I am deploying a project with the Serverless framework that includes different resources (a lambda function, cognito user pool, cognito identity pool, etc...)
For a previous project, we created from the console (so manually) the configuration for a second Api Gateway (in addition to the one that we configured with Serverless on the lambda) to just be the proxy for our s3 bucket, so we were able to add and get files from the bucket without using the lambda.
Now, I want to make the exact thing to this new project, but instead making the second Api Gateway manually from the console, there is a way to declare this proxy directly from Serverless configuration?
I searched for different solutions, but I didn't find any guide for this.
What I'm trying to make in the configuration is what this amazon guide explains.
You can use this plugin that allows setting up API Gateway service proxies very easily (I'm one of the collaborators).
serverless.yml example:
service: s3-proxy
provider:
name: aws
runtime: nodejs10.x
plugins:
- serverless-apigateway-service-proxy
custom:
apiGatewayServiceProxies:
- s3:
path: /s3/{key}
method: post
action: PutObject
bucket:
Ref: S3Bucket
key:
pathParam: key
cors: true
resources:
Resources:
S3Bucket:
Type: 'AWS::S3::Bucket'
Related
I want to deploy my nextjs application with the serverless cli, but I want to have my resources in eu-north-1. Im new to aws, but I have tried a bunch of things, even adding a policy that gives access to everything handling s3 buckets.
name: test-bucket
test-bucket:
component: '#sls-next/serverless-component#latest'
inputs:
bucketRegion: eu-north-1
policy: arn:aws:iam::<id>:policy/S3FullAccess
In the documentation there is information on how to configure authorizers such as Cognito:
https://www.serverless.com/framework/docs/providers/aws/events/http-api#jwt-authorizers
And here is a copy of it:
httpApi:
authorizers:
someJwtAuthorizer:
identitySource: $request.header.Authorization
issuerUrl: https://cognito-idp.${region}.amazonaws.com/${cognitoPoolId}
Does anyone know how to configure for custom lambda jwt authorizer I have coded myself?
I only achieved it using a previously created JWT Authorizer for httpApi, but must be similar with a custom Lambda Authorizer (never used one)
- httpApi:
method: any
authorizer: # https://github.com/serverless/serverless/issues/7598
# Provide both type and authorizerId
type: COGNITO_USER_POOLS # TOKEN or REQUEST or COGNITO_USER_POOLS, same as AWS Cloudformation documentation
id: <AUTHORIZER ID> # or authorizer name "name: my-lambda"
scopes: # Optional - List of Oauth2 scopes when type is COGNITO_USER_POOLS
- my-resource-server/my-grant-type
path: /{proxy+}
More on this issue here:
AWS HTTP API: Support IAM and Lambda authorizers #8210
feat(AWS HTTP API): Add support for custom Lambda authorizers #9192
Check out the Serverless docs for API Gateway, which show several examples of using custom authorizers.
I'm working on a web service in which one Lambda function serves requests from a web browser. This request handling kicks off some slow work that can be completed asynchronously, so I have a separate Lambda function that I want to invoke asynchronously to handle the slow work.
This is being deployed as a Serverless project. The serverless.yml file looks like this:
service: AsyncService
frameworkVersion: '=1.54.0'
provider:
name: aws
runtime: go1.x
package:
exclude:
- ./**
include:
- ./bin/**
functions:
FrontEnd:
handler: bin/FrontEnd
events:
- http:
path: processData
method: post
environment:
AsyncWorkerARN: ???
AsyncWorker:
handler: bin/AsyncWorker
The question is how can I get the ARN of the AsyncWorker Lambda function into an environment variable of the FrontEnd Lambda function without hardcoding it? I need it there to be able to invoke the AsyncWorker Lambda.
I think the best way is to use the serverless-pseudo-parameters plugin and then do something like: arn:aws:lambda:#{AWS::Region}:#{AWS::AccountId}:function:AsyncService-dev-AsyncWorker
When api specification of serverless.yml is described in swagger format in resources instead of functions , API can not be executed locally.
API specification of serverless.yml is described in swagger format in resources
serverless.yml is below.
functions:
test:
handler: test.test
resources:
Resources:
RestApi :
Type : AWS::ApiGateway::RestApi
Properties :
Body : ${file(./swagger.yaml)}
The result of sls offline does not have routes for test API.
Serverless: Starting Offline: dev/ap-northeast-1.
Serverless: Routes for test:
Serverless: (none)
Serverless: Offline listening on http://localhost:3000
API specification of serverless.yml is described in swagger format in functions
serverless.yml is below.
functions:
test:
handler: test.test
events:
- http: GET test
#resources:
# Resources:
# RestApi :
# Type : AWS::ApiGateway::RestApi
# Properties :
# Body : ${file(./swagger.yaml)}
The result of sls offline have routes for test API.
Serverless: Starting Offline: dev/ap-northeast-1.
Serverless: Routes for test:
Serverless: GET /test
Serverless: Offline listening on http://localhost:3000
I want to run the API locally by describing specifications in swagger format in resources. Is there a way to achieve this?
The serverless-offline plugin understands the serverless landscape, but does not understand custom AWS resources. Its also unlikely to in the future as serverless is an abstraction layer.
Perhaps aws-sam-cli would be a better fit for your application. It seems to support swagger docs and a local environment.
I am trying to test authorization of a Lambda function using Cognito, Serverless framework & Serverless-Offline plugin.
When I run my stack locally using serverless offline, all requests by default are authorized and I can execute them without a problem.
The command is serverless offline
What I cant do is test unauthorized requests locally, when I use the argument --noAuth the request is still authorized by default, which means I can't test scenarios of unauthorized access.
Using serverless offline --noAuth
When I am developing locally, how can I test requests against my handler that are unauthorized?
Here is my yml:
service: apples
provider:
name: aws
runtime: nodejs8.10
stage: ${opt:stage, 'dev'}
region: ap-southeast-2
profile: personal
plugins:
- serverless-offline
functions:
hello:
handler: handler.hello
events:
- http:
path: users
method: get
cors: true
authorizer:
arn: ${cf:apples-auth-dev.CognitoUserPoolArn}