在使用AWS进行开发的时候,APIGateway的使用频率非常高。在开发API的时候,必须要考虑其安全性。下面就介绍一下如何在serverless framework中使用AWS Lambda Authorizer为APIGateway增加安全性。
serverless教程
创建带保护的Lambda
首先创建一个最为简单的Lambda (api/testLambda.js):
Javascript
import Responses from './common/Responses';
exports.handler = async event => {
return Responses.HTTP_200({
message: "Hello, Lambda."
});
};创建Lambda Authorizer (api/common/authorizers/tokenAuthorizer.js)
Javascript
exports.handler = async event => {
const token =
(event.headers && event.headers['X-Amz-Security-Token']) ||
event.authoizationToken;
if (!token) {
console.log('no token provided.');
return generatePolicy({ allow: false });
}
if (token != '123456') {
console.log('invalid token');
return generatePolicy({ allow: false });
}
const policy = generatePolicy({ allow: true });
return policy;
};
const generatePolicy = ({ allow }) => {
return {
principalId: 'token',
policyDocument: {
Version: '2012-10-17',
Statement: {
Action: 'execute-api:Invoke',
Effect: allow ? 'Allow' : 'Deny',
Resource: '*',
},
},
};
}serverless.yml中的配置
yaml
service: service-08-authorizer
provider:
name: aws
region: eu-west-1
runtime: nodejs14.x
lambdaHashingVersion: 20201221
profile: default
functions:
tokenAuthorizer:
handler: api/common/authorizers/tokenAuthorizer.handler
testLambda:
handler: api/testLambda.handler
events:
- http:
path: test
method: GET
cors: true
authorizer:
name: tokenAuthorizer
type: request
identitySource: method.request.header.X-Amz-Security-Token
plugins:
- serverless-webpack
package:
individually: true发布及测试
首先进行发布:
bash
sls deploy然后使用Postman进行测试。
