如何将 AWS Lambda 集成到应用程序负载平衡 Fargate 服务

问题描述 投票:0回答:1

我正在尝试使用 JWTAuthorizer Lambda 函数保护托管在应用程序负载平衡 Fargate 服务 (ALB) 上的 API 中的端点(例如,

/protected
)。

但我真的找不到一个很好的例子来展示我该如何做到这一点。到目前为止我尝试过:

private createContainerCopilotService() {

    const cluster = new ecs.Cluster(this.stack, 'Cluster', {
        vpc: this.stack.resources.external.vpc,
        clusterName: `${this.config.getStackName()}-Cluster`,
        containerInsights: true,
    });


    const loadBalancedFargateService = new ecsPatterns.ApplicationLoadBalancedFargateService(this.stack, 'LoadBalancedService', {
        cluster,
        memoryLimitMiB: 1024,
        desiredCount: 1,
        cpu: 512,
        publicLoadBalancer: true,
        redirectHTTP: true,
        protocol: aws_elasticloadbalancingv2.ApplicationProtocol.HTTPS,
        taskImageOptions: {
            image: ecs.ContainerImage.fromAsset('.',
                {
                    file: 'src/docker/Dockerfile',
                    buildArgs: { NODE_VERSION: '20' },
                },
            ),
            environment: {
                // Env variables
            },
        },
        loadBalancerName: `${this.config.getStackName()}-LoadBalancer`,
        domainName: this.config.getDomainName(),
        domainZone: this.stack.resources.external.hostedZone,
        securityGroups: [this.stack.resources.external.consumerOpenSearchAccessSecurityGroup],
    });

    loadBalancedFargateService.targetGroup.configureHealthCheck({
        path: '/',
    });

    return loadBalancedFargateService;
}

private createApiGateway(loadBalancedFargateService: ecsPatterns.ApplicationLoadBalancedFargateService) {

    const api = new apigw2.HttpApi(this.stack, 'HttpGateWay');

    const jwtAuthorizerFunction = lambda.Function.fromFunctionAttributes(
        this.stack,
        'ImportedJwtAuthorizer',
        {
            functionArn: this.config.getAuthorizerLambdaArn(),
            skipPermissions: true,
        }
    );

    const jwtAuthorizerIntegration = new apigw.LambdaIntegration(jwtAuthorizerFunction);

    api.addRoutes({
        path: '/sessions/{proxy+}',
        methods: [apigw2.HttpMethod.GET],
        integration: new apigw2Integrations.HttpAlbIntegration('AuthIntegration', loadBalancedFargateService.listener,
            {
                // Here I don't know how can I use the jwtAuthorizerIntegration
            }
        )
    })
}

有人有将 Lambda 函数连接到 ALB 的经验吗?我应该使用 API Gateway 还是有关如何使用 Lambda 授权者正确保护端点的任何建议?

amazon-web-services aws-lambda aws-api-gateway amazon-ecs aws-cdk
1个回答
0
投票

检查 lib aws-cdk-lib/aws-apigatewayv2-authorizers: 并导入此类 HttpLambdaAuthorizer

创建授权人后,您可以通过类似于以下的方式附加它:

    const apiGateway = new HttpApi(this, "ApiGateway", {
        corsPreflight: {
            allowHeaders: ["*"],
            allowCredentials: true,
            allowMethods: [
                CorsHttpMethod.PATCH,
                CorsHttpMethod.POST,
                CorsHttpMethod.GET,
                CorsHttpMethod.PUT,
                CorsHttpMethod.DELETE,
                CorsHttpMethod.OPTIONS,
            ],
            allowOrigins: ["*"
            ],
            maxAge: cdk.Duration.days(1),
        },
        defaultAuthorizer: lambdaAuthorizer,
    });
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.