如何使用aws的OpenAPI定义体(aws::APIGATEWAY::RESTAPI)从特定端点禁用Api-Key认证

我有一个使用AWS::APIGATEWAY::RESTAPI的无服务器应用程序，这个RESTAPI的端点被用作lambda函数的触发器。我有一个OpenAPI文件来定义API。我已经给出了模板的基本结构如下:

MyRestApi:
Type: AWS::Serverless::Api
Properties:
StageName: !Ref Stage
Auth:
AddDefaultAuthorizerToCorsPreflight: false
ApiKeyRequired: true
DefaultAuthorizer: TokenAuthorizer
Authorizers:
TokenAuthorizer:
FunctionArn: !GetAtt TokenAuthorizerFunction.Arn
Cors:
AllowMethods: "'*'"
AllowHeaders: "'*'"
AllowOrigin: "'*'"
AllowCredentials: "'*'"
Mode: overwrite
DefinitionBody:
openapi: '3.0'
info:
version: '2022-11-08'
title: MyRestApi
paths:
/hello:
post:
cors: true
produces:
- application/json
consumes:
- application/json
responses:
'200':
description: 200 response
schema:
$ref: '#/definitions/Empty'
headers:
Access-Control-Allow-Headers:
type: "string"
Access-Control-Allow-Methods:
type: "string"
Access-Control-Allow-Origin:
type: "string"
Content-Length:
type: string
Content-Type:
type: string
'400':
description: 400 response
'500':
description: 500 response
x-amazon-apigateway-integration:
type: aws
responses:
'4d{2}':
statusCode: '400'
default:
statusCode: '200'
responseTemplates:
application/json: $util.parseJson($input.json('$.body'))
responseParameters:
method.response.header.Content-Type: integration.response.header.Content-Type
method.response.header.Content-Length: integration.response.header.Content-Length
method.response.header.Access-Control-Allow-Headers: integration.response.header.Access-Control-Allow-Headers
method.response.header.Access-Control-Allow-Methods: integration.response.header.Access-Control-Allow-Methods
method.response.header.Access-Control-Allow-Origin: integration.response.header.Access-Control-Allow-Origin
'5d{2}':
statusCode: '500'
responseTemplates:
application/json: $util.parseJson($input.json('$.body'))
requestTemplates:
application/json: |
{
"httpMethod": "$context.httpMethod",
"body" : "$util.escapeJavaScript($input.json('$'))",
"headers": {
#foreach($header in $input.params().header.keySet())
"$header": "$util.escapeJavaScript($input.params().header.get($header))" #if($foreach.hasNext),#end

#end,
"paramA": "$context.authorizer.paramA",
"paramB": "$context.authorizer.paramB"
},
"queryStringParameters": {
#foreach($param in $input.params().querystring.keySet())
"$param": "$util.escapeJavaScript($input.params().querystring.get($param))" #if($foreach.hasNext),#end

#end
},
"path": "$context.resourcePath",
"pathParams": {
#foreach($param in $input.params().path.keySet())
"$param": "$util.escapeJavaScript($input.params().path.get($param))" #if($foreach.hasNext),#end

#end
},
"requestContext":{
"identity": {
"sourceIp": "$context.identity.sourceIp"
}
}
}
httpMethod: POST
uri: !Join [ "", [ !Sub "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:", !Ref MyLambdaFunction, "/invocations" ] ]
options:
cors: true
produces:
- application/json
consumes:
- application/json
responses:
'200':
description: 200 response
schema:
$ref: '#/definitions/Empty'
headers:
Access-Control-Allow-Headers:
type: "string"
Access-Control-Allow-Methods:
type: "string"
Access-Control-Allow-Origin:
type: "string"
Content-Length:
type: string
Content-Type:
type: string
'400':
description: 400 response
'500':
description: 500 response
security:
- NONE: []
x-amazon-apigateway-integration:
type: aws
responses:
'4d{2}':
statusCode: '400'
default:
statusCode: '200'
responseTemplates:
application/json: $util.parseJson($input.json('$.body'))
responseParameters:
method.response.header.Content-Type: integration.response.header.Content-Type
method.response.header.Content-Length: integration.response.header.Content-Length
method.response.header.Access-Control-Allow-Headers: integration.response.header.Access-Control-Allow-Headers
method.response.header.Access-Control-Allow-Methods: integration.response.header.Access-Control-Allow-Methods
method.response.header.Access-Control-Allow-Origin: integration.response.header.Access-Control-Allow-Origin
'5d{2}':
statusCode: '500'
responseTemplates:
application/json: $util.parseJson($input.json('$.body'))
requestTemplates:
application/json: |
{
"httpMethod": "$context.httpMethod",
"body" : "$util.escapeJavaScript($input.json('$'))",
"headers": {
#foreach($header in $input.params().header.keySet())
"$header": "$util.escapeJavaScript($input.params().header.get($header))" #if($foreach.hasNext),#end
#end,
"role": "$context.authorizer.role",
"username": "$context.authorizer.username"
},
"queryStringParameters": {
#foreach($param in $input.params().querystring.keySet())
"$param": "$util.escapeJavaScript($input.params().querystring.get($param))" #if($foreach.hasNext),#end
#end
},
"path": "$context.resourcePath",
"pathParams": {
#foreach($param in $input.params().path.keySet())
"$param": "$util.escapeJavaScript($input.params().path.get($param))" #if($foreach.hasNext),#end
#end
},
"requestContext":{
"identity": {
"sourceIp": "$context.identity.sourceIp"
}
}
}
httpMethod: POST
uri: !Join [ "", [ !Sub "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:", !Ref MyLambdaFunction, "/invocations" ] ]

我想从选项方法中删除TokenAuthorizer和API-Key auth。

1. 我尝试在选项方法中添加安全字段。

   security:
   - NONE: []
   

   但是这只删除了令牌授权器，没有删除api-key验证。

2. 我尝试从RestApi部分删除全局DefaultAuthorizer和ApiKeyRequired，并尝试仅向post方法添加openapi，但它没有向post方法添加任何类型的认证。

到openapi全局字段

components:
securitySchemes:
ApiKeyAuth:
type: apiKey
in: header
name: X-API-KEY
TokenAuthorizer:
type: apiKey
in: header
name: Authorization
x-amazon-apigateway-authorizer:
type: token
identitySource: method.request.header.Authorization
authorizerUri: !Join [ "", [ !Sub "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:", !Ref TokenAuthorizerFunction, "/invocations" ] ]

和post方法:

security:
- ApiKeyAuth: []
TokenAuthorizer:  []