我正在尝试将我的API网关API转到:
- 运行授权器通过授权器
- 上下文对步骤函数执行
- 对客户端的响应,而步骤功能输出
我已经完成了#1和#3,但是将所附授权者lambda的响应传递给事实证明,步骤功能是不可能的。
我发现和 /a>带有有关可以用于参数映射的插值值的参考表(创建集成 - > step函数:startsyncexecution - >高级设置 - > input),但是任何时候我尝试使用与> 相关的任何内容$ context 喜欢 $ context.authorizer.email ,API网关只是用http 400响应,并给我这个CloudWatch输出:
"Unable to resolve property Input from source {\"lambdaName\": \"arn:aws:lambda:us-east-1:xxxxxxx\", \"reqBody\": $request.body.Input, \"authContext\": $context.apiId }. Please make sure that the request to API Gateway contains all the necessary fields specified in request parameters."
这些是我尝试过用于输入文本的JSON对象box and all of them either give me an errors when trying to save or throw an HTTP 400 and log the above errors when I visit the route:
-
{"lambdaName": "xxx", "reqBody": $request.body .input,“ authcontext”:$ context.authorizer.email}
-
{“ lambdaname”:“ xxx”,“ reqbody”:$ request.body.input,“ authContext”:“ authContext”:“ $ contection.authorizer 。
-
- “:“ xxx”,“ reqbody”:$ request.body.input,“ authcontext”:$ contect}
-
{“ lambdaname”:“ xxx”,“ reqbody”:$ request.body.input ,“ authcontext”:$ event.requestcontext.authorizer.email} ,
似乎唯一的授权代码使用步骤函数的方法是包装我的步骤函数,由API Gateway in e em> e em em>步骤函数授权请求,然后调用端点步骤函数。我已经研究了几个小时,但我什么都没有。任何帮助都将不胜感激。
I'm trying to get my API Gateway api to:
- Run an authorizer
- Pass authorizer context to a Step Function execution
- Respond to client with Step Function output
I already have #1 and #3 done, but passing the response of the attached authorizer lambda to the step function is proving to be impossible.
I found this page and this page with reference sheets on what interpolation values you can use for your parameter mapping (Create Integration -> Step Function: StartSyncExecution -> Advanced Settings -> Input) but any time I try to use anything related to $context like $context.authorizer.email, API Gateway just responds with an HTTP 400 and gives me this CloudWatch output:
"Unable to resolve property Input from source {\"lambdaName\": \"arn:aws:lambda:us-east-1:xxxxxxx\", \"reqBody\": $request.body.Input, \"authContext\": $context.apiId }. Please make sure that the request to API Gateway contains all the necessary fields specified in request parameters."
These are the JSON objects I've tried using for the Input text box and all of them either give me an errors when trying to save or throw an HTTP 400 and log the above errors when I visit the route:
{"lambdaName": "xxx", "reqBody": $request.body.Input, "authContext": $context.authorizer.email }{"lambdaName": "xxx", "reqBody": $request.body.Input, "authContext": "$context.authorizer.email" }{"lambdaName": "xxx", "reqBody": $request.body.Input, "authContext": $context.apiId }{"lambdaName": "xxx", "reqBody": $request.body.Input, "authContext": $context }{"lambdaName": "xxx", "reqBody": $request.body.Input, "authContext": $event.requestContext.authorizer.email }
It seems like the only way to have authorization code to work with step functions is to wrap my step function called by API Gateway in another step function that authorizes the request and then invokes the endpoint step function. I've researched this for hours and I'm not getting anywhere. Any help at all is appreciated.
发布评论
评论(2)
我最终通过使用API网关V1和REST API而不是HTTP API来解决此问题。由于某种原因,V2的输入字段当前不适用于$ request.body.input。从那里,我将所有端点连接到了一个步骤函数,该步骤功能在请求中在其授权标题上运行授权lambda。
我具有一个步骤功能,可以使我可以将步骤功能和lambda操作链接在一起,因此对于大多数请求,我只是将授权器lambda和端点的操作链接在一起(可以是lambda或其他步骤功能)。
这里的主要要点是,如果您使用的是API网关和步骤功能,那么如果不在REST API中使用API Gateway的V1,则将自定义格式输入传递到您的步骤函数并不容易HTTP API。希望这将来可以解决。
I ended up solving this by using API Gateway v1 and a REST API instead of a HTTP API. For some reason v2's input field currently doesn't work for anything other than $request.body.Input. From there, I hooked up all of my endpoints to a step function that runs the authorization lambda on their Authorization header in the request.
I have a step function that allows me to chain together step function and lambda actions so for most requests I just chain together the authorizer lambda and the endpoint's action (can be lambda or another step function).
The main takeaway here is that if you're using API Gateway and Step Functions, it looks like passing custom-formatted input into your step function isn't very easy to do without using the v1 of API Gateway in a REST API, not an HTTP api. Hopefully this will be fixed in the future.
另一个解决方案可能是在API网关集成请求中使用映射模板。
示例:考虑lambda授权者的响应:
在 application/json 的映射模板中,在 Input 字段中映射您想要的任何属性(引用ESCAPED)。 上下文字段中从lambda授权者发送的每个属性将以$ context.authorizer。属性。
一个可能的模板映射可能是:
参考 $ context.authorizer。属性
Another solution could be to use the Mapping Template in API Gateway Integration Request.
Example: Consider the response from the Lambda Authorizer as this:
In the Mapping Template for application/json, map whatever property you want in the input field (quote escaped). Each property sent from the Lambda Authorizer in the context field will be available as $context.authorizer.property.
One possible Template Mapping could be:
Reference $context.authorizer.property