我正在尝试编写一个可以创建lambda函数的cloudformation脚本,并将其连接到API网关代理资源 . 堆栈创建工作,但权限或集成配置有问题,当我测试 endpoints 时,我不断得到
星期一2月12日06:45:28 UTC 2018:转换前的 endpoints 响应体:无法确定要授权的服务/操作名称Mon Feb 12 06:45:28 UTC 2018: endpoints 响应头:{Connection = keep-alive, x-amzn-RequestId = 4fdf1e92-0fc0-11e8-b3f1-0134476f962c,Content-Length = 130,Date = Mon,12 Feb 2018 06:45:28 GMT} Mon Feb 12 06:45:28 UTC 2018:执行失败到期配置错误:格式错误的Lambda代理响应Mon Feb 12 06:45:28 UTC 2018:方法已完成,状态为:502
这是我的cloudformation脚本:
AWSTemplateFormatVersion: 2010-09-09
Description: An API that proxies requests to another HTTP endpoint
Resources:
MyFunction:
Type: 'AWS::Lambda::Function'
Properties:
Handler: samplefunction.lambda_handler
Runtime: python2.7
Code:
S3Bucket: "ilya-lambdas"
S3Key: "lambda-code.zip"
Role: 'arn:aws:iam::acc-id:role/service-role/basic_lambda_role'
Api:
Type: 'AWS::ApiGateway::RestApi'
Properties:
Name: foo3
Resource:
Type: 'AWS::ApiGateway::Resource'
Properties:
ParentId: !GetAtt Api.RootResourceId
RestApiId: !Ref Api
PathPart: 'test'
RootMethod:
Type: 'AWS::ApiGateway::Method'
Properties:
AuthorizationType: NONE
HttpMethod: ANY
ResourceId: !GetAtt Api.RootResourceId
RestApiId: !Ref Api
Integration:
IntegrationHttpMethod: ANY
IntegrationResponses:
- StatusCode: 200
SelectionPattern: .*
Type: AWS_PROXY
PassthroughBehavior: WHEN_NO_MATCH
Uri: !Join ["", ["arn:aws:apigateway:", "us-east-1", ":lambda:path/2015-03-31/functions/", !GetAtt MyFunction.Arn, "/invocations"] ]
Credentials: 'arn:aws:iam::acc-id:role/service-role/basic_lambda_role'
ProxyMethod:
Type: 'AWS::ApiGateway::Method'
Properties:
HttpMethod: ANY
ResourceId: !Ref Resource
RestApiId: !Ref Api
AuthorizationType: NONE
Integration:
IntegrationHttpMethod: ANY
IntegrationResponses:
- StatusCode: 200
SelectionPattern: .*
Type: AWS_PROXY
Uri: !Join ["", ["arn:aws:apigateway:", "us-east-1", ":lambda:path/2015-03-31/functions/", !GetAtt MyFunction.Arn, "/invocations"] ]
PassthroughBehavior: WHEN_NO_MATCH
Credentials: 'arn:aws:iam::acc-id:role/service-role/basic_lambda_role'
FunctionPermissions:
Type: "AWS::Lambda::Permission"
Properties:
Action: "lambda:InvokeFunction"
FunctionName: !GetAtt MyFunction.Arn
Principal: "apigateway.amazonaws.com"
SourceArn: !Join [ "", ["arn:aws:execute-api:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":", !Ref Api, "/*/*/*" ] ]
Deployment:
DependsOn:
- MyFunction
- RootMethod
- ProxyMethod
Type: 'AWS::ApiGateway::Deployment'
Properties:
RestApiId: !Ref Api
StageName: prod
我已经坚持了一段时间了,任何指针都会非常感激 .
2 回答
首先,我注意到你的
IntegrationHttpMethod
是ANY
. 对于Lambdas,除非您使用{proxy+}
配置,否则请尝试使用POST
. 我'm pretty sure the CloudFormation docs are still out of date for this, but you'将在this answer中找到一些有用的信息 .我注意到的第二件事是格式错误的代理响应,在您的情况下可能只是一个配置错误 . 只是为了排除这一点,在AWS支持中心处理格式错误的代理响应是answered . 基本上,您的lambda响应应采用以下格式,包括不添加任何额外的键 .
您可以使用支持文档上的示例函数代替常规函数,以便您可以隔离问题 .
经过一些反复试验,结合Miles的建议,我已经到达了正在运行的CloudFormation脚本:
我昨天(不工作)和这个(工作)之间的差异总结:
从
Integration
部分删除了Credentials
对象 .将
IntegrationHttpMethod
从ANY更改为POST(感谢Miles指出这一点)在
FunctionPermissions
下更改SourceArn
以/*
而不是/*/*/*
结束虽然在这种情况下我的lambda函数的响应不是问题,但重要的是它的格式正确 . 所以这是我的功能,希望在一个地方拥有它将对人们有所帮助 .