![](/img/trans.png)
[英]AWS IAM API Cloudformation help for Access Key/Secret key authorization
[英]How to secure AWS API Gateway with Access and Secret Keys in CloudFormation?
我使用適用於Visual Studio的AWS工具包模板創建了無服務器Lambda應用程序(我使用了教程:使用AWS Lambda構建和測試無服務器應用程序 )。 我選擇了“空無服務器項目”,並創建了鏈接到API Gateway的簡單lambda函數 。
CloudFormation模板如下所示:
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Transform" : "AWS::Serverless-2016-10-31",
"Description" : "An AWS Serverless Application.",
"Resources" : {
"Get" : {
"Type" : "AWS::Serverless::Function",
"Properties": {
"Handler": "AWSServerless::AWSServerless.Functions::Get",
"Runtime": "dotnetcore2.0",
"CodeUri": "",
"MemorySize": 256,
"Timeout": 30,
"Role": null,
"Policies": [ "AWSLambdaBasicExecutionRole" ],
"Events": {
"PutResource": {
"Type": "Api",
"Properties": {
"Path": "/",
"Method": "GET"
}
}
}
}
}
},
"Outputs" : {
"ApiURL" : {
"Description" : "API endpoint URL for Prod environment",
"Value" : { "Fn::Sub" : "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/" }
}
}
}
現在,我需要使用訪問和秘密密鑰來保護我的API網關 。 我已經調查了一下,如果我是正確的話,應該看起來像下一個:
"security":[{"sigv4":[]}]
但是我仍然不清楚我應該在哪里使用它? 可能我錯了,也可以用另一種方式完成。 所以我的問題是:
如何使用CloudFormation中的訪問和秘密密鑰保護API網關 ?
以下示例創建一個自定義授權人,該人是一個AWS Lambda函數。
"Authorizer": {
"Type": "AWS::ApiGateway::Authorizer",
"Properties": {
"AuthorizerCredentials": { "Fn::GetAtt": ["LambdaInvocationRole", "Arn"] },
"AuthorizerResultTtlInSeconds": "300",
"AuthorizerUri" : {"Fn::Join" : ["", [
"arn:aws:apigateway:",
{"Ref" : "AWS::Region"},
":lambda:path/2015-03-31/functions/",
{"Fn::GetAtt" : ["LambdaAuthorizer", "Arn"]}, "/invocations"
]]},
"Type": "TOKEN",
"IdentitySource": "method.request.header.Auth",
"Name": "DefaultAuthorizer",
"RestApiId": {
"Ref": "RestApi"
}
}
}
(更新)
關於如何在模板中使用授權者的SO線程
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.