mingqin1
commented
8 years ago David: I went through the same anxiety to figure out. I agree with you that document needs to be improved .
Open dsernst opened 8 years ago
mingqin1
commented
8 years ago David: I went through the same anxiety to figure out. I agree with you that document needs to be improved .
sapessi
commented
8 years ago Thanks for your feedback guys. I will pull together a blog post soon.
This is a sample application that creates a pet store app in iOS, and its backend using Amazon API Gateway, AWS Lambda and DynamoDB. It shows off how you can connect API Gateway and Lambda, and also use AWS IAM (Identity and Access Management) to authorize calls to your APIs.
ljbrown238
commented
8 years ago Just chiming in to add it would be great to have more, and clearer documentation. I did go through it (minus the iOS app) and did get the API functional, but an overview that explained the moving parts in more detail would be great. It may also be helpful to provide a link to the Amazon talk by Stefano Buliani which helps provide some high-level context for the application itself. Building Secure and Scalable API's http://www.slideshare.net/AmazonWebServices/dev203-amazon-api-gateway-aws-lambda-to-build-secure-apis There may be a better place you can get the deck from. Having said that, I certainly appreciate the excellent tutorial!
sapessi
commented
8 years ago Thanks Loren, this is Stefano. I will update the readme to at least link to the slideshare and talk on youtube.
avillegasn
commented
8 years ago Probably that's me being a newbie with AWS, but I'm unable to make it work. I've just wanted to try the server part to have an example where integrate IAM authentication with a REST API made with Amazon API Gateway and Lambda functions. However I presume I'm failing at creating/assigning roles and policies. Could you clarify this part a little bit? That would be awesome!
I've encountered the following error:
Execution failed due to configuration error: API Gateway does not have permission to assume the provided roleThe point where I got lost is:
Copy and paste the same access policy we generated for the invocation role with the addition of the permission to invoke API Gateway...
jeffery812
commented
8 years ago hi,
in iOS sample, the url is hard coded(NSString *URLString = @"https://xxxxxxxxxxx-api.us-east-1.amazonaws.com/xxxx";). Is there a way to change the endpoint out of the library?
I mean since the library is generated by AWS, and the library might change in the future. I don't want to touch the library code.
- (instancetype)initWithConfiguration:(AWSServiceConfiguration *)configuration {
if (self = [super init]) {
_configuration = [configuration copy];
// TODO: Change this to match your API deployment in Amazon API Gateway
NSString *URLString = @"https://xxxxxxxxxxx-api.us-east-1.amazonaws.com/xxxx";
if ([URLString hasSuffix:@"/"]) {
URLString = [URLString substringToIndex:[URLString length] - 1];
}
_configuration.endpoint = [[AWSEndpoint alloc] initWithRegion:_configuration.regionType
service:AWSServiceAPIGateway
URL:[NSURL URLWithString:URLString]];
AWSSignatureV4Signer *signer = [AWSSignatureV4Signer signerWithCredentialsProvider:_configuration.credentialsProvider
endpoint:_configuration.endpoint];
_configuration.baseURL = _configuration.endpoint.URL;
_configuration.requestInterceptors = @[[AWSNetworkingRequestInterceptor new], signer];
}
return self;
}Thanks
sapessi
commented
8 years ago @avillegasn apologies for the delay. That error is generated because API Gateway does not have permissions to assume the IAM role in your account. Check the trust relationships on the role, the trust policy should look something like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "apigateway.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}@zhihuitang At the moment the endpoint is a private variable in the constructor and is assigned to the _configuration variable. The client is capable of managing multiple instances of itself through the registerWithConfiguration and clientForKey static methods. You could setup your configuration manually, just like the init method does, to use a custom endpoint and then register the client with your configuration for the specific key:
@interface AWSServiceConfiguration()
@property (nonatomic, strong) AWSEndpoint *endpoint;
@endAWSServiceConfiguration *_config = [[AWSServiceConfiguration alloc] initWithRegion:AWSRegionUSEast1 credentialsProvider:nil];
_config.endpoint = [[AWSEndpoint alloc] initWithRegion:_config.regionType
service:AWSServiceAPIGateway
URL:[NSURL URLWithString:@"https://my-custom-endpoint.com"]];
AWSSignatureV4Signer *signer = [AWSSignatureV4Signer
signerWithCredentialsProvider:_config.credentialsProvider
endpoint:_config.endpoint];
_config.baseURL = _config.endpoint.URL;
_config.requestInterceptors = @[[AWSNetworkingRequestInterceptor new], signer];
[PETLambdaMicroserviceClient registerClientWithConfiguration:_config forKey:@"customEndpoint"]; PETLambdaMicroserviceClient *client = [PETLambdaMicroserviceClient clientForKey:@"customEndpoint"];
petemounce
commented
8 years ago It would be great to get a CloudFormation template added that sets up for example the IAM Roles and Managed Policies, then puts their ARNs in the stack outputs to grab.
lalon
commented
8 years ago Couldn't find a link in the readme to the talk regarding this project, so here it is: AWS re:Invent 2015 | (DEV203) Amazon API Gateway & AWS Lambda to Build Secure and Scalable APIs
grace191
commented
8 years ago Hi Stefano, Thanks for your excellent demo! I am wondering is it possible to change the IOS app to an angular js web app? If so, how should I do it? Thanks
sapessi
commented
8 years ago You can use API Gateway to generate a JavaScript SDK for the browsers. You can get the JavaScript SDK from the "SDK Generation" tab of the Stage settings page.
petemounce
commented
8 years ago Any way to request that via an API?
esumit
commented
8 years ago I did n't understand "Copy and paste the same access policy we generated for the invocation role with the addition of the permission to invoke API Gateway...", I have created seperate thread to understand its meaning ?
sirfak
commented
8 years ago Hi i am new to aws. I was going through the code.I understand that there is LoginAction to authenticate user.But when calling GetList or CreatePet how is the credentials being passed to this actions?
Thanks Ajay
sirfak
commented
8 years ago Also i am building and ionic 2 app with facebook loging.If i have understood correctly, i need to host my cognito code behind an api gateway and call with /auth to return aws tokens and the use this token in subsequent request like /addproduct etc
Is tHis right?
sapessi
commented
8 years ago @sirfak The login action returns a set of temporary AWS credentials (access key, secret key, and session token). These are automatically used by the SDK to sign requests to the APIs. API Gateway can automatically verify the signature on the requests.
myyk
commented
8 years ago +1 to adding a CloudFormation for this example. I made a blog post that tries to help a reader understand how this works a little better. https://medium.com/@myyk/serverless-authenticated-applications-with-federated-fb-google-amazon-logins-7447ac0b8415#.9pmxctjar
I add to this repo by showing how to hook up the generated sdk to HTML and use that to make the authenticated calls to the api gateways which was easier for me to understand. https://github.com/myyk/api-gateway-secure-pet-store/commit/9f5bd77c96c21357c664636aff22669d0235f0a8
sirfak
commented
8 years ago Hi As my application grows, i am finding it hard (time taking) to upload the code to Lambda and then test. I am using java sdk, On add new line of code, i have to upload (before running) to AWS lamda.
Is there any better approach to manage this?
thanks sirfak
Is there a blog post or anything to accompany this sweet looking repo? It's not entirely clear what it's setting out to do, or from a high level how it accomplishes it.