我有以下CloudFormation堆栈。 2个lambdas(Greeting和Auth)与API网关配置为使用Auth lambda进行授权。
AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Resources:
GreetingsApiGateway:
Type: AWS::Serverless::Api
Properties:
StageName: Prod
Auth:
DefaultAuthorizer: MyAuthorizer
Authorizers:
MyAuthorizer:
FunctionArn: !GetAtt AuthLambda.Arn
GreetingsLambda:
Type: AWS::Serverless::Function
Properties:
CodeUri: "s3://<bucket-name>/code.zip"
Handler: src/index.greeting
Events:
GetRoot:
Type: Api
Properties:
RestApiId: !Ref GreetingsApiGateway
Path: /hello
Method: get
AuthLambda:
Type: AWS::Serverless::Function
Properties:
CodeUri: "s3://<bucket-name>/code.zip"
Handler: src/index.auth
Globals:
Function:
Runtime: nodejs8.10
# check whether I can use resources within globals
Outputs:
ApiURL:
Description: "OUR API URL"
Value: !Sub "https://${GreetingsApiGateway}.execute-api.${AWS::Region}.amazonaws.com/Prod/"
我的lambda的代码如下:
exports.greeting = async () => ({ statusCode: 200, body: "Hello Beautiful World!" });
exports.auth = async () => ({ statusCode: 200, body: "I wanna do the authorisation!" });
我希望授权一直失败,但也要在CloudWatch日志中查看来自Auth lambda的日志。
怎么了:
从API网关内部调用
如果我在API网关控制台中没有任何标题的情况下进行测试,我会得到“Hello Beautiful World”结果。我的CloudWatch模板中没有lambda auth日志。
从POSTMAN调用
我尝试在GET请求的标头内发送此输入。在没有来自Auth lambda CloudWatch日志的任何日志的情况下,响应是“未授权”。
{
"type":"TOKEN",
"authorizationToken":"<caller-supplied-token>",
"methodArn":"arn:aws:execute-api:<regionId>:<accountId>:<apiId>/<stage>/<method>/<resourcePath>"
}
怎么了?
要检索响应,我们需要使用Authorization标头,仍然不明白为什么来自API Gateway控制台的请求检索到响应。