AWS SAM :: AWS::Serverless::Api“'Auth' 属性的值无效”

Posted

技术标签:

【中文标题】AWS SAM :: AWS::Serverless::Api“\'Auth\' 属性的值无效”【英文标题】:AWS SAM :: AWS::Serverless::Api "Invalid value for 'Auth' property"AWS SAM :: AWS::Serverless::Api“'Auth' 属性的值无效” 【发布时间】:2021-09-02 05:08:59 【问题描述】:

通过描述模板中的所有内容并且没有 OpenApi 定义,我设法为通过(专用)ApiKey 进行身份验证的 API GW 后面的 Lambda 定义了一个模板。

在尝试引入 Lambda 集成来完成映射时会出现问题:似乎只能在 OpenAPI 文档中定义它们,当然,我无法做到这一点。因为 SAM 验证失败,抱怨 Auth 部分。

Template provided at '/Users/cionzo/PycharmProjects/my_project/template.yaml' was invalid SAM Template.
Error: [InvalidResourceException('ApiGateway', "Invalid value for 'Auth' property")] ('ApiGateway', "Invalid value for 'Auth' property")
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
  myToyApp POC
  SAM Template for myToyApp POC

# ====================================
# PARAMETERS SETUP
# ====================================
Parameters:
  StageParam:
    Type: String
    Default: dev
    Description: (Required) Enter dev, test, prod. Default is dev.
    AllowedValues:
      - dev
      - test
      - prod
  ProjectName:
    Type: String
    Default: myToyApp
    Description: (Required) The name of the project
    MinLength: 3
    MaxLength: 50
    AllowedPattern: ^[A-Za-z_-]+$
    ConstraintDescription: "Required. Can be characters, hyphen, and underscore only. No numbers or special characters allowed."

Mappings:
  Stage2Settings:
    LoggingLevel:
      dev: "INFO"
      test: "INFO"
      prod: "ERROR"

Globals:
  Function:
    Timeout: 60

Resources:
  ApiGateway:
    Type: AWS::Serverless::Api
    Properties:
      Name: !Sub "$ProjectName_$StageParam"
      StageName: !Ref StageParam
      MethodSettings:
        - LoggingLevel: !FindInMap [ Stage2Settings, "LoggingLevel", !Ref StageParam ]
          ResourcePath: '/*'      # allows for logging on any resource
          HttpMethod: '*'         # allows for logging on any method
          DataTraceEnabled: true  # Put logs into cloudwatch
          MetricsEnabled: true    # Enable detailed metrics (error 404, latence, ...)
      Auth:
        ApiKeyRequired: true
        UsagePlan:
          CreateUsagePlan: PER_API
          Description: Usage plan for this API
        DefinitionBody:
          openapi: 3.0.0
          info:
            title: "Hello Api"
            version: 0.3.0
            description: "This is an example OpenAPI specification"
            termsOfService: "http://example.com/tos"
            contact:
              email: "example@example.com"
          x-amazon-apigateway-request-validators:
            all:
              validateRequestBody: true
              validateRequestParameters: true
            params:
              validateRequestBody: true
              validateRequestParameters: true
            body:
              validateRequestBody: true
              validateRequestParameters: false
          paths:
            /processData:
              post:
                operationId: processData
                description: Test sam local functionality with API Gateway & Open API



  myToyAppPOCFunction:
    Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
    Properties:
      CodeUri: myLambdaCodeFolder/
      Handler: app.lambda_handler
      Runtime: python3.8
      FunctionName: !Sub "$ProjectName_DataProcessor_$StageParam"
      Events:
        HelloWorld:
          Type: Api # More info about API Event Source: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api
          Properties:
            Path: /processData
            Method: POST
            RestApiId: !Ref ApiGateway





Outputs:
  # ServerlessRestApi is an implicit API created out of Events key under Serverless::Function
  # Find out more about other implicit resources you can reference within SAM
  # https://github.com/awslabs/serverless-application-model/blob/master/docs/internals/generated_resources.rst#api
  myToyAppPOCApi:
    Description: "API Gateway endpoint URL for myToyAppPOCFunction"
    Value: !Sub "https://$ApiGateway.execute-api.$AWS::Region.amazonaws.com/$StageParam/processData/"


  myToyAppPOCFunction:
    Description: "myToyAppPOCFunction Lambda Function ARN"
    Value: "myToyAppPOCFunction"
  myToyAppPOCFunctionIamRole:
    Description: "Implicit IAM Role created for Hello World function"
    Value: !GetAtt myToyAppPOCFunctionRole.Arn


【问题讨论】:

【参考方案1】:

您的Auth 属性语法包含不正确的DefinitionBody 属性。

要修复您列出的错误,请取消缩进 DefinitionBody 块,使其父级为 Properties,而不是 Auth

ApiGateway:
  Type: AWS::Serverless::Api
  Properties:
    Name: !Sub "$ProjectName_$StageParam"
    StageName: !Ref StageParam
    MethodSettings:
      - LoggingLevel: !FindInMap [ Stage2Settings, "LoggingLevel", !Ref StageParam ]
        ResourcePath: '/*'      # allows for logging on any resource
        HttpMethod: '*'         # allows for logging on any method
        DataTraceEnabled: true  # Put logs into cloudwatch
        MetricsEnabled: true    # Enable detailed metrics (error 404, latence, ...)
    Auth:
      ApiKeyRequired: true
      UsagePlan:
        CreateUsagePlan: PER_API
        Description: Usage plan for this API
    DefinitionBody:
      openapi: 3.0.0
      info:
        title: "Hello Api"
        version: 0.3.0
        description: "This is an example OpenAPI specification"
        termsOfService: "http://example.com/tos"
        contact:
          email: "example@example.com"
      x-amazon-apigateway-request-validators:
        all:
          validateRequestBody: true
          validateRequestParameters: true
        params:
          validateRequestBody: true
          validateRequestParameters: true
        body:
          validateRequestBody: true
          validateRequestParameters: false
      paths:
        /processData:
          post:
            operationId: processData
            description: Test sam local functionality with API Gateway & Open API

有关正确语法的更多信息,请查看文档:

AWS::Serverless::Api , https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-api.html#sam-resource-api-syntax ApiAuth(Auth 属性):https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-api-apiauth.html#sam-property-api-apiauth-syntax

【讨论】:

谢谢@petey 最后一件事:除了 OpenApi 定义之外,有没有办法避免在事件(在函数属性中)复制路径信息?如果我删除 Event 部分,则 ApiGateway 没有被授权调用 Lambda... @cionzo,这似乎是另一个非常好的问题。你能创造一个吗?我不是 100% 我想我理解你关于避免复制的意思。

以上是关于AWS SAM :: AWS::Serverless::Api“'Auth' 属性的值无效”的主要内容,如果未能解决你的问题,请参考以下文章

aws sam 发布/部署流程

AWS Sam 部署失败

AWS SAM 模板中的 Auth 部分出错

如何在不使用 SAM 的情况下使用 AWS 代码部署来部署简单的 AWS lambda 函数?

AWS SAM - 无法创建变更集:Waiter ChangeSetCreateComplete failed

运行 AWS sam 本地调用时 Python 未找到模块