为 Lambda 授权方启用预置并发
Enable Provisioned Concurrency for a Lambda Authorizer
使用 Terraform,我对 AWS HTTP API 网关进行了配置,如下所示:
resource "aws_apigatewayv2_authorizer" "authorizer" {
api_id = module.api_gateway.this_apigatewayv2_api_id
name = "authorizer"
authorizer_payload_format_version = "2.0"
enable_simple_responses = true
authorizer_result_ttl_in_seconds = var.authorizer_result_ttl_in_seconds
authorizer_type = "REQUEST"
identity_sources = ["$request.header.Authorization"]
# Problem is below:
authorizer_uri = module.auth-authorizer-lambda.this_lambda_function_invoke_arn
}
当我使用 this_lambda_function_invoke_arn 时,这工作正常,但不会调用 Lambda 的并发配置版本(因此 Lambda 可以工作,比如 4s)。通常可以通过 this_lambda_function_qualified_arn 引用这样的版本,但使用它会导致错误:
Error: error updating API Gateway v2 authorizer: BadRequestException: Invalid Authorizer URI:
arn:aws:lambda:eu-west-1:<account-id>:function:authorizer:5.
Authorizer URI should be a valid API Gateway ARN that represents a Lambda function invocation.
如何配置 API 网关以使用授权方 lambda 的特定版本?
没有显示auth-authorizer-lambda模块是什么,但是this_lambda_function_invoke_arn的使用是不正确的。 authorizer_uri 的正确形式显示在 following example:
arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations
所以你必须构建并提供如上所示的形式的authorizer_uri。显然,它必须根据您的地区、帐户ID和功能名称进行调整。
如果其他人遇到此问题...您可以配置 API 网关以使用别名的 invoke_arn 使用特定版本的 Authorizer lambda。
resource "aws_lambda_alias" "test_lambda_alias" {
name = "my_alias"
description = "a sample description"
function_name = aws_lambda_function.lambda_function_test.arn
function_version = "1"
}
resource "aws_apigatewayv2_authorizer" "authorizer" {
api_id = module.api_gateway.this_apigatewayv2_api_id
name = "authorizer"
authorizer_payload_format_version = "2.0"
enable_simple_responses = true
authorizer_result_ttl_in_seconds = var.authorizer_result_ttl_in_seconds
authorizer_type = "REQUEST"
identity_sources = ["$request.header.Authorization"]
# Problem is below:
authorizer_uri = aws_lambda_alias.test_lambda_alias.invoke_arn
}
然后,一如既往,不要忘记将更改部署到阶段以使其生效。
最终参考格式如下:
arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}:{lambda_alias}/invocations
使用 Terraform,我对 AWS HTTP API 网关进行了配置,如下所示:
resource "aws_apigatewayv2_authorizer" "authorizer" {
api_id = module.api_gateway.this_apigatewayv2_api_id
name = "authorizer"
authorizer_payload_format_version = "2.0"
enable_simple_responses = true
authorizer_result_ttl_in_seconds = var.authorizer_result_ttl_in_seconds
authorizer_type = "REQUEST"
identity_sources = ["$request.header.Authorization"]
# Problem is below:
authorizer_uri = module.auth-authorizer-lambda.this_lambda_function_invoke_arn
}
当我使用 this_lambda_function_invoke_arn 时,这工作正常,但不会调用 Lambda 的并发配置版本(因此 Lambda 可以工作,比如 4s)。通常可以通过 this_lambda_function_qualified_arn 引用这样的版本,但使用它会导致错误:
Error: error updating API Gateway v2 authorizer: BadRequestException: Invalid Authorizer URI:
arn:aws:lambda:eu-west-1:<account-id>:function:authorizer:5.
Authorizer URI should be a valid API Gateway ARN that represents a Lambda function invocation.
如何配置 API 网关以使用授权方 lambda 的特定版本?
没有显示auth-authorizer-lambda模块是什么,但是this_lambda_function_invoke_arn的使用是不正确的。 authorizer_uri 的正确形式显示在 following example:
arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations
所以你必须构建并提供如上所示的形式的authorizer_uri。显然,它必须根据您的地区、帐户ID和功能名称进行调整。
如果其他人遇到此问题...您可以配置 API 网关以使用别名的 invoke_arn 使用特定版本的 Authorizer lambda。
resource "aws_lambda_alias" "test_lambda_alias" {
name = "my_alias"
description = "a sample description"
function_name = aws_lambda_function.lambda_function_test.arn
function_version = "1"
}
resource "aws_apigatewayv2_authorizer" "authorizer" {
api_id = module.api_gateway.this_apigatewayv2_api_id
name = "authorizer"
authorizer_payload_format_version = "2.0"
enable_simple_responses = true
authorizer_result_ttl_in_seconds = var.authorizer_result_ttl_in_seconds
authorizer_type = "REQUEST"
identity_sources = ["$request.header.Authorization"]
# Problem is below:
authorizer_uri = aws_lambda_alias.test_lambda_alias.invoke_arn
}
然后,一如既往,不要忘记将更改部署到阶段以使其生效。
最终参考格式如下:
arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}:{lambda_alias}/invocations