2. 질의 응답
  3. api-gateway - http 프록시 - 특정 리소스에 sigv4 보안 추가

api-gateway - http 프록시 - 특정 리소스에 sigv4 보안 추가

2017-03-27 8 views
0

다음 swagger 파일에서 aws api-gateway에 대한 api를 정의했습니다. API는 IAM을 사용하여 보안이 설정되어 인증 된 사용자 만 액세스 할 수 있습니다. api는 http 프록시 정의를 사용하여 express 앱 앞에 앉아서 각 리소스를 개별적으로 정의 할 필요가 없습니다. 이 방법을 사용하면 aws에서 실행되지 않을 경우 내 명시 적 앱을 개발 한 다음 aws (tutorial on how to)로 간단하게 포팅 할 수 있습니다! 그러나 이제 모든 GET 메서드에 대한 액세스가 보안되지 않도록 설정하고 다른 모든 메서드에 대해서는 sigv4 보안 정의 만 있어야합니다. 현재 설정이 api-gateway + express 일 때 가능합니까?api-gateway - http 프록시 - 특정 리소스에 sigv4 보안 추가

--- 
swagger: 2.0 
info: 
    title: ServerlessExpress 
basePath: /internal 
schemes: 
- https 
paths: 
    /: 
    x-amazon-apigateway-any-method: 
     produces: 
     - application/json 
     responses: 
     200: 
      description: 200 response 
      schema: 
      $ref: "#/definitions/Empty" 
     security: 
     - sigv4: [] 
     x-amazon-apigateway-integration: 
     responses: 
      default: 
      statusCode: 200 
     uri: <my uri> 
     passthroughBehavior: when_no_match 
     httpMethod: POST 
     type: aws_proxy 
    options: 
     consumes: 
     - application/json 
     produces: 
     - application/json 
     responses: 
     200: 
      description: 200 response 
      schema: 
      $ref: "#/definitions/Empty" 
      headers: 
      Access-Control-Allow-Origin: 
       type: string 
      Access-Control-Allow-Methods: 
       type: string 
      Access-Control-Allow-Headers: 
       type: string 
     x-amazon-apigateway-integration: 
     responses: 
      default: 
      statusCode: 200 
      responseParameters: 
       method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS,POST'" 
       method.response.header.Access-Control-Allow-Headers: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token'" 
       method.response.header.Access-Control-Allow-Origin: "'*'" 
     passthroughBehavior: when_no_match 
     requestTemplates: 
      application/json: "{\"statusCode\": 200}" 
     type: mock 
    /{proxy+}: 
    x-amazon-apigateway-any-method: 
     produces: 
     - application/json 
     parameters: 
     - name: proxy 
     in: path 
     required: true 
     type: string 
     responses: {} 
     security: 
     - sigv4: [] 
     x-amazon-apigateway-integration: 
     uri: <my uri> 
     httpMethod: POST 
     type: aws_proxy 
    options: 
     consumes: 
     - application/json 
     produces: 
     - application/json 
     responses: 
     200: 
      description: 200 response 
      schema: 
      $ref: "#/definitions/Empty" 
      headers: 
      Access-Control-Allow-Origin: 
       type: string 
      Access-Control-Allow-Methods: 
       type: string 
      Access-Control-Allow-Headers: 
       type: string 
     x-amazon-apigateway-integration: 
     responses: 
      default: 
      statusCode: 200 
      responseParameters: 
       method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS,POST'" 
       method.response.header.Access-Control-Allow-Headers: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token'" 
       method.response.header.Access-Control-Allow-Origin: "'*'" 
     passthroughBehavior: when_no_match 
     requestTemplates: 
      application/json: "{\"statusCode\": 200}" 
     type: mock 
securityDefinitions: 
    sigv4: 
    type: "apiKey" 
    name: "Authorization" 
    in: "header" 
    x-amazon-apigateway-authtype: "awsSigv4" 
definitions: 
    Empty: 
    type: object 
    title: Empty Schema

출처

2017-03-27 hyprstack

답변

0

그래서 여기에 내 자신의 질문에 대답하기로 결정했습니다! 그것은 내가 생각했던 것보다 더 간단합니다 ... 그러나 맹렬한 정의는 약간 반복됩니다. 나중에 API에서 새로운 리소스를 개발할 때 시간을 절약 할 수 있습니다.

--- 
swagger: 2.0 
info: 
    title: YOUR_API_GATEWAY_NAME 
basePath: /YOUR_API_GATEWAY_STAGE 
schemes: 
- https 
paths: 
    /: 
    get: 
     produces: 
     - application/json 
     responses: 
     200: 
      description: 200 response 
      schema: 
      $ref: "#/definitions/Empty" 
     x-amazon-apigateway-integration: 
     responses: 
      default: 
      statusCode: 200 
     uri: <my uri> 
     passthroughBehavior: when_no_match 
     httpMethod: POST 
     type: aws_proxy 
    post: 
     produces: 
     - application/json 
     responses: 
     200: 
      description: 200 response 
      schema: 
      $ref: "#/definitions/Empty" 
     security: 
     - sigv4: [] 
     x-amazon-apigateway-integration: 
     responses: 
      default: 
      statusCode: 200 
     uri: <my uri> 
     passthroughBehavior: when_no_match 
     httpMethod: POST 
     type: aws_proxy 
    patch: 
     produces: 
     - application/json 
     responses: 
     200: 
      description: 200 response 
      schema: 
      $ref: "#/definitions/Empty" 
     security: 
     - sigv4: [] 
     x-amazon-apigateway-integration: 
     responses: 
      default: 
      statusCode: 200 
     uri: <my uri> 
     passthroughBehavior: when_no_match 
     httpMethod: POST 
     type: aws_proxy 
    put: 
     produces: 
     - application/json 
     responses: 
     200: 
      description: 200 response 
      schema: 
      $ref: "#/definitions/Empty" 
     security: 
     - sigv4: [] 
     x-amazon-apigateway-integration: 
     responses: 
      default: 
      statusCode: 200 
     uri: <my uri> 
     passthroughBehavior: when_no_match 
     httpMethod: POST 
     type: aws_proxy 
    delete: 
     produces: 
     - application/json 
     responses: 
     200: 
      description: 200 response 
      schema: 
      $ref: "#/definitions/Empty" 
     security: 
     - sigv4: [] 
     x-amazon-apigateway-integration: 
     responses: 
      default: 
      statusCode: 200 
     uri: <my uri> 
     passthroughBehavior: when_no_match 
     httpMethod: POST 
     type: aws_proxy 
    options: 
     consumes: 
     - application/json 
     produces: 
     - application/json 
     responses: 
     200: 
      description: 200 response 
      schema: 
      $ref: "#/definitions/Empty" 
      headers: 
      Access-Control-Allow-Origin: 
       type: string 
      Access-Control-Allow-Methods: 
       type: string 
      Access-Control-Allow-Headers: 
       type: string 
     x-amazon-apigateway-integration: 
     responses: 
      default: 
      statusCode: 200 
      responseParameters: 
       method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS,POST,DELETE,PUT,PATCH'" 
       method.response.header.Access-Control-Allow-Headers: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token,Link,Total-Count,X-XX-Cereberus-Auth,Client-Origin'" 
       method.response.header.Access-Control-Allow-Origin: "'*'" 
     passthroughBehavior: when_no_match 
     requestTemplates: 
      application/json: "{\"statusCode\": 200}" 
     type: mock 
    /{proxy+}: 
    get: 
     produces: 
     - application/json 
     parameters: 
     - name: proxy 
     in: path 
     required: true 
     type: string 
     responses: {} 
     x-amazon-apigateway-integration: 
     uri: <my uri> 
     httpMethod: POST 
     type: aws_proxy 
    post: 
     produces: 
     - application/json 
     parameters: 
     - name: proxy 
     in: path 
     required: true 
     type: string 
     responses: {} 
     security: 
     - sigv4: [] 
     x-amazon-apigateway-integration: 
     uri: <my uri> 
     httpMethod: POST 
     type: aws_proxy 
    put: 
     produces: 
     - application/json 
     parameters: 
     - name: proxy 
     in: path 
     required: true 
     type: string 
     responses: {} 
     security: 
     - sigv4: [] 
     x-amazon-apigateway-integration: 
     uri: <my uri> 
     httpMethod: POST 
     type: aws_proxy 
    patch: 
     produces: 
     - application/json 
     parameters: 
     - name: proxy 
     in: path 
     required: true 
     type: string 
     responses: {} 
     security: 
     - sigv4: [] 
     x-amazon-apigateway-integration: 
     uri: <my uri> 
     httpMethod: POST 
     type: aws_proxy 
    delete: 
     produces: 
     - application/json 
     parameters: 
     - name: proxy 
     in: path 
     required: true 
     type: string 
     responses: {} 
     security: 
     - sigv4: [] 
     x-amazon-apigateway-integration: 
     uri: <my uri> 
     httpMethod: POST 
     type: aws_proxy 
    options: 
     consumes: 
     - application/json 
     produces: 
     - application/json 
     responses: 
     200: 
      description: 200 response 
      schema: 
      $ref: "#/definitions/Empty" 
      headers: 
      Access-Control-Allow-Origin: 
       type: string 
      Access-Control-Allow-Methods: 
       type: string 
      Access-Control-Allow-Headers: 
       type: string 
     x-amazon-apigateway-integration: 
     responses: 
      default: 
      statusCode: 200 
      responseParameters: 
       method.response.header.Access-Control-Allow-Methods: "'GET,OPTIONS,POST,DELETE,PUT,PATCH'" 
       method.response.header.Access-Control-Allow-Headers: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token,Link,Total-Count,X-XX-Cereberus-Auth,Client-Origin'" 
       method.response.header.Access-Control-Allow-Origin: "'*'" 
     passthroughBehavior: when_no_match 
     requestTemplates: 
      application/json: "{\"statusCode\": 200}" 
     type: mock 
securityDefinitions: 
    sigv4: 
    type: "apiKey" 
    name: "Authorization" 
    in: "header" 
    x-amazon-apigateway-authtype: "awsSigv4" 
definitions: 
    Empty: 
    type: object 
    title: Empty Schema

출처

2017-04-11 09:43:35 hyprstack

 관련 문제

  • 관련 문제 없음^_^