部署后 AWS API Gateway api 密钥未设置为“true”

【问题标题】:AWS API Gateway api key required not set to 'true' after deployment部署后 AWS API Gateway api 密钥未设置为“true”
【发布时间】:2019-09-30 22:15:53
【问题描述】:

我有一个 .NET 解决方案,它使用 SAM 模板生成 cloudformation 来部署堆栈。我希望部署(一旦完成)至少在其中一种方法上具有 API Key Required = true 。但是在部署之后,创建了密钥和使用计划,但是在控制台中所需的 api 密钥仍然设置为 false?

见下文:

我的 SAM 模板:

    "ServerlessRestApi": {
        "Type": "AWS::ApiGateway::RestApi",
        "Properties": {
            "Description":"This is a placeholder for the description of this web api",
            "Body": {
                "info": {
                    "version": "1.0",
                    "title": {
                        "Ref": "AWS::StackName"
                    }
                },
                "x-amazon-apigateway-api-key-source": "HEADER",
                "paths": {
                    "datagw/general/table/get/{tableid}": {
                        "get": {
                            "x-amazon-apigateway-integration": {
                                "httpMethod": "POST",
                                "type": "aws_proxy",
                                "uri": {
                                    "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetTableResponse.Arn}/invocations"
                                }
                            },
                            "responses": {}
                        },
                        "security":[
                                    {
                                        "api_key":[]
                                    }
                                ]},
                                "securityDefinitions":{
                                    "api_key":{
                                        "type":"apiKey",
                                        "name":"x-api-key",
                                        "in":"header"
                                }
                    },
                    "/": {
                        "get": {
                            "x-amazon-apigateway-integration": {
                                "httpMethod": "POST",
                                "type": "aws_proxy",
                                "uri": {
                                    "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${Get.Arn}/invocations"
                                }
                            },
                            "responses": {}
                        }
                    },
                    "/tables/{tableid}/{columnid}": {
                        "get": {
                            "x-amazon-apigateway-integration": {
                                "httpMethod": "POST",
                                "type": "aws_proxy",
                                "uri": {
                                    "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetTableBasic.Arn}/invocations"
                                }
                            },
                            "responses": {}
                        }
                    }
                },
                "swagger": "2.0"
            }
        }
    },

我对 swagger 的定义不太熟悉,我只知道 SAM 和 CloudFormation 的基础知识。我在这里想念什么?我已经查看了有关堆栈溢出的其他答案,并相信我已正确复制了配置。

当我检查生成的 CloudFormation 时,我关于 x-api-key 的条目甚至没有出现在模板中? 

  "ServerlessRestApi": {
        "Type": "AWS::ApiGateway::RestApi",
        "Properties": {
            "Body": {
                "info": {
                    "version": "1.0",
                    "title": {
                        "Ref": "AWS::StackName"
                    }
                },
                "paths": {
                    "datagw/general/table/get/{tableid}": {
                        "get": {
                            "x-amazon-apigateway-integration": {
                                "httpMethod": "POST",
                                "type": "aws_proxy",
                                "uri": {
                                    "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetTableResponse.Arn}/invocations"
                                }
                            },
                            "responses": {}
                        }
                    },
                    "/datagw/general/webhook/ccnotify": {
                        "post": {
                            "x-amazon-apigateway-integration": {
                                "httpMethod": "POST",
                                "type": "aws_proxy",
                                "uri": {
                                    "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${PostClickCollectNotification.Arn}/invocations"
                                }
                            },
                            "responses": {}
                        }
                    },
                    "/": {
                        "get": {
                            "x-amazon-apigateway-integration": {
                                "httpMethod": "POST",
                                "type": "aws_proxy",
                                "uri": {
                                    "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${Get.Arn}/invocations"
                                }
                            },
                            "responses": {}
                        }
                    },
                    "/tables/{tableid}/{columnid}": {
                        "get": {
                            "x-amazon-apigateway-integration": {
                                "httpMethod": "POST",
                                "type": "aws_proxy",
                                "uri": {
                                    "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetTableBasic.Arn}/invocations"
                                }
                            },
                            "responses": {}
                        }
                    },
                    "/datagw/general/post/sohupdate": {
                        "post": {
                            "x-amazon-apigateway-integration": {
                                "httpMethod": "POST",
                                "type": "aws_proxy",
                                "uri": {
                                    "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${PostClickCollectStockUpdate.Arn}/invocations"
                                }
                            },
                            "responses": {}
                        }
                    }
                },
                "swagger": "2.0"
            }
        }
    },

编辑:这是我所做的,但是一旦部署完成,API 中所需的 API 密钥仍然没有设置为 true。 

"ServerlessRestApi": {
    "Type": "AWS::ApiGateway::RestApi",
    "Properties": {
        "Description":"InSite Web API Version 2.0.0.0",
        "Body": {
            "swagger": "2.0",
            "info": {
                "version": "1.0",
                "title": {
                    "Ref": "AWS::StackName"
                }
            },
            "x-amazon-apigateway-api-key-source" : "HEADER",
            "schemes":["https"],
            "paths": {
                "tables/query/{tableid}": {
                    "get": {
                        "x-amazon-apigateway-integration": {
                            "httpMethod": "GET",
                            "type": "aws_proxy",
                            "uri": {
                                "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetTableResponse.Arn}/invocations"
                            }
                        },
                        "responses": {},
                            "security": [
                            {
                                "api_key": []
                            }
                        ]
                    }
                },
                "/products/update/": {
                    "post": {
                        "x-amazon-apigateway-integration": {
                            "httpMethod": "POST",
                            "type": "aws_proxy",
                            "uri": {
                                "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${PostClickCollectStockUpdate.Arn}/invocations"
                            }
                        },
                        "responses": {}
                    }
                },
                "/": {
                    "get": {
                        "x-amazon-apigateway-integration": {
                            "httpMethod": "GET",
                            "type": "aws_proxy",
                            "uri": {
                                "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${Get.Arn}/invocations"
                            }
                        },
                        "responses": {}
                    }
                },
                "/tables/{tableid}/{columnid}": {
                    "get": {
                        "x-amazon-apigateway-integration": {
                            "httpMethod": "GET",
                            "type": "aws_proxy",
                            "uri": {
                                "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetTableBasic.Arn}/invocations"
                            }
                        },
                        "responses": {}
                    }
                }
            },
            "securityDefinitions": {
                "api_key": {
                    "type": "apiKey",
                    "name": "x-api-key",
                    "in": "header"
                }
            }
        }
    }
},

【问题讨论】:

标签: swagger amazon-cloudformation aws-api-gateway serverless-application-model


【解决方案1】:

首先,如果您使用的是 SAM 框架,那么为什么不尝试使用具有 Auth 对象的无服务器 API (AWS::Serverless::Api),您可以在其中打开 ApiKeyRequired

https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessapi

"ServerlessRestApi": {
    "Type": "AWS::Serverless::Api",
    "Properties": {
        "Description":"InSite Web API Version 2.0.0.0",
        "Auth": {
            "ApiKeyRequired": "true"
        },
        "DefinitionBody": {
            "swagger": "2.0",
            "info": {
                "version": "1.0",
                "title": {
                    "Ref": "AWS::StackName"
                }
            },
            "x-amazon-apigateway-api-key-source" : "HEADER",
            "schemes":["https"],
            "paths": {
                "tables/query/{tableid}": {
                    "get": {
                        "x-amazon-apigateway-integration": {
                            "httpMethod": "GET",
                            "type": "aws_proxy",
                            "uri": {
                                "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetTableResponse.Arn}/invocations"
                            }
                        },
                        "responses": {},
                            "security": [
                            {
                                "api_key": []
                            }
                        ]
                    }
                },
                "/products/update/": {
                    "post": {
                     "x-amazon-apigateway-integration": {
                            "httpMethod": "POST",
                            "type": "aws_proxy",
                            "uri": {
                                "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${PostClickCollectStockUpdate.Arn}/invocations"
                            }
                        },
                        "responses": {}
                    }
                },
                "/": {
                    "get": {
                        "x-amazon-apigateway-integration": {
                            "httpMethod": "GET",
                            "type": "aws_proxy",
                            "uri": {
                                "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${Get.Arn}/invocations"
                            }
                        },
                        "responses": {}
                    }
                },
                "/tables/{tableid}/{columnid}": {
                    "get": {
                        "x-amazon-apigateway-integration": {
                            "httpMethod": "GET",
                            "type": "aws_proxy",
                            "uri": {
                                "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetTableBasic.Arn}/invocations"
                            }
                        },
                        "responses": {}
                    }
                }
            },
            "securityDefinitions": {
                "api_key": {
                    "type": "apiKey",
                    "name": "x-api-key",
                    "in": "header"
                }
            }
        }
    }
},

如果由于某种原因您无法使用无服务器,您可能会尝试重载 RestApi(这很好,但您会丢失一些其他细粒度选项)。为了全面披露,我不以这种方式使用 API 网关(我使用无服务器转换),所以这一切都来自阅读文档,而不是来自经验。

我会尝试创建一个简单的 AWS::ApiGateway::RestApi,然后通过 RestApiId 引用它来将 AWS::ApiGateway::Method 附加到 RestApi。

[1]https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-method.html

【讨论】:

  • 谢谢 J.A,我可以直接用 AWS::Serverless::Api 替换 AWS::ApiGateway::RestApi 是否足够合适?并保持模板的其余部分不变?
  • @JamesMatson 看起来您只需要更改 Body => DefinitionBody 然后 AWS::ApiGateway::RestApi => AWS::Serverless::Api 我假设您没有修改API 通过其他地方的其他调用。使用希望对您有用的代码块更新了答案。
  • 非常感谢。这行得通!由于我更改了值,Visual Studio 引发了有关无服务器模板的错误,但如果我通过 AWS 工具包为 Visual Studio 部署,API 会创建良好且所需的 api 密钥设置为 true。我一直在寻找这个解决方案,所以谢谢你:)
  • 很高兴为您提供帮助。 :)
  • @JamesMatson 我不知道“ApiKeyRequired”是否是 ChangeSet 触发选项。我会通过将其部署在新堆栈中来对其进行测试,以确认我的解决方案是否正确。它可能只是该特定选项不会自行启动 ChangeSet 的地方。 (我之前已经发生过很多次这样的小改动)。 Cloudformation detect it as a drift?
【解决方案2】:

我认为您缺少“securityDefinitions”:

  Body:
    swagger: "2.0"
      ...
      ...
    securityDefinitions:
      sigv4:
        type: "apiKey"
        name: "x-api-key"
        in: "header"
        x-amazon-apigateway-authorizer:
          type: token

您可以在此处找到更多示例: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-as-s3-proxy-export-swagger-with-extensions.html

【讨论】:

  • 我将此添加到 SAM 模板中,但它没有任何改变? “招摇”:“2.0”,“securityDefinitions”:{“sigv4”:{“type”:“apiKey”,“name”:“x-api-key”,“in”:“header”,“x-amazon -apigateway-authorizer": { "type": "token" } } } } }
猜你喜欢
  • 2018-02-01
  • 2019-01-07
  • 2020-09-25
  • 2019-07-21
  • 2020-05-24
  • 2017-05-01
  • 1970-01-01
  • 1970-01-01
  • 2018-12-18
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode