我已经创建了cloudformation yaml堆栈,以生成使用自定义Authorizer的api网关。 yaml看起来像下面的代码:
Resources:
Api:
Type: AWS::ApiGateway::RestApi
Properties:
Name: !Sub PortalApiGatewayRestApi${GatewaySuffix}
CustomJwtTokenAuthorizer:
Type: AWS::ApiGateway::Authorizer
Properties:
Name: !Sub CustomJwtTokenAuthorizer${GatewaySuffix}
RestApiId: !Ref Api
Type: TOKEN
IdentitySource: method.request.header.authorization
AuthorizerUri: !Sub 'arn:aws:apigateway:${AWS::Region}xxxxxxxxx
PermissionsLockedResource:
Type: AWS::ApiGateway::Resource
Properties:
ParentId: !Ref SSCommonResource
PathPart: permissions_locked
RestApiId:
Fn::ImportValue: !Sub PortalApiGatewayApiResource${GatewaySuffix}
PermissionsLockedApiMap:
Type: 'AWS::ApiGateway::Method'
Properties:
AuthorizationType: CUSTOM
AuthorizerId:
Fn::ImportValue: CustomJwtTokenAuthorizerResource
HttpMethod: GET
Integration:
IntegrationHttpMethod: POST
IntegrationResponses:
- StatusCode: '200'
Type: AWS_PROXY
Uri: !Sub
- 'arn:aws:apigateway:${AWS::Region}:xxxxx/invocations'
- Function: !Sub 'SSPortalGetPermissionsGetUserPermissions'
Environment: '${xxxxx}'
PassthroughBehavior: when_no_match
MethodResponses:
- ResponseModels:
application/json: Empty
ResponseParameters:
method.response.header.Access-Control-Allow-Origin: 'true'
StatusCode: '200'
ResourceId: !Ref PermissionsLockedResource
RestApiId: xxxxxx
CustomAuthorizerPermission:
Type: 'AWS::Lambda::Permission'
Properties:
Action: '*'
FunctionName: !Sub
- 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:xxxxxx'
- Environment:
Fn::ImportValue: !Sub Portal${StageType}xxxxx
Principal: apigateway.amazonaws.com
SourceArn: !Sub
- 'arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${Api}/*/*/*'
- Api:
Fn::ImportValue: PortalApiGatewayApiResource
Outputs:
CustomJwtTokenAuthorizerResource:
Value: !Ref CustomJwtTokenAuthorizer
Export:
Name: CustomJwtTokenAuthorizerResource
总而言之,我使用授权者成功创建了API网关。当我检查它的aws控制台时,一切看起来都很好。我还成功在我的API上创建了Permissions_locked路径,并且可以看到此方法位于授权者的后面。
每当我尝试从邮递员调用此方法时,我总是收到500响应。我正在创建带有授权标头密钥和值Bearer xxxxxxxxtoken的邮递员请求。要注意的另一件事是,当我从控制台检查cloudwatch日志时-永远不会调用授权者lambda。
作为其他测试,当我从方法中删除授权者时,我可以成功到达目标端点,但是一旦将其放到授权者下-它始终为500,甚至不调用授权者。您能帮我配置错误的Yaml吗?