serverless::api 的 AWS SAM 模板未创建认知用户池授权方

Question

我不明白为什么在部署此模板后我在 AWS 控制台的“授权者”选项卡下看不到此 API 的任何授权者。

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
  Description here

Globals:
  Function:
    Timeout: 3

Resources:
 
  ProductGet:
    Type: AWS::Serverless::Function 
    Properties:
      CodeUri: ./
      Handler: product-get.lambda_handler
      Runtime: python3.8
      Role: "particular role here"
      Events:
        ProductGet:
          Type: Api 
          Properties:
            Path: /product-get
            Method: post
            Auth:
              Authorizers:
                MyCognitoAuth:
                 UserPoolArn: "user pool arn here"
                 AuthType: "COGNITO_USER_POOLS"
              DefaultAuthorizer: MyCognitoAuth

Answer 1

想通了。您不能在“事件”部分定义授权者。如果您的 API 需要授权者，您必须将 API 定义为单独的资源，并使用 APIid 将其 link 定义为事件。

示例代码如下。

MyApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      Auth:
        DefaultAuthorizer: MyCognitoAuth # OPTIONAL
        Authorizers:
          MyCognitoAuth:
            Type: COGNITO_USER_POOLS
            # Can also accept an array
            UserPoolArn: "user pool arn here"

  ProductGet:
    Type: AWS::Serverless::Function         Properties:
      CodeUri: ./
      Handler: product-get.lambda_handler
      Runtime: python3.8
      Role: 'role ARN here'
      Events:
        ProductGet:
          Type: Api 
          Properties:
            Path: /product-get
            Method: post
            RestApiId: !Ref MyApi #This is how you need to refer to your API
            Auth:
              Authorizer: MyCognitoAuth

serverless::api 的 AWS SAM 模板未创建认知用户池授权方

AWS SAM template for serverless::api not creating cognito user pool authorizer

aws-serverless

aws-sam