I'm looking after solution where AWS Api Gateway changes method endpoint Url dynamically.
I am familiar with stage variables and in Integration request I can change endpoint per method like (https://${stageVariables.Url}/api/DoSomething).
What I need is that information how parse endpoint is included in requests.
https://${RequestData.Url}/api/DoSomething
I have same Api in different locations and to implement centralized Api keys and logging services I try to forward all traffic through this one Api Gateway.
After first request client gets its endpoint information, but I don't know how to solve that clients next requests to Gateway should forward to that endpoint which client get earlier.
I got an answer from AWS support. They told that I have to make a lambda function to process all requests or just use Stage variables.
Related
I am currently attempting to fetch monitor metrics from https://app.datadoghq.com, which will use a webhook to send data to the api gateway url I have created. The http api gateway will then trigger a lambda function, and store the received data in an S3.
I am now considering the security aspect of it. In particular, I want to restrict access to this api gateway, so that only https://app.datadoghq.com can access it, and so that api gateway can only accept headers from datadog. My question is, how can I go about doing this? I have looked into the CORS for http api gateways, but nothing seems to be working. Do I need to configure something else, like resource policies?
Thanks for your help.
I created my Lambda Functions and their routes in the API Gateway within the AWS Console. The functions all work within the Testing Tab in Lambda on the console. My React app is very standard and will be pushed to AWS Amplify.
I cannot find any resources on how to correctly invoke the deployed link of my API Gateway from my frontend. Before when working with a local backend, I was able to invoke my backend from my frontend easily with Axios. I tried using axios in my ReactJS frontend with the URL for my API Gateway, but this led to several errors as well such as (No Authentication Token) and (No Access-control-allow-origin header). I've spent hours looking and trying different things to resolve those but every time I always come back to where I started.
Looking for some direction, thank you in advance.
No Authentication Token will come if on you are not passing required auth token.
Access-control-allow-origin will be there if you have not enabled CORS on api gateway resource and also you need to pass cors headers in response from your lambda if you are using LAMBDA_PROXY integration. For more details refer this.
I'm not able to find any documentation about intercepting all HTTP requests passing through AWS API Gateway.
I'm trying to propose a Logging service for the backend APIs deployed on AWS API Gateway. The idea is all the HTTP requests will go through the API Gateway. If I'm able to intercept the request going through API Gateway, I can hook the logging service code.
The reason for this approach is, the logging code will be independent of the actual service code and service code won't have to be updated to include logging of request / response.
Any solutions for this?
You can put CloudFront in front of your API Gateway and then use Lambda#Edge Viewer Request to intercept all requests; we do this for logging for certain functions and it works flawlessly.
This is a good tutorial on how to setup API Gateway with CloudFront
https://aws.amazon.com/premiumsupport/knowledge-center/api-gateway-cloudfront-distribution/
It seems Claudia-bot-builder's intercept method will help you to intercept the API gateway requests. You can trigger an event for requests hitting to the API gateway.
`api.intercept(function (event) { ... });`
I am trying to use AWS API Gateway to proxy requests to some REST endpoints I have running in docker containers. I set up my API Gateway method for integration type HTTP and checked 'Use HTTP Proxy integration', But this is not simply proxying my requests, it strippes out the path parameters, query string parameters and body, and makes me map them to something.
Am I missing something, I don't want API gateway transforming my request I just want it to proxy it back to my internal REST endpoints.
FYI I am using a swagger doc to generate the API Gateway structure (their UI is quite annoying)
I read about {proxy+} endpoints which sound like what I want, but how do I define swagger docs about a certain endpoint action, or have granular apikey and authorizors on my endpoints?
You can set authorization only for resources and methods
. For example, we have the following API structure:
/
/test
GET (1)
PUT
/test/new (2)
ANY
/example/{proxy+}
GET (3)
1) For method
site.com/test endpoint
in GET method if you try to use the same key in PUT method you cath error.
2) For resource
site.com/test/new endpoint
in all methods in /test/new, but if you try to GET on /test/new/new2 you cath the error.
3) For resource(with proxy)
site.com/example/{proxy+} endpoint
You can auth to any example/* path.
I'd like to add a default throttled API key for unauthenticated requests to prevent abuse.
How would I do this in API Gateway?
EDIT
To make it clearer what I need, how do I transform a request in API Gateway? Is this possible?
I would say using Cognito is the best way of authorizing API gateway.
If you want a default API key then you can go for custom API gateway authorizer. Please have a look on official documentation for the same here
You need to store the API Key in the Server Side of your application and shouldn't expose it to the Client Side (Although API Key is not considered as a security token, it can be used by malicious party to call your API).
There are couple of options you have based on the nature of your application consuming the API.
If it is a single page web application where front-end is hosted in S3, you can use AWS CloudFront to store the API Key in headers and forward it to the API Gateway, while also serving the frontend through the same CloudFront distribution. This will also remove the cross origin resource sharing problem between your web application and API Gateway.
If you have a web server, you can store the API Key at Web Server and use to proxy request to the API Gateway while setting the API Key header value.
Note: Don't use API Key for authentication which is not recommended.
This is how I would solve it.
Create Usage Plan with the throttle, burst and max limit on the request allowed.
http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/APIGateway.html#createUsagePlan-property
API Key:
Create API Key (createApiKey) and associate it (createUsagePlanKey) with Usage Plan already defined. That will allow the limit defined for the requests received.
http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/APIGateway.html#createApiKey-property
http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/APIGateway.html#createUsagePlanKey-property
Have a separate lambda to monitor the Generated API-Keys and cleanup once it is expired, so you will not flood API-Gateway with unused keys.
If you take it to CloudFront, you can create Self Signed URL, that will be valid for a given period of time. After that time limit URL will be invalid. This is to keep yourself time-limited for the user, so within the given timelimit, what resource they can access.
One more usecase, we worked on, you can authenticate the user only on certain urls with custom Authorizer. Any other urls that get invokes, will return unauthorized without any additional code.
Hope it helps.