如何使用API网关为设置可公开访问的API调用？

Question

我有一个API Gateway调用和一个关联的Lambda调用。

当我点击这个链接(它用于确认一个电子邮件地址)时，我看到的是：

https://<api-gateway-code>.execute-api.us-east-2.amazonaws.com/default/retrieveEmailConfStringAPI&p1=value1&p2=value2

结果：

{"message":"Missing Authentication Token"}

完整的标题：

X-Firefox-Spdy: h2
content-length: 42
content-type: application/json
date: Mon, 06 Jan 2020 06:35:32 GMT
x-amz-apigw-id: <amazon-api-gateway-id>
x-amzn-errortype: MissingAuthenticationTokenException
x-amzn-requestid: <amazon-request-id>

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Host: <api-gateway-id>.execute-api.us-east-2.amazonaws.com
TE: Trailers
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:71.0) Gecko/20100101 Firefox/71.0

但是，当我将其更改为以下网址时：

https://<api-gateway-id>.execute-api.us-east-2.amazonaws.com/default&p1=value1&p2=value2

这就是结果：

{"message":"Forbidden"}

以下是原始标头结果：

X-Firefox-Spdy: h2
content-length: 23
content-type: application/json
date: Mon, 06 Jan 2020 06:45:13 GMT
x-amz-apigw-id: <amazon-api-gateway-id>
x-amzn-errortype: ForbiddenException
x-amzn-requestid: <amazon-request-id>

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Host: <api-gateway-id>.execute-api.us-east-2.amazonaws.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:71.0) Gecko/20100101 Firefox/71.0

这是在JSON对象中使用API Gateway进行的设置。

MacBook-Pro-2:lambdaZipFilesDev chauncey$ aws2 apigateway get-resources --rest-api-id <rest api id> --region us-east-2
{
    "items": [
        {
            "id": "<resource id>",
            "parentId": "<parent id>",
            "pathPart": "retrieveEmailConfStringAPI",
            "path": "/retrieveEmailConfStringAPI",
            "resourceMethods": {
                "ANY": {},
                "GET": {},
                "OPTIONS": {}
            }
        },
        {
            "id": "<parent resource>",
            "path": "/"
        }
    ]
}

下面是我运行的第二个命令，目的是构建这个公共API调用：

MacBook-Pro-2:lambdaZipFilesDev chauncey$ aws2 apigateway update-method --rest-api-id <rest api id> --resource-id <resource id> --http-method GET --patch-operation op="replace",path="/apiKeyRequired",value="false"
{
    "httpMethod": "GET",
    "authorizationType": "NONE",
    "apiKeyRequired": false,
    "requestParameters": {
        "method.request.querystring.p1": false,
        "method.request.querystring.p2": false
    },
    "methodResponses": {
        "200": {
            "statusCode": "200",
            "responseParameters": {
                "method.response.header.Access-Control-Allow-Origin": false
            },
            "responseModels": {
                "application/json": "Empty"
            }
        }
    },
    "methodIntegration": {
        "type": "AWS_PROXY",
        "httpMethod": "POST",
        "uri": "arn:aws:apigateway:us-east-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-2:<internal id code>:function:retrieveEmailConfStringAPI/invocations",
        "passthroughBehavior": "WHEN_NO_MATCH",
        "contentHandling": "CONVERT_TO_TEXT",
        "timeoutInMillis": 29000,
        "cacheNamespace": "<resource id>",
        "cacheKeyParameters": [],
        "integrationResponses": {
            "200": {
                "statusCode": "200",
                "responseParameters": {
                    "method.response.header.Access-Control-Allow-Origin": "'*'"
                },
                "responseTemplates": {
                    "application/json": null
                }
            }
        }
    }
}

最后，我运行以下命令来创建一个公共API调用：

MacBook-Pro-2:lambdaZipFilesDev chauncey$ aws2 apigateway update-method --rest-api-id <rest-api-id> --resource-id <resource-id> --http-method GET --patch-operation op="replace",path="/authorizationType",value="NONE"
{
    "httpMethod": "GET",
    "authorizationType": "NONE",
    "apiKeyRequired": false,
    "requestParameters": {
        "method.request.querystring.p1": false,
        "method.request.querystring.p2": false
    },
    "methodResponses": {
        "200": {
            "statusCode": "200",
            "responseParameters": {
                "method.response.header.Access-Control-Allow-Origin": false
            },
            "responseModels": {
                "application/json": "Empty"
            }
        }
    },
    "methodIntegration": {
        "type": "AWS_PROXY",
        "httpMethod": "POST",
        "uri": "arn:aws:apigateway:us-east-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-2:<aws-internal-id>:function:retrieveEmailConfStringAPI/invocations",
        "passthroughBehavior": "WHEN_NO_MATCH",
        "contentHandling": "CONVERT_TO_TEXT",
        "timeoutInMillis": 29000,
        "cacheNamespace": "<resource-id>",
        "cacheKeyParameters": [],
        "integrationResponses": {
            "200": {
                "statusCode": "200",
                "responseParameters": {
                    "method.response.header.Access-Control-Allow-Origin": "'*'"
                },
                "responseTemplates": {
                    "application/json": null
                }
            }
        }
    }
}

我只需要点击链接，然后触发我的api链接到我的lambda函数，并让它在后端有一些操作。

Answer 1

这个问题的答案既简单又愚蠢。

https://<api-gateway-code>.execute-api.us-east-2.amazonaws.com/default/retrieveEmailConfStringAPI?p1=value1&p2=value2

与参数字符串中的&相反，更改的是?。