如何在AWS Lambda函数中验证API密钥 [英] How to validate API Key in AWS Lambda function

问题描述

我已经阅读了不少文章，例如这一篇和看起来当前在AWS API Gateway中，您无法在查询字符串中发送API密钥. 我们还很少有旧客户端需要在查询字符串中传递api-key.
所以我想到了两个选择

I have read quite a few articles like this one and it looks like currently in AWS API Gateway you cannot send API Key in query string. We also have few legacy clients that will need passing api-key in query string.
So i thought of two options

1>将lambda函数创建为Integration Type，并在函数处理程序内的密钥中验证API.但是我无法弄清楚如何针对aws中的密钥对其进行验证.像

1>Create lambda function as Integration Type and validate API in key inside function handler. But i am not able to figure out how to validate it against keys in aws. Something like

public async Task<JObject> FunctionHandler(JObject request, ILambdaContext context)
{
      // i know how to get apikey from queryStringParameters here 
      // but how do i validate it against api keys in aws
}

2>创建新的自定义授权者，但又不确定我该怎么做.

2> Create new custom authorizer, but again not sure how do i do it.

哪个将是首选选项. 我正在使用.NET Core .是否有任何可用的nuget软件包?

Which would be prefered option. I am using .NET core. Are there any nuget packages already available?

请注意，即使出于安全原因不建议使用querystring支持，也是值得商bat的

推荐答案

您可以在查询参数使用标头中传递安全密钥并通过密钥

You can pass security key in query param use header and pass key

curl -X PUT \
https://XXXX.XXXXX-api.ca-central-1.amazonaws.com/PROD/XXX-microservice \
 -H 'Content-Type: application/json' \
 -H 'x-api-key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \
 -d '{

 "initData": "HI",
 "name": "vaquar khan",
 "likes": "Java"
}'

API逍遥游确保了安全密钥验证的安全，因此没有lambda 需要授权者

Security key validation taken care by API getaway so no lambda authorizer required

如果您要传递查询字符串

If you are passing in query string

URL:

https://XXXX.XXXXX-api.ca-central-1.amazonaws.com/PROD/XXX-microservice ?x-api-key=XXXXXXXXXXXXXXXX &uid=5

Python 2.7

from __future__ import print_function

import boto3
import json

print('Loading function')


def lambda_handler(event, context):
    print(event['params']['querystring']['x-api-key'])
    print(event['params']['querystring']['uid'])

这篇关于如何在AWS Lambda函数中验证API密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！