SWAGGER SPEC
{
"swagger": "2.0",
"info": {
"title": "Player API without header.",
"description": "A simple API for Player resources",
"version": "1.0.2",
"contact": {
"name": "Kevin Sookocheff",
"url": "https://sookocheff.com",
"email": "kevin@sookocheff.com"
}
},
"securityDefinitions": {
"apiKey": {
"type": "apiKey",
"name": "x-api-key",
"in": "header"
}
},
"x-amazon-apigateway-api-key-source": "HEADER",
"paths": {
"/player/{id}": {
"get": {
"security": [
{
"apiKey": []
}
],
"x-amazon-apigateway-integration": {
"credentials": {
"GetAtt": "APIGatewayIntegrationRole.Arn"
},
"type": "aws_proxy",
"httpMethod": "POST",
"uri": {
"Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:testFunc/invocations"
}
},
"description": "Returns a Player resource",
"produces": [
"application/json"
],
"responses": {
"200": {
"description": "A player resource.",
"schema": {
"$ref": "#/definitions/Player"
}
}
},
"parameters": [
{
"name": "x-api-key",
"in": "header",
"description": "API Key",
"required": true,
"type": "string"
},
{
"name": "id",
"in": "path",
"description": "Identifier of player to retreive",
"required": true,
"type": "string"
}
]
},
"put": {
"security": [
{
"apiKey": []
}
],
"x-amazon-apigateway-integration": {
"credentials": {
"GetAtt": "APIGatewayIntegrationRole.Arn"
},
"type": "aws_proxy",
"httpMethod": "POST",
"uri": {
"Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:test-events-lambda/invocations"
}
},
"description": "Updates a Player resource",
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"parameters": [
{
"name": "x-api-key",
"in": "header",
"description": "API Key",
"required": true,
"type": "string"
},
{
"name": "requestPayload",
"in": "body",
"schema": {
"$ref": "#/definitions/Player"
}
},
{
"name": "id",
"in": "path",
"type": "string",
"required": true
}
],
"responses": {
"200": {
"description": "Updated player resource.",
"schema": {
"$ref": "#/definitions/Player"
}
}
}
}
},
"/store": {
"get": {
"summary": "Buy some cool avatars, unlock gold and other stuff",
"security": [
{
"apiKey": []
}
],
"parameters": [
{
"name": "x-api-key",
"in": "header",
"description": "API Key",
"required": true,
"type": "string"
}
],
"x-amazon-apigateway-integration": {
"credentials": {
"GetAtt": "APIGatewayIntegrationRole.Arn"
},
"type": "aws_proxy",
"httpMethod": "POST",
"uri": {
"Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:testFunc/invocations"
}
},
"responses": {
"200": {
"description": "TBD",
"schema": {
"$ref": "#/definitions/Player"
}
}
}
}
}
},
"definitions": {
"Player": {
"type": "object",
"properties": {
"playerId": {
"type": "string"
},
"alias": {
"type": "string"
},
"displayName": {
"type": "string"
},
"profilePhotoUrl": {
"type": "string"
}
},
"required": [
"playerId",
"alias"
]
}
}
}
ШАБЛОН ОБОРУДОВАНИЯ
Я добавил несколько api gateway swagger extensions по мере необходимости.Я использую облачную информацию для создания шлюза API, который имеет ключ API.
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"PlayersAPI": {
"Type": "AWS::ApiGateway::RestApi",
"Properties": {
"Name": "Player API without header",
"Description": "A demo API for Player management",
"Body": {
// Swagger spec goes here.
}
}
},
"PlayersAPIDeployment": {
"Type": "AWS::ApiGateway::Deployment",
"Properties": {
"RestApiId": {
"Ref": "PlayersAPI"
}
}
},
"TestStage": {
"Type": "AWS::ApiGateway::Stage",
"Properties": {
"StageName": "test",
"RestApiId": {
"Ref": "PlayersAPI"
},
"DeploymentId": {
"Ref": "PlayersAPIDeployment"
}
}
},
"PlayersAPIKey": {
"Type": "AWS::ApiGateway::ApiKey",
"DependsOn": [
"PlayersAPIDeployment",
"TestStage"
],
"Properties": {
"Name": "what-the-key",
"Description": "Create an API Key using Cloudformation.",
"Enabled": true,
"StageKeys": [
{
"RestApiId": {
"Ref": "PlayersAPI"
},
"StageName": "test"
}
]
}
},
"APIGatewayIntegrationRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"Path": "/",
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com",
"apigateway.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
},
"Policies": [
{
"PolicyName": "root",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "lambda:InvokeFunction",
"Resource": "*"
}
]
}
}
]
}
}
}
}
ПРОБЛЕМА
Стек облачной информации был успешно создан при попытке проверить эторесурсы были созданы правильно, я обнаружил, что:
Шлюз API создается со всеми методами, и методы имеют требуемый ключ API.
API развернут на этапе, как и ожидалось.
Ключ API создан, но похоже, что он не связан с методами, для которых требуется ключ API
Когда я пытаюсь вызвать API с X-API-KEY, установленным на значение ключа API, скопированного с консоли как есть, я получаю код состояния 403 с сообщением:
{
"message": "Forbidden"
}
Я попытался повторно развернуть API, снова удалить и создать стек и т. Д.
Я хочу знать, отсутствует ли в спецификации swagger или шаблоне облачной информациичасть головоломки?Если нет, то в чем проблема и как я могу исправить дефект?