如何在aws-cli create gateway命令中移交json资源策略文件?

时间:2019-06-24 07:56:14

标签: amazon-web-services aws-api-gateway aws-cli

如何在AWS CLI create-gateway命令中移交json资源策略文件?在此AWS链接中,描述了如何使用以下命令传递json本身:Create and Attach an API Gateway Resource Policy to an API - Amazon API Gateway

但是,将策略传递到文件中比较干净,我尝试了以下操作:

aws apigateway create-rest-api \
    --name "api-name" \
    --policy "file:PolicyDocument.json"

这里是PolicyDocument.json,当我通过Management Console在API网关的资源策略中通过复制它时,它是有效的:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "execute-api:Invoke",
            "Resource": "execute-api:/*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": [
                        "100.101.102.103/32"
                    ]
                }
            }
        }
    ]
}

它返回以下错误:

  

调用CreateRestApi时发生错误(BadRequestException)   操作:无效的政策文件。请检查策略语法和   确保委托人有效。

1 个答案:

答案 0 :(得分:1)

对于该CLI命令,它似乎需要一个字符串值 https://docs.aws.amazon.com/cli/latest/reference/apigateway/create-rest-api.html

  

-policy(字符串)一个字符串化的JSON策略文档,该文档适用于此RestApi,而与调用方和方法的配置无关。

我能够使用以下语法做到这一点:

aws apigateway create-rest-api --name 'My First API' --description 'This is my first API' --policy '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":"*","Action":"execute-api:Invoke","Resource":"execute-api:/*","Condition":{"IpAddress":{"aws:SourceIp":["100.101.102.103/32"]}}}]}'

输出

{
    "id": "1122334455",
    "name": "My First API",
    "description": "This is my first API",
    "createdDate": 1561818588,
    "apiKeySource": "HEADER",
    "endpointConfiguration": {
        "types": [
            "EDGE"
        ]
    },
    "policy": "{\\\"Version\\\":\\\"2012-10-17\\\",\\\"Statement\\\":[{\\\"Effect\\\":\\\"Allow\\\",\\\"Principal\\\":\\\"*\\\",\\\"Action\\\":\\\"execute-api:Invoke\\\",\\\"Resource\\\":\\\"arn:aws:execute-api:us-east-1:111122223333:91co7q5lj0\\/*\\\",\\\"Condition\\\":{\\\"IpAddress\\\":{\\\"aws:SourceIp\\\":\\\"100.101.102.103\\/32\\\"}}}]}"
}

因此,JSON字符串将需要在命令中删除其换行符和空格。我使用此在线工具来缩小JSON。 https://www.browserling.com/tools/json-minify

您还应该也可以使用此命令缩小json。

cat PolicyDocument.json | jq -c 

{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":"*","Action":"execute-api:Invoke","Resource":"execute-api:/*","Condition":{"IpAddress":{"aws:SourceIp":["100.101.102.103/32"]}}}]}

编辑 我刚刚发现这同样有效:

aws apigateway create-rest-api --name 'My First API' --description 'This is my first API' --policy file://PolicyDocument.json

我们只需要在路径前面添加一个//

相关问题
最新问题