为什么云形式在创建AWS :: APIGATEWAWWAY ::授权器时会说已经说已经存在
我有一个现有的lambda函数,称为 my-ostrorizer 。我正在尝试使用无服务器(CF)资源来部署API网关,其中之一是针对此lambda的授权者。
Resources:
ApiGateway:
Type: AWS::ApiGateway::RestApi
Properties:
Name: "${self:service}-test"
# other resources
MyAuthorizer:
Type: AWS::ApiGateway::Authorizer
DependsOn: ApiGateway
Properties:
Name: My-Authorizer
Type: REQUEST
RestApiId:
Ref: ApiGateway
AuthorizerUri: "arn:aws:apigateway:${self:custom.aws_region}:lambda:path/2015-03-31/functions/arn:aws:lambda:${self:custom.aws_region}:${self:custom.aws_account_id}:function:My-Authorizer/invocations"
但是CF给出了 create_failed myauthorizer 具有以下状态原因:
Resource handler returned message: "Invalid request input (Service: ApiGateway, Status Code: 400, Request ID: <some-request-id>)" (RequestToken: <some-request-token>, HandlerErrorCode: AlreadyExists)
我已经检查了 myauthorizer 已经不是此堆栈中的资源。
问题:为什么我会遇到此错误?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
默认情况下,这是由于授权缓存的启用,因此默认情况下需要 Identitysource 属性。指定 IdentitySource 属性或禁用授权缓存将解决该问题(请参见下面的编辑2)。
原始(6/29/2022):
我遇到了同样的问题,花了小时后,我设法通过添加 Identitysource 属性来解决它,即使仅在启用授权封存时才标记为要求。导致我解决解决方案的是“无效的请求”一词。我的授权者看起来如下:
编辑1(6/29/2022):
它自动启用了我的授权缓存。奇怪的是,我能够删除 IdentitySource 属性并成功更新堆栈。但是,这并没有删除实际的身份源或授权缓存。因此,我不得不添加osterizerresultttlinseconds属性以禁用缓存。因此,为了禁用缓存,它将变为:
编辑2(6/30/2022):
发现授权ERESURSULTTTLINSECONDS默认为300导致错误。因此,默认情况下,启用了授权缓存,因此 Identitysource 默认情况下实际上需要属性。我能够在不指定IdentitySource属性的情况下创建一个新的授权器,但它需要禁用授权缓存。
It is due to authorization caching is enabled by default and thus IdentitySource property is required by default. Specifying IdentitySource property or disabling authorization caching will fix the issue (see Edit 2 below).
Original (6/29/2022):
I experienced the same issue and after spending hours, I managed to solve it by adding IdentitySource property even though it is marked as required only when authorization caching is enabled. What leads me to the solution is the word "Invalid Request". And my authorizer looks like the following:
Edit 1 (6/29/2022):
It automatically enabled authorization caching for me. The weird thing is I'm able to remove IdentitySource property and successfully update the stack. However, that didn't remove the actual Identity Source nor the Authorization Caching. So, I had to add AuthorizerResultTtlInSeconds property to disable the caching. And thus, to disable the caching, it becomes:
Edit 2 (6/30/2022):
Found out that AuthorizerResultTtlInSeconds defaults to 300 is causing the error. So by default, authorization caching is enabled and thus IdentitySource property is actually required by default. I'm able to create a new authorizer without specifying IdentitySource property but it requires disabling the authorization caching.
https://docs.aws.amazon.com/apigateway/latest/developerguide/configure-api-gateway-lambda-authorization-with-console.html
它不必在堆栈中。它可能位于您的帐户中,使用AWS控制台或其他CloudFormation堆栈手动创建。您必须将
myauthorizer的名称更改为唯一。It does not have to be in the stack. It may be in your account somewhere, created manually using AWS console or other CloudFormation stack. You have to change the name of your
MyAuthorizerto be unique.我设法找到了有效的解决方案。
我认为使用
aws :: Apigateway ::授权器和您帐户中已经存在的lambda函数可以实现此目的。但是,如果要部署新功能,则可能会起作用。取而代之的是,我通过控制台导出了一个虚拟API网关(作为Swagger + API Gateway Extensions的导出),该控制台具有我需要的所有授权配置。然后我这样做了:
I managed to find a solution that works.
I don't think there is a way to achieve this using
AWS::ApiGateway::Authorizerand a Lambda function that already exists in your account. If you are deploying a new function however, then this may work.Instead, I exported a dummy API Gateway (Export as Swagger + API Gateway Extensions) that I created via the console, which has all the authorisation configuration I require. I then did this: