I am trying to define an authorizer and use it in a method using Open API Specification. For some reason the authorizer does not appear in the API Gateway Console after I deploy the template. Here's my template shortened:
Type: AWS::Serverless::Api
Properties:
Name: !Sub "API Gateway"
EndpointConfiguration:
Type: REGIONAL
DefinitionBody:
openapi: 3.0.3
info:
title: 'APIs'
version: 1.0.0
paths:
/callHistoryAsync:
post:
parameters:
- name: 'xxxxx'
in: 'query'
required: true
schema:
type: 'string'
x-amazon-apigateway-integration:
type: aws
requestParameters:
integration.request.header.X-Amz-Invocation-Type: '''Event'''
integration.request.querystring.store_id: "method.request.querystring.xxxxx"
httpMethod: POST
uri: !Sub 'arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${Function.Arn}/invocations'
responses:
'202':
statusCode: '202'
selectionPattern: ""
responses:
'202':
description: successfully saved
security:
- Authorizer: []
components:
securitySchemes:
Authorizer:
type: 'request'
name: 'Authorization'
in: 'header'
x-amazon-apigateway-authorizer:
authorizerUri: !FindInMap [ !Ref StageName, !Ref "AWS::Region", AuthArn ]
identitySource: 'method.request.header.X-Authorization,method.request.header.X-Date'
type: 'request'
I defined the authorizer in components under securitySchemes and I am using it in the POST method specified under security.
But the authorizer does not appear in the console and neither does it appear under the method. What am I doing wrong?
I figured this out using the export property of the stage tab in API Gateway. I used an existing API Gateway that was defined using CloudFormation and exported it using Export as Swagger + API Gateway Extensions. This basically shows you all the syntax you want.
Here's the screenshot where is this option in the console.
From that export I could see that I need to change my securitySchemes to this:
components:
securitySchemes:
Authorizer:
type: "apiKey"
name: "Unused"
in: "header"
x-amazon-apigateway-authtype: "custom"
x-amazon-apigateway-authorizer:
authorizerUri: "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:xxxxxx:function:xxxxxxx/invocations"
authorizerResultTtlInSeconds: 300
identitySource: "method.request.header.Authorization, method.request.header.Date"
type: "request"
I have created a Rest API that works as a proxy to a public URL. I have set the cache and noticed I have to configure the cacheKeyParameters for AWS to create the keys for caching.
I do not know beforehand what would be the query strings that the request may have. It could have myapi?type=1 myapi?search=terrain or anything. I'm looking for a wildcard to be used here. How could I configure my proxy?
Here is my API definition:
openapi: 3.0.1
info:
description: API as a proxy to public url
version: 1.0.0
paths:
"/{proxy+}":
x-amazon-apigateway-any-method:
parameters:
- name: proxy
in: path
required: true
schema:
type: string
responses: {}
x-amazon-apigateway-integration:
cacheKeyParameters:
- method.request.path.proxy
- method.request.querystring.query # Here I need a wildcard for every query string
responses:
default:
statusCode: '200'
requestParameters:
integration.request.path.proxy: method.request.path.proxy
uri:
Fn::FindInMap : [EnvMap, Ref: Env, proxyUrl]
passthroughBehavior: when_no_match
httpMethod: ANY
type: http_proxy
I defined a SAM app with few Lambdas behind an API Gateway"
MyApi:
Type: AWS::Serverless::Api
Properties:
StageName: !Ref EnvType
Auth:
DefaultAuthorizer: LambdaTokenAuthorizer
Authorizers:
LambdaTokenAuthorizer:
FunctionArn: !GetAtt AuthorizerLambda.Arn
MyFunction:
Type: 'AWS::Serverless::Function'
...
Events:
MyEvent:
Type: Api
Properties:
RestApiId: !Ref MyApi
Path: "/MyResource/{proxy+}"
Method: post
Obviously, API Gateway does not know much about the proxied resource such as:
proxied path(s)
request model
response model
Documentation generated from API Gateway stage reflects this:
swagger: "2.0"
info:
version: "1.0"
title: "xxx-dev"
host: "xxx.execute-api.us-west-2.amazonaws.com"
basePath: "/dev"
schemes:
- "https"
paths:
/MyResource/{proxy+}:
post:
responses: {}
security:
- LambdaTokenAuthorizer: []
securityDefinitions:
LambdaTokenAuthorizer:
type: "apiKey"
name: "Authorization"
in: "header"
x-amazon-apigateway-authtype: "custom"
Is there a way to feed API Gateway with missing bits (proxied paths, response models, request models)?
Ultimately i need a document that is good enough to generate the client code / allow some integration testing.
Similar question here -> Aws lambda proxy Swagger template integration
I have a working lambda listening to HTTP API gateway with path /medication/{proxy+}. This workflow is working fine and is responding with expected result when {baseurl}/{basepath}/medication/{proxy+} is invoked. But in order to version the APIs, I decided to add a root path to this => /v1/medication/{proxy+}.
But on invoking {baseurl}/{basepath}/v1/medication/{proxy+} I am getting internal server error, with the same code(lambda) which was used before.
I have deployed both lambda and API gateway using sam/cloudformation template.
Below is the stripped-down template and swagger definitions:
swagger.yml
v1/medication/{proxy+}:
x-amazon-apigateway-any-method:
tags:
- "health"
summary: "Get medication details."
description: "Endpoint for fetching medication details"
operationId: "get allergy"
x-amazon-apigateway-integration:
uri: 'arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:{AWS:Region}:function:ucm-dfd-dev-DFDNotification/invocations'
responses:
default:
statusCode: "200"
passthroughBehavior: "when_no_match"
httpMethod: "POST"
type: "aws_proxy"
security:
- dfd_authorizer: []
template.yml
DFDAllergy:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub '${AWS::StackName}-DFDAllergy'
Handler: controllers/allergy.handler
Runtime: nodejs12.x
CodeUri: src
Layers:
- !Ref DFDPackageLayer
Role: 'arn:aws:iam::{AWS:Region}:role/Lambda_Access_Role-Dev'
Events:
samapinew:
Type: Api
Properties:
RestApiId: !Ref DFDApi
Path: /v1/medication/{proxy+}
Method: ANY
Here the path in template.yml and endpoint in swagger.yml are only changes made to incorporate v1 as root path.
Cant seem to find out what I'm missing. Any help is appreciated. thanks in advance.
While hitting an API from Postman I am getting this error.
API details:
URL:
https://account-perf.myglobal.com/v1/users/00uk0khprrME7gZOU0h7/credentials/change_password
Header:
Content-Type:application/json Authorization:Bearer
n7mbkw74jsubd7rauhptdnre
Type:
POST
Body:
{"password":"Baddy125#","token":"eyJhbGci...."}
Edit 1:
Web-service call to generate token-
URL-
https://api-perf.myglobal.com/rest/oauth2/v1/token
Type-
POST
Body-
client_id:abcd client_secret:xyz grant_type:client_credentials
I had this whenever any unhandled endpoint method or resource was called. My setup is an API Gateway with defined resources (e.g. /myendpoint) and defined methods for those endpoints (e.g. GET).
To fix it, I created a Node.js Lambda function that just returned a 404. Then I added any ANY method at the root of the endpoints / and pointed it as a Lambda proxy function to the ANY methods.
Then I added a proxy resource, e.g. /{proxy} -- there's a checkbox you can click when creating a resource to tell it to proxy. An ANY method on that resource pointing to the same Lambda function, deploy the API, and I'm done.
Now instead of the auth bearer token error, I get a proper HTTP 404 error.
#Matt H - That's pretty good idea this gave me an inspiration of another one.
Assuming all of the other paths within the API are explicitly specified, I created a default path /{proxy+} which would return a http 404, message resource not found. Instead of using lambda, I was able to create a mock response, so there isn't even any cost incurred for getting Lambda to return the response.
I created my APIs via Open API spec. This is how my YAML for the implementation would like
/{proxy+}:
x-amazon-apigateway-any-method:
responses:
404:
description: "404 response"
content: {}
x-amazon-apigateway-integration:
responses:
404:
statusCode: "404"
responseTemplates:
application/json: "{\"message\":\"resource not available\"}"
requestTemplates:
application/json: "{\"statusCode\": 404}"
passthroughBehavior: "when_no_templates"
type: "mock"
Serverless also has the ability to specify inline mock response. Below can be a sample:
functions:
default:
handler: handler.default
events:
- http:
path: hello
cors: true
method: get
integration: mock
request:
template:
application/json: '{"statusCode": 404}'
response:
template: $input.path('$')
statusCodes:
404:
pattern: '' #default method
template:
application/json: '{"statusCode": 404, "message":"resource not found"}'
serverless doc: https://www.serverless.com/framework/docs/providers/aws/events/apigateway/#custom-response-templates
Analyze and validate the request path, in case the request is incorrect this error is thrown at API Gateway. I stepped on the same error, when corrected the request parameters it worked well.
Let me know.
I managed to do it by proxying the ANY /{proxy+} route to a lambda which will always respond with an HTTP 404
Since all other routes are precisely configured, this ANY /{proxy+} route acts as the default one and will catch any unmatched request
Here is how I did it with CloudFormation :
Parameters:
RestAPI:
Type: String
RestApiRootResourceId:
Type: String
LambdaName:
Type: String
Path:
Type: String
RootResource:
Type: AWS::ApiGateway::Resource
Properties:
RestApiId: !Ref RestAPI
ParentId: !Ref RestApiRootResourceId
PathPart: !Ref Path
ProxyResource:
Type: 'AWS::ApiGateway::Resource'
Properties:
RestApiId: !Ref RestAPI
ParentId: !Ref RestApiRootResourceId
PathPart: "{proxy+}"
AnyMethod:
Type: 'AWS::ApiGateway::Method'
Properties:
RestApiId: !Ref RestAPI
ResourceId: !Ref ProxyResource
HttpMethod: ANY
Integration:
IntegrationHttpMethod: POST
Type: AWS_PROXY
PassthroughBehavior: WHEN_NO_MATCH
Uri:
Fn::Join:
- ":"
- - !Sub "arn:aws:apigateway:${AWS::Region}:lambda"
- !Sub "path/2015-03-31/functions/arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function"
- !Sub "${LambdaName}/invocations"
ApiGatewayInvokeLambdaPermissionAny:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName:
Fn::Join:
- ":"
- - !Sub "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function"
- !Ref LambdaName
Principal: apigateway.amazonaws.com
SourceArn:
Fn::Join:
- ":"
- - !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}"
- !Sub "${RestAPI}/*/ANY/*"
Paramters :
RestAPI is your API ID
RestApiRootResourceId is the ID of the root resource (!GetAtt "RestApi.RootResourceId")
LambdaName is the name of your proxy lambda
Path is something I have bewteen the stage and the root (for mty specific usage)