在无服务器框架中设置 AWS API 网关自定义授权方
Setup AWS API gateway custom authorizers in serverless framework
我需要将 AWS API 网关自定义授权方添加到 Lambda 函数。目前我已经为每个端点添加了授权者。如下serverless.yml.
serverless.yml
service: test-service
provider:
name: aws
runtime: nodejs6.10
stage: dev
region: us-east-1
functions:
bff:
handler: app.handler
events:
- http:
path: /home
method: get
cors: true
authorizer :
arn: arn:aws:lambda:us-east-1:xxxxxx:function:token-verifier
resultTtlInSeconds: 0
identitySource: method.request.header.Authorization
identityValidationExpression: '.*'
How can I add the custom authorizer to the entire lambda function
rather than adding separately to each endpoint?
您混淆了 AWS API 网关和 AWS Lambda 之间的界限。这不是你的错。 Serverless Framework 好到几乎模糊了这两件事。
严格来说,AWS Lambda 函数不需要 需要自定义授权方。
授权者用于保护 API 网关端点 NOT AWS Lambda 函数。
因此,您需要为需要授权的每个端点定义授权方。
如果您希望通过不多次重复授权方定义来使 serverless.yml 更简洁,您可以定义一次并在端点中引用它。
service: test-service
custom:
authorizer:
arn: arn:aws:lambda:us-east-1:xxxxxx:function:token-verifier
resultTtlInSeconds: 0
identitySource: method.request.header.Authorization
identityValidationExpression: '.*'
provider:
name: aws
runtime: nodejs6.10
stage: dev
region: us-east-1
functions:
bff:
handler: app.handler
events:
- http:
path: /home
method: get
cors: true
authorizer: ${self:custom.authorizer}
我需要将 AWS API 网关自定义授权方添加到 Lambda 函数。目前我已经为每个端点添加了授权者。如下serverless.yml.
serverless.yml
service: test-service
provider:
name: aws
runtime: nodejs6.10
stage: dev
region: us-east-1
functions:
bff:
handler: app.handler
events:
- http:
path: /home
method: get
cors: true
authorizer :
arn: arn:aws:lambda:us-east-1:xxxxxx:function:token-verifier
resultTtlInSeconds: 0
identitySource: method.request.header.Authorization
identityValidationExpression: '.*'
How can I add the custom authorizer to the entire lambda function rather than adding separately to each endpoint?
您混淆了 AWS API 网关和 AWS Lambda 之间的界限。这不是你的错。 Serverless Framework 好到几乎模糊了这两件事。
严格来说,AWS Lambda 函数不需要 需要自定义授权方。
授权者用于保护 API 网关端点 NOT AWS Lambda 函数。
因此,您需要为需要授权的每个端点定义授权方。
如果您希望通过不多次重复授权方定义来使 serverless.yml 更简洁,您可以定义一次并在端点中引用它。
service: test-service
custom:
authorizer:
arn: arn:aws:lambda:us-east-1:xxxxxx:function:token-verifier
resultTtlInSeconds: 0
identitySource: method.request.header.Authorization
identityValidationExpression: '.*'
provider:
name: aws
runtime: nodejs6.10
stage: dev
region: us-east-1
functions:
bff:
handler: app.handler
events:
- http:
path: /home
method: get
cors: true
authorizer: ${self:custom.authorizer}