AWS Api 网关 + Lambda + 自定义域 (Route53) 缺少身份验证令牌问题 [英] AWS Api Gateway + Lambda + custom domain (Route53) Missing Authentication Token issue

问题描述

我知道这里已经发布并回答了许多类似的问题，但没有一个与我所经历的完全相同.

I am aware that many similar questions have been posted and answered here but none of them is quite the same with what I am experiencing.

我有一个处理传入请求(GET 和 POST)的 Lambda 函数.我还设置了一个 api 网关作为面向公众的端点.此外，我按照 Set up CustomAPI 主机名的域名

I have a Lambda function that handles incoming requests (GET and POST). I also set up an api gateway as public facing endpoint. Additionally, I set up custom domain following Set up Custom Domain Name for API Host Name

测试调用适用于 lambda 和 api 网关控制台.一切都可以使用调用 URL 进行，但不适用于我设置的自定义域.

The testing call works in both of lambda and api gateway console. Everything also works using the invoke URL but not with the custom domain I've set up.

以下是更多详细信息:

调用 URL(有效):

Invoke URL (Works) :

https://{api gateway id}.execute-api.us-west-2.amazonaws.com/prod/endpoint

自定义域端点(不起作用):

Custom domain endpint (Doesn't work):

https://api.{my domain}.com/endpoint

基本路径映射:

/endpoint   endpoint:prod

所有方法验证:

Authorization None
API Key Not required

Route53:

A record as alias that points api.{my domain}.com to the cloudfront distribution domain name as alias target. 

如果有人知道这里发生了什么，我将不胜感激.

I'd really appreciate if anyone knows what's going out here.

推荐答案

我发现问题是对基本路径映射的工作方式有误解.

I found the issue is misunderstanding of how base path mapping works.

我所有的配置都是正确的.

All my configurations are correct.

我的 API 资源不在/下，而是在/endpoint 下

My API resource is not under / but under /endpoint

要使用自定义域，而不是访问 https://api.{my domain}.com/endpoint，它需要转到 https://api.{my domain}.com/endpoint/endpoint

To use the custom domain, instead of visiting https://api.{my domain}.com/endpoint, it needs to go to https://api.{my domain}.com/endpoint/endpoint

当然这是愚蠢和多余的.

Of course this is silly and redundant.

我有两个选择.我要么设置基本路径映射到/而不是/endpoint，或者我可以只使用 API 资源/而不是/endpoint.

I have two options. I either set up the base path mapping to / instead of /endpoint or I can just user the API resource / instead of /endpoint.

我选择后者，因为如果基本路径映射设置为/，我的 api.{my domain}.com 将只能托管一个 API(我仍然可以使用相同 API 下的资源，但为什么要浪费额外的抽象层?).

I go with the latter because if base path mapping is set to /, my api.{my domain}.com will only be able to host just one API (I can still use resources under the same API, but why wasting the extra layer of abstraction?).

这看起来很糟糕，但我仍然很高兴我想通了.

This seems dump but I am still glad I figured it out.

这篇关于AWS Api 网关 + Lambda + 自定义域 (Route53) 缺少身份验证令牌问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！