I want to add cache-control response header for the apis. I am trying to do it in api gateway terraform module. Is it possible that way ?
If not, is there any other way to set the headers. I cant do it directly on the aws console.
Thanks in advance.
Related
I writing a serverless website using Amazon Web Services S3, Lambda, and the HTTP API Gateway, not the REST API Gateway. I am trying to set a cookie with one of my lambda functions and it works when I hit the lambda function directly using the lambda function url, but when I hit the url using the HTTP API Gateway, the Set-Cookie header is stripped off. The body, and all other custom headers are present, but the set-cookie header is just gone.
I've tried with and without the domain=***.com in the header and that doesn't make a difference.
I've tried messing with CORS and enabling Access-Control-Allow-Credentials. I've set Access-Control-Allow-Origin to the correct domain name. I've tried both set-cookie and * for Access-Control-Allow-Headers and Access-Control-Expose-Headers. Although I don't think CORS really matters because I'm using Postman and my understanding is it doesn't require CORS.
Does the HTTP API Gateway just not support setting cookies? It would be great if that was documented somewhere.
I forgot that I was using CloudFront. By default CloudFront does not forward cookies to or from the origin, so I had to set the CloudFront caching policy to allow that. More information here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html
I have created an API using AWS api gateway which contains a mock endpoint /test.
In my response, I get the headers x-amzn-RequestId and x-amz-apigw-id. In case of an error, e.g. using a non existing endpoint /test2, I also get the x-amazn-ErrorType header.
I don't want these aws headers to be in my api response. How can these be removed?
Add CloudFront in front of your API Gateway. Then add a Lambda#Edge function for either origin response or viewer response to remove these attributes from the array.
I created an API Gateway Proxy Integration so I can access a HTTP API on an HTTPS site. This HTTP API return a .xml file that is being returned by the API Gateway. But this file is getting corrupted by the Gateway, don't know exactly why. I saw some similar situations and find out that I should add this on my HTTP Header (Integration Request):
Name Mapped from
Accept method.request.header.Accept
With that, when I send Accept:"application/vnd.ms-excel on my request, the file is returned OK.
Although, my problem is that I can't change the request. Is there a way that I can add this header on API Gateway without using lambda integration?
Thanks in advance.
Hello guys I have written an AWS lambda function which should be open to all. I have configured my cloud front also which will be accessible to users. How can I make the API gateway to take requests only from the Cloud front or whitelist the cloud front domain. Something like Allowed_hosts.
I should not be able to respond to any calls from the postman or any such tools. API gateway should only respond to calls from cloudfront.
How can I do this ?? I dont want to have the authentication system setup like Congnito or IAM.
Is there any better method to do this ??
I have looked at CORS and Access Control Allow Origin. But these are browser based.
I need a method which will accept calls only from cloud front or my s3 bucket. Not from localhost or postman etc.
Thanks In advance.
Step 1:
Setup API Keys with API Gateway.
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-setup-api-key-with-restapi.html
Step 2:
Add API Keys to CloudFront Origin with a custom header.
If anyone calls the API Gateway without a valid key, it will get refused.
To setup authentication on CloudFront you can sign the urls.
Hope it helps.
I do not think that there is a way to restrict calls to your API GW endpoints... However, you can use the so-called API Keys. When you make a request to the specific API GW endpoint, you need to provide a header x-api-key and the corresponding API Key as a value. As long as you provide the header with correct value, you will be able to access the functionality behind your endpoint. If you do not provide a correct API Key, you will simply get 403 Forbidden.
Please take a look here and if you have any questions, read through the documentation. It's quite clear.
If there is anything unclear in my answer, I am open to help!
Cheers.
Is it possible to enable/disable caching a request through the AWS API Gateway in the response of the request?
According to this document: http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html It appears that the most granular one can get in defining cache settings is enabling/disabling caching for a specific API function. What I am wanting to do is allow the response for the API request to dictate whether or not it is to be cached. (i.e. I want my end API program to be able to determine if a response for a given request should be cached).
Is this possible, and if so how can it be accomplished?
Configure your own CloudFront distribution, with the API Gateway endpoint as the origin server. CloudFront web distributions respect Cache-Control headers from the origin server. If you customize that response, this should accomplish your objective.
API Gateway, as you may already know, runs behind some of the CloudFront infrastructure already, so this might seem redundant, but this appears to be the only way to take control of the caching behavior.