我正在尝试将Cognito授权程序添加到现有的API网关LambdaRestApi。这是一个完整的代理集成,我希望Authorizer在默认情况下应用于所有方法。我从文档中看不到任何指标如何通过CDK实现这一点。
我所拥有的:
const userPool = new cognito.UserPool(this, "TestUsers", {
userPoolName: "This is a test"
});
const proxyApi = new apig.LambdaRestApi(this, "HelloFoodSecureProxyApi", {
handler: proxyHandlerLambdaFunction
});
// proxyApi.addDefaultAuthorizor(userPool)
据我所知,我将不得不恢复使用原始RestApi,添加覆盖整个API的Resource和Method,并使用类似GET_resource.add_property_override("AuthorizerId", {"Ref": authorizor.auth_id})的东西手动覆盖底层CFN
我是不是错过了什么?对此有什么建议吗?如果我能帮助的话,我宁愿不把我的整个API(代码中的proxyd to(解除到基础设施中
使用defaultMethodOptions对我有用:
const userPool = new cognito.UserPool(this, "TestUsers", {
userPoolName: "This is a test"
});
const authorizer = new apig.CognitoUserPoolsAuthorizer(this, 'Authorizer', {
cognitoUserPools: [userPool]
});
const proxyApi = new apig.LambdaRestApi(this, "HelloFoodSecureProxyApi", {
handler: proxyHandlerLambdaFunction,
defaultMethodOptions: {
authorizationType: apig.AuthorizationType.COGNITO,
authorizer
}
});
因此,我不得不深入了解CDK中的原始CFN元素。不确定是否有更好的方法,我相信答案真的是"不要仅仅使用LambdaRestApi for anything more serious";。
const userPool = new cognito.UserPool(this, "TestUsers", {
userPoolName: "This is a test"
});
const proxyApi = new apig.LambdaRestApi(this, "HelloFoodSecureProxyApi", {
handler: proxyHandlerLambdaFunction
});
// add an authorizer
const auth = new apig.CfnAuthorizer(this, "Authorizor", {
restApiId: secureProxyApi.restApiId,
type: apig.AuthorizationType.COGNITO,
providerArns: [userPool.userPoolArn],
name: "CognitoAuthorizor",
// REQUIRED - https://github.com/aws/aws-cdk/issues/2561
identitySource: "method.request.header.Authorization"
});
// Find the proxy node, its Method node, and add an authorizer
const proxy = secureProxyApi.root.node.findChild("{proxy+}") as apig.ProxyResource;
const anyMethod = proxy.anyMethod?.node.defaultChild as apig.CfnMethod;
anyMethod.addPropertyOverride("AuthorizationType", "COGNITO_USER_POOLS")
anyMethod.addPropertyOverride("AuthorizerId", {"Ref": auth.logicalId})