search

dwyl / learn-aws-lambda

✨ Learn how to use AWS Lambda to easily create infinitely scalable web services
1.05k stars 202 forks source link

Access API Gateway Endpoint without Authentication Token? #28

Closed nelsonic closed 8 years ago

nelsonic commented 8 years ago

When attempting to access the lambda function using the url: https://r09u5uw11g.execute-api.eu-west-1.amazonaws.com/prod/Concatenate We get: access-aws-api-gateway-route-forbidden

What do w need to do to make this publicly accessible?

jackcarlisle commented 8 years ago

@nelsonic I think we need to either re-configure the security of the API endpoint or we need to make the secret key available to anyone who wants to use it.

nelsonic commented 8 years ago

Permission Model: http://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html API Keys: http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-api-keys.html

test api key: LhGU6jr5C19QrT8yexCNoaBYeYHy9iwa5ugZlRzm (don't worry, I will change this...)

so we can run the following cURL command in terminal: 

curl --header "x-api-key: LhGU6jr5C19QrT8yexCNoaBYeYHy9iwa5ugZlRzm" https://r09u5uw11g.execute-api.eu-west-1.amazonaws.com/prod/Concatenate

aws-lambda-curl-with-api-key-works

jackcarlisle commented 8 years ago

@nelsonic I was just looking at the permissions model docs in the API Gateway http://docs.aws.amazon.com/apigateway/latest/developerguide/permissions.html Can you set up the access policy from either Lambda or API Gateway?

nelsonic commented 8 years ago
  1. If you aren't already viewing the API Gateway, select it from your AWS Console Menu: aws01-aws-dashboard-select-api-gateway
  2. Create an API Key in the Amazon API Gateway section of the AWS Console: aws02-api-key-create
  3. Create a New API Key: aws03-api-key-create0ew
  4. Name your key, Enable it and click Save button: aws03-api-key-create-new-specify
  5. Once you enable your API Key, a section will appear below the creation form that allows you to assign the new API Key to one of your APIs "Stage". Select the API & Stage (in our case the API is LambdaMicroservice and the stage is prod) then click the Add button: aws04-api-key-create-assign-to-stage You should now see that the API Key is Enabled for your prod stage: aws05-api-key-associated
  6. _Copy_ the _API key_ from this screen and save it to your notepad. aws05-copy-the-api-key
  7. Return to your AWS Console and select Lambda. This will display the list of your Lambda functions. Select the Concatenate Lambda function you created earlier. aws06-list-of-lambda-functions
  8. When you are viewing your Lambda Function, select the API Endpoints tab and copy the _API endpoint URL_: aws07-view-api-endpoints-and-copy-the-link
  9. With the endpoint URL and API Key copied you can now run a cURL Command in your terminal to access the endpoint:
curl --header "x-api-key: LhGU6jr5C19QrT8yexCNoaBYeYHy9iwa5ugZlRzm" https://r09u5uw11g.execute-api.eu-west-1.amazonaws.com/prod/Concatenate

aws-lambda-curl-with-api-key-works

Note: I slightly modified my Lambda function to return a timestamp so I know when the funciton gets executed:

exports.handler = function(event, context) {
    console.log('Received event:', JSON.stringify(event, null, 2));
    console.log('context:', JSON.stringify(context, null, 2));
    event.key1 = event.key1 || 'Hello'; // set default values
    event.key2 = event.key1 || 'World!';
    console.log('value1 =', event.key1);
    console.log('value2 =', event.key2);
    var date = new Date();
    var time = date.toString();
    context.succeed(event.key1 + ' ' + event.key2 + ' >> ' + time );
};

For even more steps on enabling API Keys on AWS API Gateway, see: http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-api-keys.html