amazon-web-services - 带有Cognito用户池授权者的AWS SAM API

如何使用AWS SAM创建使用Cognito用户池授权者进行授权的API？

Theres AWS::ApiGateway::Authorizer。但是...

{
  "Type" : "AWS::ApiGateway::Authorizer",
  "Properties" : {
    "AuthorizerCredentials" : String,
    "AuthorizerResultTtlInSeconds" : Integer,
    "AuthorizerUri" : String,
    "IdentitySource" : String,
    "IdentityValidationExpression" : String,
    "Name" : String,
    "ProviderARNs" : [ String, ... ],
    "RestApiId" : String,
    "Type" : String
  }
}

看起来RestApiId是指使用此授权器的API？但是使用AWS SAM，我的API定义如下

Resources:
  Ec2Index:
    Type: AWS::Serverless::Function
    Properties:
      Handler: ec2/index.handler
      Runtime: nodejs6.10
      CodeUri: ./src
      FunctionName: 'ApiEc2IndexHandler'
      Description: 'List EC2 resources'
      Timeout: 30
      Role: 'arn:aws:iam::598545985414:role/awsmanagement-lambda-management'
      Events:
        Ec2Index:
          Type: Api
          Properties:
            Path: /ec2
            Method: get

我不知道如何将它们联系在一起？

最佳答案

我不确定您是否可以在SAM中指定授权者，但是可以将Swagger嵌入到SAM文件中来执行此操作。它是2月17日[ref]的新功能。

我绝对不是Swagger或SAM的专家，但似乎您想要这样的东西：

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Simple API Endpoint configured using Swagger specified inline and backed by a Lambda function
Resources:
   Ec2Index:
     Type: AWS::Serverless::Api
    Properties:
        StageName: <stage>
        DefinitionBody:
            swagger: 2.0
            info:
              title:
                Ref: AWS::StackName
            securityDefinitions:
              cognitoUserPool:
                type: apiKey,
                name: "Authorization"
                in: header
                x-amazon-apigateway-authtype: cognito_user_pools
                x-amazon-apigateway-authorizer:
                  type: cognito_user_pools
                  providerARNs:
                    - arn:aws:cognito-idp:${AWS::Region}:{AWS::AccountId}:userpool/<user_pool_id>
            paths:
              "/ec2":
                get:
                  security:
                    - cognitoUserPool: []
                  x-amazon-apigateway-integration:
                    httpMethod: POST
                    type: aws_proxy
                    uri:
                      Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${Ec2IndexLamb.Arn}/invocations
                  responses: {}
            swagger: '2.0'
   Ec2IndexLamb:
    Type: AWS::Serverless::Function
    Properties:
      Handler: ec2/index.handler
      Runtime: nodejs6.10
      CodeUri: ./src
      FunctionName: 'ApiEc2IndexHandler'
      Description: 'List EC2 resources'
      Timeout: 30
      Role: 'arn:aws:iam::598545985414:role/awsmanagement-lambda-management'
      Events:
        Ec2Index:
          Type: Api
          Properties:
            Path: /ec2
            Method: get

参考文献：

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html#apigateway-enable-cognito-user-pool

https://github.com/awslabs/serverless-application-model/blob/master/examples/2016-10-31/inline_swagger/template.yaml

编辑：修复了“安全”部分的Swagger 2.0语法，它应该是一个列表。

关于amazon-web-services - 带有Cognito用户池授权者的AWS SAM API，我们在Stack Overflow上找到一个类似的问题：https://stackoverflow.com/questions/45717123/