Aws api gateway 和swagger工具的結合使用

aws api gateway 介紹

  • api的網(wǎng)關。主要目的是用來控制api的。
    • 所有api都可以寫如到api gateway中。
    • 在api gateway中控制api的調用次數(shù),吞吐量,是否允許調用
    • 在 api gateway中控制這個API 觸發(fā)的aws的服務

swagger 介紹

  • 用來編寫API文檔,有專門的swagger語法。簡單點說就是用文字信息和特定的格式來描述一個API

swagger集成 api gateway

介紹

  • swagger網(wǎng)站上有關于集成api gateway的功能??梢宰龅揭绘I集成(注意,集成的時候最好選則overwrite,每次保存都會完整的更新api gateway)
  • 所有api gateway的功能,包括authorized response lambda 都可以用swagger文檔來完成。最后一鍵集成到api Gateway中

如何集成

  • google一下swagger,注冊swagger hub的賬號。
  • 編寫swagger的文檔
  • 找到 Integrations按鈕(藏的有點深,我找了半天),選擇集成 aws api gateway
  • 配置好aws 的key和secret 保存并執(zhí)行。這樣以后每次編寫swagger文檔都會更新api gateway了

swagger的編寫(yaml格式)

  • swagger 文檔如何編寫我這里就不說了,自行google,多嘗試就OK了。在swagger官網(wǎng)中編寫會有錯誤提示,還是比較方便的。
    這篇文章主要介紹的是和api gateway相關的內容
  • swagger集成api gateway的文檔例子
https://github.com/aws-samples/api-gateway-secure-pet-store/blob/master/src/main/resources/swagger.yaml


# this is an example of the Uber API
# as a demonstration of an API spec in YAML
swagger: '2.0'
info:
  title: API Gateway Secure Pet Store
  description: Pet store sample that uses Cognito Developer Authenticated Identities to generate credentials through a Java Lambda Function
  version: "1.0.0"
# the domain of the service
host: execute-api.us-east-1.amazonaws.com
# array of all schemes that your API supports
schemes:
  - https
# will be prefixed to all paths
basePath: /
produces:
  - application/json
paths:
  /users:
    post:
      summary: Registers a new user
      description: |
        Creates a new user in the DynamoDB backend database and returns a set
        of temporary credentials to sign future requests.
      consumes:
        - application/json
      produces:
        - application/json
      parameters:
        - name: NewUser
          in: body
          description: New user details.
          schema:
            $ref: '#/definitions/User'
      tags:
        - Auth
      x-amazon-apigateway-integration:
        type: aws
        uri: arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:XXXXXXXXXXXX:function:YOUR_FUNCTION_NAME/invocations
        credentials: arn:aws:iam::XXXXXXXXXXXX:role/YOUR_LAMBDA_INVOCATION_ROLE
        httpMethod: POST
        requestTemplates:
          application/json: |
            {
              "action" : "com.amazonaws.apigatewaydemo.action.RegisterDemoAction",
              "body" : $input.json('$')
            }
        responses:
          "default":
            statusCode: "200"
            responseParameters:
              method.response.header.Access-Control-Allow-Origin : "'*'"
          "BAD.*":
            statusCode: "400"
            responseParameters:
              method.response.header.Access-Control-Allow-Origin : "'*'"
          "INT.*":
            statusCode: "500"
            responseParameters:
              method.response.header.Access-Control-Allow-Origin : "'*'"
      responses:
        200:
          description: The username of the new user and set of temporary credentials
          headers:
            Access-Control-Allow-Origin:
              type: "string"
          schema:
            $ref: '#/definitions/RegisterUserResponse'
        400:
          description: Bad request
          headers:
            Access-Control-Allow-Origin:
              type: "string"
          schema:
            $ref: '#/definitions/Error'
        500:
          description: Internal error
          headers:
            Access-Control-Allow-Origin:
              type: "string"
          schema:
            $ref: '#/definitions/Error'
    options:
      summary: CORS support
      description: |
        Enable CORS by returning correct headers
      consumes:
        - application/json
      produces:
        - application/json
      tags:
        - CORS
      x-amazon-apigateway-integration:
        type: mock
        requestTemplates:
          application/json: |
            {
              "statusCode" : 200
            }
        responses:
          "default":
            statusCode: "200"
            responseParameters:
              method.response.header.Access-Control-Allow-Headers : "'Content-Type,X-Amz-Date,Authorization,X-Api-Key'"
              method.response.header.Access-Control-Allow-Methods : "'*'"
              method.response.header.Access-Control-Allow-Origin : "'*'"
            responseTemplates:
              application/json: |
                {}
      responses:
        200:
          description: Default response for CORS method
          headers:
            Access-Control-Allow-Headers:
              type: "string"
            Access-Control-Allow-Methods:
              type: "string"
            Access-Control-Allow-Origin:
              type: "string"
  /login:
    post:
      summary: Login user
      description: |
        Verifies the given credentials against the user database and returns a set
        of new temporary credentials
      consumes:
        - application/json
      produces:
        - application/json
      parameters:
        - name: LoginUser
          in: body
          description: New user details.
          schema:
            $ref: '#/definitions/User'
      tags:
        - Auth
      x-amazon-apigateway-integration:
        type: aws
        uri: arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:XXXXXXXXXXXX:function:YOUR_FUNCTION_NAME/invocations
        credentials: arn:aws:iam::XXXXXXXXXXXX:role/YOUR_LAMBDA_INVOCATION_ROLE
        httpMethod: POST
        requestTemplates:
          application/json: |
            {
              "action" : "com.amazonaws.apigatewaydemo.action.LoginDemoAction",
              "body" : $input.json('$')
            }
        responses:
          "default":
            statusCode: "200"
            responseParameters:
              method.response.header.Access-Control-Allow-Origin : "'*'"
          "BAD.*":
            statusCode: "400"
            responseParameters:
              method.response.header.Access-Control-Allow-Origin : "'*'"
          "INT.*":
            statusCode: "500"
            responseParameters:
              method.response.header.Access-Control-Allow-Origin : "'*'"
      responses:
        200:
          description: A new set of temporary credentials
          headers:
            Access-Control-Allow-Origin:
              type: "string"
          schema:
            $ref: '#/definitions/LoginUserResponse'
        400:
          description: Bad request
          headers:
            Access-Control-Allow-Origin:
              type: "string"
          schema:
            $ref: '#/definitions/Error'
        500:
          description: Internal error
          headers:
            Access-Control-Allow-Origin:
              type: "string"
          schema:
            $ref: '#/definitions/Error'
    options:
      summary: CORS support
      description: |
        Enable CORS by returning correct headers
      consumes:
        - application/json
      produces:
        - application/json
      tags:
        - CORS
      x-amazon-apigateway-integration:
        type: mock
        requestTemplates:
          application/json: |
            {
              "statusCode" : 200
            }
        responses:
          "default":
            statusCode: "200"
            responseParameters:
              method.response.header.Access-Control-Allow-Headers : "'Content-Type,X-Amz-Date,Authorization,X-Api-Key'"
              method.response.header.Access-Control-Allow-Methods : "'*'"
              method.response.header.Access-Control-Allow-Origin : "'*'"
            responseTemplates:
              application/json: |
                {}
      responses:
        200:
          description: Default response for CORS method
          headers:
            Access-Control-Allow-Headers:
              type: "string"
            Access-Control-Allow-Methods:
              type: "string"
            Access-Control-Allow-Origin:
              type: "string"
  /pets:
    post:
      summary: Creates a new pet
      description: |
        Creates a new pet object in the datastore
      x-amazon-apigateway-auth:
        type: aws_iam
      consumes:
        - application/json
      produces:
        - application/json
      parameters:
        - name: NewPet
          in: body
          description: New pet details.
          schema:
            $ref: '#/definitions/NewPet'
      tags:
        - Pet Store
      x-amazon-apigateway-integration:
        type: aws
        uri: arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:XXXXXXXXXXXX:function:YOUR_FUNCTION_NAME/invocations
        credentials: arn:aws:iam::*:user/*
        httpMethod: POST
        requestTemplates:
          application/json: |
            {
              "action" : "com.amazonaws.apigatewaydemo.action.CreatePetDemoAction",
              "body" : $input.json('$')
            }
        responses:
          "default":
            statusCode: "200"
            responseParameters:
              method.response.header.Access-Control-Allow-Origin : "'*'"
          "BAD.*":
            statusCode: "400"
            responseParameters:
              method.response.header.Access-Control-Allow-Origin : "'*'"
          "INT.*":
            statusCode: "500"
            responseParameters:
              method.response.header.Access-Control-Allow-Origin : "'*'"
      responses:
        200:
          description: The unique identifier of the new pet
          headers:
            Access-Control-Allow-Origin:
              type: "string"
          schema:
            $ref: '#/definitions/NewPetResponse'
        400:
          description: Bad request
          headers:
            Access-Control-Allow-Origin:
              type: "string"
          schema:
            $ref: '#/definitions/Error'
        500:
          description: Internal error
          headers:
            Access-Control-Allow-Origin:
              type: "string"
          schema:
            $ref: '#/definitions/Error'
    get:
      summary: List pets
      description: Retrieve a list of pets in the store
      x-amazon-apigateway-auth:
        type: aws_iam
      consumes:
        - application/json
      produces:
        - application/json
      tags:
        - Pet Store
      x-amazon-apigateway-integration:
        type: aws
        uri: arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:XXXXXXXXXXXX:function:YOUR_FUNCTION_NAME/invocations
        credentials: arn:aws:iam::*:user/*
        httpMethod: POST
        requestTemplates:
          application/json: |
            {
              "action" : "com.amazonaws.apigatewaydemo.action.ListPetsDemoAction",
              "body" : $input.json('$')
            }
        responses:
          "default":
            statusCode: "200"
            responseParameters:
              method.response.header.Access-Control-Allow-Origin : "'*'"
          "BAD.*":
            statusCode: "400"
            responseParameters:
              method.response.header.Access-Control-Allow-Origin : "'*'"
          "INT.*":
            statusCode: "500"
            responseParameters:
              method.response.header.Access-Control-Allow-Origin : "'*'"
      responses:
        200:
          description: A list of pets
          headers:
            Access-Control-Allow-Origin:
              type: "string"
          schema:
            $ref: '#/definitions/Pets'
        400:
          description: Bad request
          headers:
            Access-Control-Allow-Origin:
              type: "string"
          schema:
            $ref: '#/definitions/Error'
        500:
          description: Internal error
          headers:
            Access-Control-Allow-Origin:
              type: "string"
          schema:
            $ref: '#/definitions/Error'
    options:
      summary: CORS support
      description: |
        Enable CORS by returning correct headers
      consumes:
        - application/json
      produces:
        - application/json
      tags:
        - CORS
      x-amazon-apigateway-integration:
        type: mock
        requestTemplates:
          application/json: |
            {
              "statusCode" : 200
            }
        responses:
          "default":
            statusCode: "200"
            responseParameters:
              method.response.header.Access-Control-Allow-Headers : "'Content-Type,X-Amz-Date,Authorization,X-Api-Key'"
              method.response.header.Access-Control-Allow-Methods : "'*'"
              method.response.header.Access-Control-Allow-Origin : "'*'"
            responseTemplates:
              application/json: |
                {}
      responses:
        200:
          description: Default response for CORS method
          headers:
            Access-Control-Allow-Headers:
              type: "string"
            Access-Control-Allow-Methods:
              type: "string"
            Access-Control-Allow-Origin:
              type: "string"
  /pets/{petId}:
    get:
      summary: Get pet by id
      description: Returns a pet definition based on the given id
      x-amazon-apigateway-auth:
        type: aws_iam
      consumes:
        - application/json
      produces:
        - application/json
      tags:
        - Pet Store
      parameters:
        - name: petId
          in: path
          description: The unique identifier for a pet
          type: string
      x-amazon-apigateway-integration:
        type: aws
        uri: arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:XXXXXXXXXXXX:function:YOUR_FUNCTION_NAME/invocations
        credentials: arn:aws:iam::*:user/*
        httpMethod: POST
        requestTemplates:
          application/json: |
            {
              "action" : "com.amazonaws.apigatewaydemo.action.GetPetDemoAction",
              "body" : {
                "petId" : "$input.params('petId')"
              }
            }
        responses:
          "default":
            statusCode: "200"
            responseParameters:
              method.response.header.Access-Control-Allow-Origin : "'*'"
          "BAD.*":
            statusCode: "400"
            responseParameters:
              method.response.header.Access-Control-Allow-Origin : "'*'"
          "INT.*":
            statusCode: "500"
            responseParameters:
              method.response.header.Access-Control-Allow-Origin : "'*'"
      responses:
        200:
          description: A pet
          headers:
            Access-Control-Allow-Origin:
              type: "string"
          schema:
            $ref: '#/definitions/Pet'
        400:
          description: Bad request
          headers:
            Access-Control-Allow-Origin:
              type: "string"
          schema:
            $ref: '#/definitions/Error'
        500:
          description: Internal error
          headers:
            Access-Control-Allow-Origin:
              type: "string"
          schema:
            $ref: '#/definitions/Error'
    options:
      summary: CORS support
      description: |
        Enable CORS by returning correct headers
      consumes:
        - application/json
      produces:
        - application/json
      tags:
        - CORS
      x-amazon-apigateway-integration:
        type: mock
        requestTemplates:
          application/json: |
            {
              "statusCode" : 200
            }
        responses:
          "default":
            statusCode: "200"
            responseParameters:
              method.response.header.Access-Control-Allow-Headers : "'Content-Type,X-Amz-Date,Authorization,X-Api-Key'"
              method.response.header.Access-Control-Allow-Methods : "'*'"
              method.response.header.Access-Control-Allow-Origin : "'*'"
            responseTemplates:
              application/json: |
                {}
      responses:
        200:
          description: Default response for CORS method
          headers:
            Access-Control-Allow-Headers:
              type: "string"
            Access-Control-Allow-Methods:
              type: "string"
            Access-Control-Allow-Origin:
              type: "string"
definitions:
  User:
    properties:
      username:
        type: string
        description: A unique username for the user
      password:
        type: string
        description: A password for the new user
  RegisterUserResponse:
    properties:
      username:
        type: string
        description: The username of the new user
      identityId:
        type: string
        description: The unique identifier for the new user
      token:
        type: string
        description: An OpenID token for the new user
      credentials:
        type: object
        properties:
          accessKey:
            type: string
            description: Temporary access key to sign requests
          secretKey:
            type: string
            description: Temporary secret access key to sign requests
          sessionToken:
            type: string
            description: Tempoarary session token
          expiration:
            type: integer
            description: |
              Expiration date of the temporary credentials in millis since 1/1/1970
  LoginUserResponse:
    properties:
      identityId:
        type: string
        description: The unique identifier for the new user
      token:
        type: string
        description: An OpenID token for the new user
      credentials:
        type: object
        properties:
          accessKey:
            type: string
            description: Temporary access key to sign requests
          secretKey:
            type: string
            description: Temporary secret access key to sign requests
          sessionToken:
            type: string
            description: Tempoarary session token
          expiration:
            type: integer
            description: |
              Expiration date of the temporary credentials in millis since 1/1/1970
  NewPet:
    properties:
      petType:
        type: string
        description: Free text pet type
      petName:
        type: string
        description: Free text pet name
      petAge:
        type: integer
        description: Age of the new pet
  NewPetResponse:
    properties:
      petId:
        type: string
        description: The generated unique identifier for the new pet
  Pet:
    properties:
      petId:
        type: string
        description: The generated unique identifier for the new pet
      petType:
        type: string
        description: Free text pet type
      petName:
        type: string
        description: Free text pet name
      petAge:
        type: integer
        description: Age of the new pet
  Pets:
    type: array
    items:
      $ref: Pet
  Error:
    properties:
      code:
        type: integer
        format: int32
      message:
        type: string
      fields:
        type: string

內容很長,不要害怕,分解開來就簡單了。把復雜的事情分解一下就變簡單了。

設置觸發(fā)的lambda 函數(shù)

      x-amazon-apigateway-integration:
        type: "aws_proxy"
        httpMethod: "POST"
        uri:  "arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:<accountId>:function:<function-name>/invocations"
        credentials: "arn:aws:iam::<accountId>:role/<role-name>"
  • x-amazon-apigateway-integration 代表集成apigateway
  • type 代表使用了lambda代理
  • httpMethod 必須是POST
  • uri就是lambda的路徑
  • credentials: 這個是證書的意思,比較復雜。不寫也可以集成,但是你會發(fā)現(xiàn)無法讓API gateway 觸發(fā)lamnda,會報permission之類的錯誤

設置 credentials

  • 首先要創(chuàng)建一個角色
  • 要給這個角色賦予AWSLambdaFullAccess的policy權限
  • 要讓這個角色相信api gateway(role>>Trust relationships>>edit>>save)
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "lambda.amazonaws.com",
          "apigateway.amazonaws.com"
        ]
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
  • 要讓設置在swagger中的用戶擁有passRole的權限
    • 創(chuàng)建一個policy
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PolicyStatementToAllowUserToPassOneSpecificRole",
            "Effect": "Allow",
            "Action": "iam:PassRole",
            "Resource": "arn:aws:iam::<accountId>:role/swagger-role"
        }
    ]
}
  • 把這個policy添加給用戶。這樣設置給swagger的aws用戶就擁有PassRole的權限了,這樣寫到credentials的role-那么就能發(fā)揮作用了。

設置api gateway的 authorise 驗證,

  • 放到和paths在同一級別下
securityDefinitions:
  cognito_auth:
    type: "apiKey"
    name: "accessToken"
    in: "header"
    x-amazon-apigateway-authtype: "cognito_user_pools"
    x-amazon-apigateway-authorizer:
      type: "cognito_user_pools"
      providerARNs: ["arn:aws:cognito-idp:us-west-2:<accountId>:userpool/<userpoolId>"]
  request_lambda_auth:
    type: "apiKey"
    name: "Unused"
    in: "header"
    x-amazon-apigateway-authtype: "custom"
    x-amazon-apigateway-authorizer:
      type: "request"
      identitySource : "method.request.header.access_key, method.request.header.access_type"
      authorizerUri: "arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:<accountId>:function:<lambda name>/invocations"
      authorizerResultTtlInSeconds : 300
  • 這樣 寫好后,你就可以將cognito_auth 或者request_lambda_auth 放置到每個API的security下了

設置 api gateway的錯誤返回模版

x-amazon-apigateway-gateway-responses: 
  BAD_REQUEST_PARAMETERS:
    statusCode: 400
    responseTemplates:
      application/json: "{\"error\":{\"code\":400,\"name\":\"ParameterIncorrectException\",\"message\": $context.error.messageString} }"
最后編輯于
?著作權歸作者所有,轉載或內容合作請聯(lián)系作者
【社區(qū)內容提示】社區(qū)部分內容疑似由AI輔助生成,瀏覽時請結合常識與多方信息審慎甄別。
平臺聲明:文章內容(如有圖片或視頻亦包括在內)由作者上傳并發(fā)布,文章內容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務。

相關閱讀更多精彩內容

友情鏈接更多精彩內容