我已经设置了一个API网关,该网关在SQS队列上发布了POST调用的主体(没有lambda)。效果很好。
现在,我添加了一项资源策略,仅允许通过特定IP使用此方法:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:region:account:api-code/*/POST/v1/test",
"Condition": {
"IpAddress": {
"aws:SourceIp": "xx.xx.xx.xx/32"
}
}
}
]
}
现在,当我测试不同的IP时,我得到:
{"Message":"User: anonymous is not authorized to perform: execute-api:Invoke on resource: arn:aws:execute-api:region:***********:api/dev/POST/v1/test"}
但是当我从正确的IP测试它时,我得到:
<AccessDeniedException>
<Message>Unable to determine service/operation name to be authorized</Message>
</AccessDeniedException>
我的测试curl命令是:
curl -X POST -H "Content-Type: application/json" -d @test.json https://api.execute-api.region.amazonaws.com/dev/v1/test
我在做什么错?我正在使用POST?