:
Type: Api
Properties:
RestApiId: !Ref ApiGateway
Path: /story/{shortId}
Method: post
# Custom API gateway setup API Keys & usage plans
ApiGateway:
Type: AWS::Serverless::Api
Properties:
StageName: Prod
Auth:
ApiKeyRequired: true
UsagePlan:
Type: AWS::ApiGateway::UsagePlan
DependsOn: [ApiGatewayProdStage]
Condition: CreateApiKey
Properties:
ApiStages:
- ApiId: !Ref ApiGateway
Stage: Prod
DynamoLambdasApiKey:
Type: AWS::ApiGateway::ApiKey
DependsOn: [UsagePlan]
Condition: CreateApiKey
Properties:
Value: !Ref ApiKey
Enabled: true
StageKeys:
- RestApiId: !Ref ApiGateway
StageName: Prod
UsagePlanKey:
Type: AWS::ApiGateway::UsagePlanKey
Condition: CreateApiKey
Properties:
KeyId: !Ref DynamoLambdasApiKey
KeyType: API_KEY
UsagePlanId: !Ref UsagePlan
Outputs:
StoryApi:
Description: Serverless api url generated by AWS Cloudformation upon stack deployment
Value: !Sub 'https://${ApiGateway}.execute-api.${AWS::Region}.amazonaws.com/prod'
ApiKey:
Description: Api key to authorize access in API Gateway
Value: !Ref ApiKey
SAM CLI Version: 0.47.0
错误:
Date →Sun, 26 Apr 2020 19:22:02 GMT
Content-Type →application/json
Content-Length →23
Connection →keep-alive
x-amzn-RequestId →01d6b9ec-dcf0-484c-be07-6b629437b305
x-amzn-ErrorType →ForbiddenException
x-amz-apigw-id →Lm_WOF9ZvHcF7nQ=
直接从 AWS Lambda 控制台对其进行测试可以正常工作并生成 cloudwatch 日志,但是当我使用部署期间生成的 API url 卷曲/邮递请求时,无法正常工作。 我尝试了以下方法:
x-api-key
header 并验证 AWS 控制台中的 API 网关是否设置了正确的 API 密钥options
端点该错误表明这是一个云端问题,因此我已确认 S3 存储桶具有公共访问权限。 AWS 控制台中没有其他云端资源。 我不知道是什么阻止了请求。
答案比我想象的要简单,但对于遇到此问题的其他人来说,查询参数区分大小写。 The output url from the serverless application model deployment returns https://${serverlessAppId}.execute-api.${region}.amazonaws.com/${StageName}
.
在我的情况下, StageName
是Prod
,我以prod
的身份提出请求
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.