我有以下云形式堆栈。2 lambdas(问候和auth),API网关配置为使用auth lambda进行授权。
AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Resources:
GreetingsApiGateway:
Type: AWS::Serverless::Api
Properties:
StageName: Prod
Auth:
DefaultAuthorizer: MyAuthorizer
Authorizers:
MyAuthorizer:
FunctionArn: !GetAtt AuthLambda.Arn
GreetingsLambda:
Type: AWS::Serverless::Function
Properties:
CodeUri: "s3://<bucket-name>/code.zip"
Handler: src/index.greeting
Events:
GetRoot:
Type: Api
Properties:
RestApiId: !Ref GreetingsApiGateway
Path: /hello
Method: get
AuthLambda:
Type: AWS::Serverless::Function
Properties:
CodeUri: "s3://<bucket-name>/code.zip"
Handler: src/index.auth
Globals:
Function:
Runtime: nodejs8.10
# check whether I can use resources within globals
Outputs:
ApiURL:
Description: "OUR API URL"
Value: !Sub "https://${GreetingsApiGateway}.execute-api.${AWS::Region}.amazonaws.com/Prod/"
我的lambdas的代码如下:
exports.greeting = async () => ({ statusCode: 200, body: "Hello Beautiful World!" });
exports.auth = async () => ({ statusCode: 200, body: "I wanna do the authorisation!" });
我期望授权一直失败,但也可以在我的CloudWatch日志中查看来自auth lambda的日志。
发生了什么:
从API网关内调用
如果我在API网关控制台内部没有任何标题的情况下进行测试,我将获得" Hello Beautiful World"结果。我的CloudWatch模板中没有Lambda auth Logs。
从Postman调用
我尝试在Get请求的标题中发送此输入。响应是"未经授权"的,没有来自auth lambda CloudWatch日志中的任何日志。
{
"type":"TOKEN",
"authorizationToken":"<caller-supplied-token>",
"methodArn":"arn:aws:execute-api:<regionId>:<accountId>:<apiId>/<stage>/<method>/<resourcePath>"
}
发生了什么事?
要检索我们需要使用授权标头的响应,仍然不明白为什么来自API Gateway Console的请求会检索响应。