我正在尝试部署使用terraform的自定义授权者的API Gateway REST API。
自定义授权者使用现有的lambda函数。
gcc -Wall当我应用了Terraform时,出现以下错误
resource "aws_api_gateway_authorizer" "accountprofileauth" {
name = "auth"
rest_api_id = "${aws_api_gateway_rest_api.accountprofileapi.id}"
authorizer_uri = "arn:aws:lambda:us-east-2:XXXX:function:dev-authorizer"
identity_source = "method.request.header.Authorization"
type = "REQUEST"
}
lambda函数存在并且可以正常工作。当我使用无服务器部署时,同样的方法也可以正常工作。
您知道格式/提供有效arn的示例吗?
谢谢。
答案 0 :(得分:1)
我发现实际格式是
arn:aws:apigateway:us-east-2:lambda:path / 2015-03-31 / functions / arn:aws:lambda:us-east-2:XXXX:function:dev-authorizer / invocations
好像日期是硬编码的。我对此感到困惑:)
答案 1 :(得分:0)
您可以参考AWS文档Amazon Resource Names (ARNs) and AWS Service Namespaces
对于lambda
AWS Lambda(Lambda)
Syntax:
arn:aws:lambda:region:account-id:function:function-name
arn:aws:lambda:region:account-id:function:function-name:alias-name
arn:aws:lambda:region:account-id:function:function-name:version
arn:aws:lambda:region:account-id:event-source-mappings:event-source-mapping-id
示例:
arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords
arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords:your alias
arn:aws:lambda:us-east-1:123456789012:function:ProcessKinesisRecords:1.0
arn:aws:lambda:us-east-1:123456789012:event-source-mappings:kinesis-stream-arn
如果您也在terraform中创建labmda函数(不是您的情况,但是如果您已经开始使用它,我建议在terraform中管理所有AWS资源)
resource "aws_lambda_function" "authorizer" {
filename = "lambda-function.zip"
source_code_hash = "${base64sha256(file("lambda-function.zip"))}"
function_name = "api_gateway_authorizer"
role = "${aws_iam_role.lambda.arn}"
handler = "exports.example"
}
您可以轻松地将lambda arn称为authorizer_uri
resource "aws_api_gateway_authorizer" "demo" {
name = "demo"
rest_api_id = "${aws_api_gateway_rest_api.demo.id}"
authorizer_uri = "${aws_lambda_function.authorizer.invoke_arn}"
authorizer_credentials = "${aws_iam_role.invocation_role.arn}"
}