AWS SAM :: AWS::Serverless::Api“'Auth' 属性的值无效”
Posted
技术标签:
【中文标题】AWS SAM :: AWS::Serverless::Api“\'Auth\' 属性的值无效”【英文标题】:AWS SAM :: AWS::Serverless::Api "Invalid value for 'Auth' property"AWS SAM :: AWS::Serverless::Api“'Auth' 属性的值无效” 【发布时间】:2021-09-02 05:08:59 【问题描述】:通过描述模板中的所有内容并且没有 OpenApi 定义,我设法为通过(专用)ApiKey 进行身份验证的 API GW 后面的 Lambda 定义了一个模板。
在尝试引入 Lambda 集成来完成映射时会出现问题:似乎只能在 OpenAPI 文档中定义它们,当然,我无法做到这一点。因为 SAM 验证失败,抱怨 Auth 部分。
Template provided at '/Users/cionzo/PycharmProjects/my_project/template.yaml' was invalid SAM Template.
Error: [InvalidResourceException('ApiGateway', "Invalid value for 'Auth' property")] ('ApiGateway', "Invalid value for 'Auth' property")
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
myToyApp POC
SAM Template for myToyApp POC
# ====================================
# PARAMETERS SETUP
# ====================================
Parameters:
StageParam:
Type: String
Default: dev
Description: (Required) Enter dev, test, prod. Default is dev.
AllowedValues:
- dev
- test
- prod
ProjectName:
Type: String
Default: myToyApp
Description: (Required) The name of the project
MinLength: 3
MaxLength: 50
AllowedPattern: ^[A-Za-z_-]+$
ConstraintDescription: "Required. Can be characters, hyphen, and underscore only. No numbers or special characters allowed."
Mappings:
Stage2Settings:
LoggingLevel:
dev: "INFO"
test: "INFO"
prod: "ERROR"
Globals:
Function:
Timeout: 60
Resources:
ApiGateway:
Type: AWS::Serverless::Api
Properties:
Name: !Sub "$ProjectName_$StageParam"
StageName: !Ref StageParam
MethodSettings:
- LoggingLevel: !FindInMap [ Stage2Settings, "LoggingLevel", !Ref StageParam ]
ResourcePath: '/*' # allows for logging on any resource
HttpMethod: '*' # allows for logging on any method
DataTraceEnabled: true # Put logs into cloudwatch
MetricsEnabled: true # Enable detailed metrics (error 404, latence, ...)
Auth:
ApiKeyRequired: true
UsagePlan:
CreateUsagePlan: PER_API
Description: Usage plan for this API
DefinitionBody:
openapi: 3.0.0
info:
title: "Hello Api"
version: 0.3.0
description: "This is an example OpenAPI specification"
termsOfService: "http://example.com/tos"
contact:
email: "example@example.com"
x-amazon-apigateway-request-validators:
all:
validateRequestBody: true
validateRequestParameters: true
params:
validateRequestBody: true
validateRequestParameters: true
body:
validateRequestBody: true
validateRequestParameters: false
paths:
/processData:
post:
operationId: processData
description: Test sam local functionality with API Gateway & Open API
myToyAppPOCFunction:
Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
Properties:
CodeUri: myLambdaCodeFolder/
Handler: app.lambda_handler
Runtime: python3.8
FunctionName: !Sub "$ProjectName_DataProcessor_$StageParam"
Events:
HelloWorld:
Type: Api # More info about API Event Source: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api
Properties:
Path: /processData
Method: POST
RestApiId: !Ref ApiGateway
Outputs:
# ServerlessRestApi is an implicit API created out of Events key under Serverless::Function
# Find out more about other implicit resources you can reference within SAM
# https://github.com/awslabs/serverless-application-model/blob/master/docs/internals/generated_resources.rst#api
myToyAppPOCApi:
Description: "API Gateway endpoint URL for myToyAppPOCFunction"
Value: !Sub "https://$ApiGateway.execute-api.$AWS::Region.amazonaws.com/$StageParam/processData/"
myToyAppPOCFunction:
Description: "myToyAppPOCFunction Lambda Function ARN"
Value: "myToyAppPOCFunction"
myToyAppPOCFunctionIamRole:
Description: "Implicit IAM Role created for Hello World function"
Value: !GetAtt myToyAppPOCFunctionRole.Arn
【问题讨论】:
【参考方案1】:您的Auth 属性语法包含不正确的DefinitionBody 属性。
要修复您列出的错误,请取消缩进 DefinitionBody 块,使其父级为 Properties,而不是 Auth
ApiGateway:
Type: AWS::Serverless::Api
Properties:
Name: !Sub "$ProjectName_$StageParam"
StageName: !Ref StageParam
MethodSettings:
- LoggingLevel: !FindInMap [ Stage2Settings, "LoggingLevel", !Ref StageParam ]
ResourcePath: '/*' # allows for logging on any resource
HttpMethod: '*' # allows for logging on any method
DataTraceEnabled: true # Put logs into cloudwatch
MetricsEnabled: true # Enable detailed metrics (error 404, latence, ...)
Auth:
ApiKeyRequired: true
UsagePlan:
CreateUsagePlan: PER_API
Description: Usage plan for this API
DefinitionBody:
openapi: 3.0.0
info:
title: "Hello Api"
version: 0.3.0
description: "This is an example OpenAPI specification"
termsOfService: "http://example.com/tos"
contact:
email: "example@example.com"
x-amazon-apigateway-request-validators:
all:
validateRequestBody: true
validateRequestParameters: true
params:
validateRequestBody: true
validateRequestParameters: true
body:
validateRequestBody: true
validateRequestParameters: false
paths:
/processData:
post:
operationId: processData
description: Test sam local functionality with API Gateway & Open API
有关正确语法的更多信息,请查看文档:
AWS::Serverless::Api , https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-api.html#sam-resource-api-syntax ApiAuth(Auth 属性):https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-api-apiauth.html#sam-property-api-apiauth-syntax【讨论】:
谢谢@petey 最后一件事:除了 OpenApi 定义之外,有没有办法避免在事件(在函数属性中)复制路径信息?如果我删除 Event 部分,则 ApiGateway 没有被授权调用 Lambda... @cionzo,这似乎是另一个非常好的问题。你能创造一个吗?我不是 100% 我想我理解你关于避免复制的意思。以上是关于AWS SAM :: AWS::Serverless::Api“'Auth' 属性的值无效”的主要内容,如果未能解决你的问题,请参考以下文章
如何在不使用 SAM 的情况下使用 AWS 代码部署来部署简单的 AWS lambda 函数?