我有一个简单的serverless.yml,如下所示:
service: test-lambda
provider:
name: aws
runtime: nodejs10.x
functions:
hello:
handler: handler.hello
events:
- http:
path: hello
method: get
authorizer: aws_iam
我还配置了AWS Cognito用户池,APP客户端和身份池。
我的经过身份验证和未经身份验证的角色都具有以下IAM策略:
{
"Version": "2012-10-17","Statement": [
{
"Effect": "Allow","action": "*","Resource": "*"
}
]
但是,当我使用aws-api-gateway-client向我的API请求时:
apig-test \
--username='sls@test.com' \
--password='Passw0rd!' \
--user-pool-id='us-east-1_Fmws96qkp' \
--app-client-id='75ujpfhk63kt39tb0hmplpddr3' \
--cognito-region='us-east-1' \
--identity-pool-id='us-east-1:addcched-eb42-4802-817f-700f13e51d8e' \
--invoke-url='https://28p4ir5tx8.execute-api.us-east-1.amazonaws.com/dev' \
--api-gateway-region='us-east-1' \
--path-template='/hello' \
--method='GET'
我不断得到:
Autheticating with User Pool
Getting temporary credentials
Making API Request
status: 403,statusText: Forbidden
注意:问题中列出的所有凭据和IAM策略都是假设的。