SAM模板-使用现有的Cognito用户池的API授权者 [英] SAM Template - API Authorizor to use existing Cognito User Pool

问题描述

更新:感谢您的帮助！

我已经更新了template.yml以包括授权者，但是仍然出现错误:

I've updated the template.yml to include the Authorizer, but I'm getting an error still:

  HelloWorldApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      Cors: "'*'"
      # Auth:
      #   DefaultAuthorizer: MyCognitoAuthorizer
      #   Authorizers:
      #     MyCognitoAuthorizer:
      #       UserPoolArn: arn:aws:cognito-idp:us-east-1:719235216593:userpool/my-user-pool-id



  HelloWorldFunction:
    Properties:
      CodeUri: hello-world/
      Handler: app.lambdaHandler
      Runtime: nodejs10.x
      Events:
        HelloWorld:
          Type: Api 
          Properties:
            RestApiId: !Ref HelloWorldApi
            Path: /hello
            Method: get

  MyCognitoAuthorizer: 
    Type: AWS::ApiGateway::Authorizer
    Properties:
      Name: MyAuthorizer
      Type: COGNITO_USER_POOLS
      RestApiId: !Ref HelloWorldApi
      ProviderARNs:
        - arn:aws:cognito-idp:us-east-1:719235216593:userpool/my-user-pool-id

但是，现在尝试创建堆栈时得到以下信息:

However, I'm now getting the following when trying to create the stack:

以下资源创建失败:[MyCognitoAuthorizer，HelloWorldApiDeploymentbc8438953d，HelloWorldFunctionHelloWorldPermissionProd]..用户请求的回滚.

我没有指定回滚，也无法确定授权者出了什么问题?

I did not specify the rollback, and I can't determine what is wrong in my authorizer?

原始

我已经构建了多个lambda，每个lambda都有自己的Api Gateway.我正在使用SAM CLI执行此操作，每个lambda是其自己的项目，并且具有描述基础结构的自己的Template.yml文件.

I have built multiple lambdas, each having their own Api Gateway. I'm using SAM CLI to do this, and each lambda is its own project and has it's own Template.yml file describing the infrastructure.

下面是一个templay.yml示例:

Below is an example templay.yml:

AWSTemplateFormatVersion: '2011-09-09'
Transform: AWS::Serverless-2016-10-31

Resources:
    # Avoid 'implicit API' creation via SAM by explicitly defining one
    HelloWorldApi:
        Type: AWS::Serverless::Api
        Properties:
          StageName: Prod
          Cors: "'*'"


    HelloWorldFunction:
        Type: AWS::Serverless::Function 
        Properties:
          CodeUri: hello-world/
          Handler: app.lambdaHandler
          Runtime: nodejs10.x
          Events:
            HelloWorld:
              Type: Api 
              Properties:
                RestApiId: !Ref HelloWorldApi # reference defined API
                Path: /hello
                Method: get

我现在想为每个lambda提供身份验证.但是，我希望所有的lambda都使用相同的Cognito用户池.我已经看到了许多使用lambda创建关联的用户池的示例，但是在这种情况下，我将为每个lambda创建一个新的userpool.

I would now like to provide authentication for each lambda. However, I would like all the lambdas to use the same Cognito User pool. I've seen many examples that create the associated userpool with the lambda, but in this case I would end up with a new userpool for every lambda.

是否可以在template.yml中指定通过AWS控制台创建的现有用户池的ARN?

注意:我对CloudFormation语法不是很熟悉，因此，如果可以通过SAM CLI模板语法使用它，则是更可取的.l

Note: I'm not very familiar with CloudFormation syntax, so it's preferable if this is doable with the SAM CLI template syntax.l

推荐答案

只需简单地对所需的标识符(在这种情况下为ARN)进行硬编码，即可在模板中引用在CloudFormation外部创建的现有资源:

Existing resources created outside of CloudFormation can be referenced in templates by simply hardcoding the desired identifier (ARNs in this case):

    Authorizer:
      Type: AWS::ApiGateway::Authorizer
      Properties:
        Type: COGNITO_USER_POOLS
        RestApiId: !Ref HelloWorldApi
        ProviderARNs:
          - # hardcoded Cognito User Pool ARN

AWS :: ApiGateway:: Authorizer 文档

Cognito用户池ARN格式

您应该能够在 Cognito控制台上找到Cognito用户池的ARN.

You should be able to find your Cognito User Pool's ARN on Cognito's console

这篇关于SAM模板-使用现有的Cognito用户池的API授权者的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！