[英]AWS Cloudformation Link API Key to API Gateway
我有以下 Cloudformation 模板,我正在嘗試通過 SAM 進行部署。 此模板正確創建了 DynamoDB 表、API 密鑰、Lambda 函數和 API 網關,但我不知道需要在模板中指定什么才能將 API KEY 與 API 網關相關聯。
我發現了很多顯示部分示例的片段,但我正在努力將它們拼湊在一起。
先感謝您,
丹尼
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31
Parameters:
TableName:
Type: String
Default: 'influencetabletest'
Description: (Required) The name of the new DynamoDB table Minimum 3 characters
MinLength: 3
MaxLength: 50
AllowedPattern: ^[A-Za-z-]+$
ConstraintDescription: 'Required parameter. Must be characters only. No numbers allowed.'
CorsOrigin:
Type: String
Default: '*'
Description: (Optional) Cross-origin resource sharing (CORS) Origin. You can specify a single origin, all "*" or leave empty and no CORS will be applied.
MaxLength: 250
Conditions:
IsCorsDefined: !Not [!Equals [!Ref CorsOrigin, '']]
Resources:
ApiKey:
Type: AWS::ApiGateway::ApiKey
DependsOn:
- ApiGetter
Properties:
Name: "TestApiKey"
Description: "CloudFormation API Key V1"
Enabled: "true"
ApiGetter:
Type: AWS::Serverless::Api
Properties:
StageName: prd
DefinitionBody:
swagger: 2.0
info:
title:
Ref: AWS::StackName
paths:
/getdynamicprice:
post:
responses: {}
x-amazon-apigateway-integration:
httpMethod: POST
type: aws_proxy
uri:
Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaGetter.Arn}/invocations
LambdaGetter:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./index.js
Handler: index.handler
Runtime: nodejs8.10
Environment:
Variables:
TABLE_NAME: !Ref TableName
IS_CORS: IsCorsDefined
CORS_ORIGIN: !Ref CorsOrigin
PRIMARY_KEY: !Sub ${TableName}Id
Policies:
- DynamoDBCrudPolicy:
TableName: !Ref TableName
Events:
Api:
Type: Api
Properties:
Path: /getdynamicprice
Method: POST
RestApiId: !Ref ApiGetter
DynamoDBTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: !Ref TableName
AttributeDefinitions:
-
AttributeName: !Sub "${TableName}Id"
AttributeType: "S"
KeySchema:
-
AttributeName: !Sub "${TableName}Id"
KeyType: "HASH"
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
StreamSpecification:
StreamViewType: NEW_AND_OLD_IMAGES
Outputs:
ApiKeyID:
Value: !Ref ApiKey
ApiUrl:
Value: !Sub https://${ApiGetter}.execute-api.${AWS::Region}.amazonaws.com/prod/getdynamicprice
Description: The URL of the API Gateway you invoke to get your dynamic pricing result.
DynamoDBTableArn:
Value: !GetAtt DynamoDBTable.Arn
Description: The ARN of your DynamoDB Table
DynamoDBTableStreamArn:
Value: !GetAtt DynamoDBTable.StreamArn
Description: The ARN of your DynamoDB Table Stream
編輯 (04/22/2020):現在似乎使用 AWS SAM 完成所有這些。 請看下面的回答
這是我將 API 連接到 API 密鑰的示例模板。 但這只是因為我正在使用usage plans才成為可能。 我相信這是 API 密鑰的主要目的。 API網關使用計划
ApiKey:
Type: AWS::ApiGateway::ApiKey
Properties:
Name: !Join ["", [{"Ref": "AWS::StackName"}, "-apikey"]]
Description: "CloudFormation API Key V1"
Enabled: true
GenerateDistinctId: false
ApiUsagePlan:
Type: "AWS::ApiGateway::UsagePlan"
Properties:
ApiStages:
- ApiId: !Ref <API resource name>
Stage: !Ref <stage resource name>
Description: !Join [" ", [{"Ref": "AWS::StackName"}, "usage plan"]]
Quota:
Limit: 2000
Period: MONTH
Throttle:
BurstLimit: 10
RateLimit: 10
UsagePlanName: !Join ["", [{"Ref": "AWS::StackName"}, "-usage-plan"]]
ApiUsagePlanKey:
Type: "AWS::ApiGateway::UsagePlanKey"
Properties:
KeyId: !Ref <API key>
KeyType: API_KEY
UsagePlanId: !Ref ApiUsagePlan
如果沒有使用計划,似乎沒有辦法做到這一點。
我確實嘗試了 ASR 的建議,但最終采用了一種更簡單的方法。 AWS SAM(無服務器應用程序模型)包含不需要使用 ApiGateway 類型資源的預打包處理。
要創建一個 API 網關,其階段需要標頭中的授權令牌,以下簡化代碼應該為您完成:
Resources:
ApiGatewayEndpoint:
Type: AWS::Serverless::Api
Properties:
StageName: Prod
Auth:
ApiKeyRequired: true
UsagePlan:
CreateUsagePlan: PER_API
UsagePlanName: GatewayAuthorization [any name you see fit]
LambdaFunction:
Type: AWS::Serverless::Function
Properties:
Handler: lambda.handler
Runtime: python3.7
Timeout: 30
CodeUri: .
Events:
PostEvent:
Type: Api
Properties:
Path: /content
Method: POST
RequestParameters:
- method.request.header.Authorization:
Required: true
Caching: true
RestApiId:
Ref: ApiGatewayEndpoint [The logical name of your gateway endpoint above]
要素:
Auth:
ApiKeyRequired: true
UsagePlan:
CreateUsagePlan: PER_API
是什么訣竅。 Cloudformation 為您處理管道,即。 Api Key、UsagePlan 和 UsagePlanKey 是自動創建和綁定的。
盡管文檔絕對不是同類中最好的,但它們確實提供了一些附加信息: https : //docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-specification-resources-and-properties.html
AWS Cloudformation - 如何將 vpc 鏈接/NLB 附加到 api 網關中的方法?
[英]AWS Cloudformation - How to attach vpc link / NLB to method in api gateway?
AWS Cloudformation - 將 VPC_Link / NLB 附加到 api 網關中的方法給出“無效方法設置路徑”錯誤
[英]AWS Cloudformation - Attach VPC_Link / NLB to method in api gateway gives "Invalid method setting path" error
如何使用 AWS CloudFormation 在 AWS API Gateway 上應用安全策略?
[英]How to apply Security Policy on AWS API Gateway using AWS CloudFormation?
如何將 api 網關(使用 api 密鑰)添加到現有的 lambda cloudformation 模板?
[英]how to add api gateway ( with api key) to an exiting lambda cloudformation template?
如何更新創建的cloudformation API Gateway API Key
[英]How to renew a cloudformation created API Gateway API Key
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.