使用LambdaIntegration时,CDK覆盖绑定 [英] CDK override bind when using LambdaIntegration
问题描述
使用LambdaIntegration
类时,绑定函数会自动向lambda添加权限:
When using LambdaIntegration
class the bind function add permission to the lambda automatically:
bind(method) {
super.bind(method);
const principal = new iam.ServicePrincipal('apigateway.amazonaws.com');
const desc = `${method.restApi.node.uniqueId}.${method.httpMethod}.${method.resource.path.replace(/\//g, '.')}`;
this.handler.addPermission(`ApiPermission.${desc}`, {
principal,
scope: method,
sourceArn: method.methodArn,
});
// add permission to invoke from the console
if (this.enableTest) {
this.handler.addPermission(`ApiPermission.Test.${desc}`, {
principal,
scope: method,
sourceArn: method.testMethodArn,
});
}
}
当前,我创建了多个API网关,其中90%的API网关会触发相同的lambda函数,这会导致以下错误:
Currently, I create multiple API Gateways who 90% of them trigger the same lambda function, this causes me the following error :
The final policy size (XXX) is bigger than the limit (20480)
更多信息此处.
我的目标是用我自己的函数覆盖bind函数,并自己处理权限,诸如此类:
My goal is to override the bind function with my own function and handle the permissions by myself, something like that:
arn:aws:execute-api:{AWS_REGION}:{AWS_ACCOUNT}:{API_ID}/*/*/*
我知道这不是最佳做法,但目前这是唯一可行的解决方法.
I know this is not a best practice but right now this is the only working workaround.
这是我创建的新类:
class customLambdaIntegration extends apigateway.LambdaIntegration{
myHandler: lambda.IFunction;
constructor(handler: lambda.IFunction, options?: LambdaIntegrationOptions) {
super(handler, options);
this.myHandler = handler;
}
bind(method: Method) {
const principal = new iam.ServicePrincipal('apigateway.amazonaws.com');
const desc = `${method.restApi.node.uniqueId}.${method.httpMethod}.${method.resource.path.replace(/\//g, '.')}`;
this.myHandler.addPermission(`ApiPermission.${desc}`, {
principal,
scope: method,
sourceArn: method.methodArn.toString().replace(api.deploymentStage.stageName,'*')
});
}
}
运行cdk list
时出现此错误:
if (!this.scope) { throw new Error('AwsIntegration must be used in API'); }
引发错误的有问题的代码段:
Problematic piece of code which throw the error:
class AwsIntegration extends integration_1.Integration {
constructor(props) {
const backend = props.subdomain ? `${props.subdomain}.${props.service}` : props.service;
const type = props.proxy ? integration_1.IntegrationType.AWS_PROXY : integration_1.IntegrationType.AWS;
const { apiType, apiValue } = util_1.parseAwsApiCall(props.path, props.action, props.actionParameters);
super({
type,
integrationHttpMethod: props.integrationHttpMethod || 'POST',
uri: cdk.Lazy.stringValue({ produce: () => {
if (!this.scope) {
throw new Error('AwsIntegration must be used in API');
}
return cdk.Stack.of(this.scope).formatArn({
service: 'apigateway',
account: backend,
resource: apiType,
sep: '/',
resourceName: apiValue,
});
} }),
options: props.options,
});
}
bind(method) {
this.scope = method;
}
}
任何帮助将不胜感激.
这可能对谁有帮助,我打开了一个功能请求以实现我的功能并手动处理lambda权限:
To whom this might be helpful, I open a feature request to implement my function and manually handle the lambda permission :
https://github.com/aws/aws-cdk/issues/5774
推荐答案
发现了问题,由于AwsIntegration
类实现了this.scope=method
,因此绑定函数中缺少this['scope'] = method;
.
Found the issue, this['scope'] = method;
were missing inside the bind function since AwsIntegration
class implements this.scope=method
.
完整代码:
class customLambdaIntegration extends apigateway.LambdaIntegration{
// myScope : cdk.IConstruct;
myHandler: lambda.IFunction;
MyOptinos: apigateway.LambdaIntegrationOptions | undefined;
constructor(handler: lambda.IFunction, options?: LambdaIntegrationOptions) {
super(handler, options);
this.myHandler = handler;
this.MyOptinos = options;
}
bind(method: Method) {
this['scope'] = method;
const principal = new iam.ServicePrincipal('apigateway.amazonaws.com');
const desc = `${method.restApi.node.uniqueId}.${method.httpMethod}.${method.resource.path.replace(/\//g, '.')}`;
this.myHandler.addPermission(`ApiPermission.${desc}`, {
principal,
scope: method,
sourceArn: method.methodArn.toString().replace(api.deploymentStage.stageName,'*')
});
}
}
这篇关于使用LambdaIntegration时,CDK覆盖绑定的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!