AWS API Gateway自定义授权者始终返回500

时间:2019-07-22 12:53:15

标签: c# amazon-web-services yaml amazon-cloudformation lambda-authorizer

我已经创建了cloudformation yaml堆栈,以生成使用自定义Authorizer的api网关。 yaml看起来像下面的代码:

Resources:
  Api:
    Type: AWS::ApiGateway::RestApi
    Properties:
      Name: !Sub PortalApiGatewayRestApi${GatewaySuffix}
  CustomJwtTokenAuthorizer:
    Type: AWS::ApiGateway::Authorizer
    Properties:
      Name: !Sub CustomJwtTokenAuthorizer${GatewaySuffix}
      RestApiId: !Ref Api
      Type: TOKEN
      IdentitySource: method.request.header.authorization
      AuthorizerUri: !Sub 'arn:aws:apigateway:${AWS::Region}xxxxxxxxx
  PermissionsLockedResource:
    Type: AWS::ApiGateway::Resource
    Properties:
      ParentId: !Ref SSCommonResource
      PathPart: permissions_locked
      RestApiId:
        Fn::ImportValue: !Sub PortalApiGatewayApiResource${GatewaySuffix}
  PermissionsLockedApiMap:
    Type: 'AWS::ApiGateway::Method'
    Properties:
      AuthorizationType: CUSTOM
      AuthorizerId: 
        Fn::ImportValue: CustomJwtTokenAuthorizerResource
      HttpMethod: GET
      Integration:
        IntegrationHttpMethod: POST
        IntegrationResponses:
        - StatusCode: '200'
        Type: AWS_PROXY
        Uri: !Sub
          - 'arn:aws:apigateway:${AWS::Region}:xxxxx/invocations'
          - Function: !Sub 'SSPortalGetPermissionsGetUserPermissions'
            Environment: '${xxxxx}'
        PassthroughBehavior: when_no_match
      MethodResponses:
      - ResponseModels:
          application/json: Empty
        ResponseParameters:
          method.response.header.Access-Control-Allow-Origin: 'true'
        StatusCode: '200'
      ResourceId: !Ref PermissionsLockedResource
      RestApiId: xxxxxx
  CustomAuthorizerPermission:
      Type: 'AWS::Lambda::Permission'
      Properties:
        Action: '*'
        FunctionName: !Sub
          - 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:xxxxxx'
          - Environment:
              Fn::ImportValue: !Sub Portal${StageType}xxxxx
        Principal: apigateway.amazonaws.com
        SourceArn: !Sub
          - 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${Api}/*/*/*'
          - Api:
              Fn::ImportValue: PortalApiGatewayApiResource
Outputs:
  CustomJwtTokenAuthorizerResource:
    Value: !Ref CustomJwtTokenAuthorizer
    Export:
      Name: CustomJwtTokenAuthorizerResource

总而言之,我使用授权者成功创建了API网关。当我检查它的aws控制台时,一切看起来都很好。我还成功在我的API上创建了Permissions_locked路径,并且可以看到此方法位于授权者的后面。

每当我尝试从邮递员调用此方法时,我总是收到500响应。我正在创建带有授权标头密钥和值Bearer xxxxxxxxtoken的邮递员请求。要注意的另一件事是,当我从控制台检查cloudwatch日志时-永远不会调用授权者lambda。

作为其他测试,当我从方法中删除授权者时,我可以成功到达目标端点,但是一旦将其放到授权者下-它始终为500,甚至不调用授权者。您能帮我配置错误的Yaml吗?

0 个答案:

没有答案
相关问题
最新问题