0
0

【AWS】API Gateway创建Rest API--从S3下载文件

一、背景

在不给AK,SK的前提下,用户查看s3上文件(从s3下载文件)

二、创建API

1、打开API Gateway,点击创建API,选择REST API

REST API和HTTP API区别:(来自AWS官网)

REST API 和 HTTP API 都是 RESTful API 产品。REST API 支持的功能比 HTTP API 多,而 HTTP API 在设计时功能就极少,因此能够以更低的价格提供。如果您需要如 API 密钥、每客户端节流、请求验证、AWS WAF 集成或私有 API 端点等功能,请选择 REST API。如果您不需要 REST API 中包含的功能,请选择 HTTP API。

2、 设置API名称,选择终端节点类型

终端节点类型:(来自AWS官网)

  1.     区域性(REGIONAL):适用于同一区域中的客户端。当在 EC2 实例上运行的客户端调用同一区域中的 API,或 API 用于为具有高需求的少数客户端提供服务时,区域 API 可以降低连接开销。
  3.     还有边缘优化(EDGE):最适合地理位置分散的客户端。API 请求将路由到最近的 CloudFront 接入点 (POP)。这是 API Gateway REST API 的默认终端节点类型。
  5.     私有(PRIVATE):是一个只能使用接口 VPC 终端节点从 Amazon Virtual Private Cloud (VPC) 访问的 API 终端节点,该接口是您在 VPC 中创建的终端节点网络接口 (ENI)

三、配置API

1、进入刚创建好的API,点击资源页,创建资源及方法

1.1创建资源, / 代表根目录,右击选择创建资源

1.2创建方法,上传文件到s3,所以选择GET方法

1.3点击刚创建的方法,进入集成请求

1.3配置:

集成类型:AWS 服务

AWS区域:(选择相应的区域)

AWS服务:S3

AWS子域:(不用填)

HTTP方法:GET

操作类型:路径覆盖

路径覆盖(可选):{bucket}/{object}

执行角色:(填写有执行API角色的ARN)

路径覆盖也可以把路径某部分hard code

在下方URL路径参数中填写路径参数映射关系

2、配置设置

翻到最下面,修改二进制媒体类型为 /

Content-Encoding可以根据需要修改

默认上传文件大小不超过10M

三、添加授权方

1、新建Lambda函数,来验证授权方,运行时选择 Node.js 16.x

代码如下:当header中account和password匹配上,则allow,否则deny

  1. exports.handler = function(event, context, callback) {        
  2.     console.log('Received event:', JSON.stringify(event, null, 2));
  4.     // A simple request-based authorizer example to demonstrate how to use request 
  5.     // parameters to allow or deny a request. In this example, a request is  
  6.     // authorized if the client-supplied headerauth1 header, QueryString1
  7.     // query parameter, and stage variable of StageVar1 all match
  8.     // specified values of 'headerValue1', 'queryValue1', and 'stageValue1',
  9.     // respectively.
  11.     // Retrieve request parameters from the Lambda function input:
  12.     var headers = event.headers;
  13.     var queryStringParameters = event.queryStringParameters;
  14.     var pathParameters = event.pathParameters;
  15.     var stageVariables = event.stageVariables;
  16.         
  17.     // Parse the input for the parameter values
  18.     var tmp = event.methodArn.split(':');
  19.     var apiGatewayArnTmp = tmp[5].split('/');
  20.     var awsAccountId = tmp[4];
  21.     var region = tmp[3];
  22.     var restApiId = apiGatewayArnTmp[0];
  23.     var stage = apiGatewayArnTmp[1];
  24.     var method = apiGatewayArnTmp[2];
  25.     var resource = '/'; // root resource
  26.     if (apiGatewayArnTmp[3]) {
  27.         resource += apiGatewayArnTmp[3];
  28.     }
  29.         
  30.     // Perform authorization to return the Allow policy for correct parameters and 
  31.     // the 'Unauthorized' error, otherwise.
  32.     var authResponse = {};
  33.     var condition = {};
  34.     condition.IpAddress = {};
  35.      
  36.     if (headers.account === ""
  37.         && headers.password === "") {
  38.         callback(null, generateAllow('me', event.methodArn));
  39.     }else {
  40.         callback("Unauthorized");
  41.     }
  42. }
  43.      
  44. // Help function to generate an IAM policy
  45. var generatePolicy = function(principalId, effect, resource) {
  46.     // Required output:
  47.     var authResponse = {};
  48.     authResponse.principalId = principalId;
  49.     if (effect && resource) {
  50.         var policyDocument = {};
  51.         policyDocument.Version = '2012-10-17'; // default version
  52.         policyDocument.Statement = [];
  53.         var statementOne = {};
  54.         statementOne.Action = 'execute-api:Invoke'; // default action
  55.         statementOne.Effect = effect;
  56.         statementOne.Resource = resource;
  57.         policyDocument.Statement[0] = statementOne;
  58.         authResponse.policyDocument = policyDocument;
  59.     }
  60.     // Optional output with custom properties of the String, Number or Boolean type.
  61.     authResponse.context = {
  62.         "account": '',
  63.         "password": '',
  64.         "booleanKey": true
  65.     };
  66.     return authResponse;
  67. }
  68.      
  69. var generateAllow = function(principalId, resource) {
  70.     return generatePolicy(principalId, 'Allow', resource);
  71. }
  72.      
  73. var generateDeny = function(principalId, resource) {
  74.     return generatePolicy(principalId, 'Deny', resource);
  75. }

2、创建授权方

授权方名称

类型:选择Lambda

Lambda函数:填写刚创建好的Lambda函数名称

Lambda调用角色:填写调用Lambda函数的角色

Lambda事件负载:选择请求

身份来源:选择标头,添加account和password

授权缓存:取消启用

三、配置授权方

选择 添加授权方的路径资源方法中的方法请求

授权选择配置好的授权方名称

请求验证程序:无

需要API密钥:否

HTTP请求标头:将account和password配置进来

四、部署API

API配置完成后,右击根目录,部署API, 选择部署阶段,点击部署

注意:每次对API进行更改后要重新部署一下

五、测试API

测试通过两种方式:①Postman ②python代码

获取URL链接

1、Postman

进入Postman,添加PUT请求,复制URL链接,在其后添加要下载文件的S3的路径,点击send,即可在下方看到请求结果

2、python代码

  1. import json
  2. import requests
  4. def call_get_api(_url,_headers):
  5.     res = requests.get(url=_url, headers=_headers)
  6.     return res
  8. def download_s3(bucket,key,local_file):
  9.     # api gateway call url
  10.     url_ip = ""
  11.     # generate the url
  12.     url = url_ip + bucket + key
  14.     # headers
  15.     headers = {"account": "", "password": ""}
  17.     # call the api2s3 method
  18.     res = call_get_api(url, headers)
  19.     res.encoding = 'utf-8'
  20.     data = res.text
  21.     if res.status_code == 200:
  22.         print(res.status_code)
  23.         print(data)
  24.         with open(local_file, 'wb') as f:
  25.             # str通过encode()方法可以转换为bytes
  26.             f.write(data.encode())
  27.     else:
  28.         print(res)
  30. if __name__ == '__main__':
  31.     # s3 file
  32.     bucket = ''
  33.     key = ''
  35.     # local file name
  36.     local_file = ''
  37.     download_s3(bucket, key, local_file)

六、通过CloudFormation新建API

yaml文件代码如下

  1. AWSTemplateFormatVersion: '2010-09-09'
  2. Description : Template to provision ETL Workflow for api gateway 
  3. Parameters:
  4.   Region:
  5.     Description: 'Specify the Region for resource.'
  6.     Type: String
  7.     Default: ase1
  8.   Iteration:
  9.     Type: String
  10.     Description: 'Specify the Iteration for Lambda.'
  11.     Default: '001'
  12.   S3Iteration:
  13.     Type: String
  14.     Description: 'Specify the Iteration for S3'
  15.     Default: '001'
  16.   IAMIteration:
  17.     Type: String
  18.     Description: 'Specify the Iteration for IAM roles.'
  19.     Default: '001'
  21. Resources: 
  22.   ApigatewayRestAPI:
  23.     Type: AWS::ApiGateway::RestApi
  24.     Properties:
  25.       Name: api-downloads3-${Iteration}
  26.       BinaryMediaTypes:
  27.         - "*/*"
  28.       Description: create api to download file from s3
  29.       Mode: overwrite
  30.       EndpointConfiguration:
  31.         Types:
  32.           - REGIONAL
  33.  
  34.   ApigatewayAuthorizer:
  35.     Type: AWS::ApiGateway::Authorizer
  36.     Properties:
  37.       AuthorizerCredentials: "arn:aws:iam::${AWS::AccountId}:role/iamr-replication-${IAMIteration}"
  38.       AuthorizerResultTtlInSeconds : 0
  39.       AuthorizerUri: "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:lamb-apigw-authorizer-${S3Iteration}/invocations"
  40.       Type : REQUEST
  41.       AuthType: custom
  42.       RestApiId: 
  43.         !Ref  ApigatewayRestAPI
  44.       Name: auth-request
  45.       IdentitySource : method.request.header.account,method.request.header.password
  47.   ApigatewayResourceFolder:
  48.     Type: AWS::ApiGateway::Resource
  49.     Properties:
  50.       RestApiId: 
  51.         !Ref ApigatewayRestAPI
  52.       PathPart: "{folder}"
  53.       ParentId: !GetAtt 
  54.         - ApigatewayRestAPI
  55.         - RootResourceId
  57.   ApigatewayMethodFolder:
  58.     Type: AWS::ApiGateway::Method
  59.     Properties:
  60.       AuthorizerId:
  61.         !Ref ApigatewayAuthorizer
  62.       AuthorizationType: custom
  63.       RequestParameters: {
  64.         "method.request.path.folder": true,
  65.         "method.request.header.account": true,
  66.         "method.request.header.password": true
  67.       }
  68.       HttpMethod: GET
  69.       MethodResponses:
  70.         - StatusCode: 200
  71.           ResponseModels: 
  72.             application/json: Empty
  73.       RestApiId:
  74.         !Ref ApigatewayRestAPI
  75.       ResourceId: !GetAtt 
  76.         - ApigatewayResourceFolder
  77.         - ResourceId 
  78.       Integration:
  79.         Type: AWS
  80.         Credentials: "arn:aws:iam::${AWS::AccountId}:role/iamr-replication-${IAMIteration}"
  81.         IntegrationHttpMethod: GET
  82.         IntegrationResponses:
  83.           - StatusCode: 200
  84.         PassthroughBehavior: when_no_match
  85.         Uri: "arn:aws:apigateway:${AWS::Region}:s3:path/{folder}"
  86.         RequestParameters: {
  87.             "integration.request.path.folder" : "method.request.path.folder"
  88.           }
  90.   ApigatewayResourceTablename:
  91.     Type: AWS::ApiGateway::Resource
  92.     Properties:
  93.       RestApiId: 
  94.         !Ref ApigatewayRestAPI
  95.       PathPart: "{tablename}"
  96.       ParentId:
  97.         !Ref ApigatewayResourceFolder
  99.   ApigatewayMethodTablename:
  100.     Type: AWS::ApiGateway::Method
  101.     Properties:
  102.       AuthorizerId:
  103.         !Ref ApigatewayAuthorizer
  104.       AuthorizationType: custom
  105.       RequestParameters: {
  106.         "method.request.path.folder": true,
  107.         "method.request.path.tablename": true,
  108.         "method.request.header.account": true,
  109.         "method.request.header.password": true
  110.       }
  111.       HttpMethod: GET
  112.       MethodResponses:
  113.         - StatusCode: 200
  114.           ResponseModels: 
  115.             application/json: Empty
  116.       RestApiId:
  117.         !Ref ApigatewayRestAPI
  118.       ResourceId: !GetAtt 
  119.         - ApigatewayResourceTablename
  120.         - ResourceId 
  121.       Integration:
  122.         Type: AWS
  123.         Credentials: "arn:aws:iam::${AWS::AccountId}:role/iamr-replication-${IAMIteration}"
  124.         IntegrationHttpMethod: GET
  125.         IntegrationResponses:
  126.           - StatusCode: 200
  127.         PassthroughBehavior: when_no_match
  128.         Uri: "arn:aws:apigateway:${AWS::Region}:s3:path/{folder}/{tablename}"
  129.         RequestParameters: {
  130.             "integration.request.path.folder" : "method.request.path.folder",
  131.             "integration.request.path.tablename" : "method.request.path.tablename"
  132.           }
  134.   ApigatewayResourcePartition:
  135.     Type: AWS::ApiGateway::Resource
  136.     Properties:
  137.       RestApiId:
  138.         !Ref ApigatewayRestAPI
  139.       PathPart: "{partition}"
  140.       ParentId:
  141.         !Ref ApigatewayResourceTablename
  143.   ApigatewayMethodPartition:
  144.     Type: AWS::ApiGateway::Method
  145.     Properties:
  146.       AuthorizerId:
  147.         !Ref ApigatewayAuthorizer
  148.       AuthorizationType: custom
  149.       RequestParameters: {
  150.         "method.request.path.folder": true,
  151.         "method.request.path.tablename": true,
  152.         "method.request.path.partition": true,
  153.         "method.request.header.account": true,
  154.         "method.request.header.password": true
  155.       }
  156.       HttpMethod: GET
  157.       MethodResponses:
  158.         - StatusCode: 200
  159.           ResponseModels: 
  160.             application/json: Empty
  161.       RestApiId:
  162.         !Ref ApigatewayRestAPI
  163.       ResourceId: !GetAtt 
  164.         - ApigatewayResourcePartition
  165.         - ResourceId 
  166.       Integration:
  167.         Type: AWS
  168.         Credentials: "arn:aws:iam::${AWS::AccountId}:role/iamr-replication-${IAMIteration}"
  169.         IntegrationHttpMethod: GET
  170.         IntegrationResponses:
  171.           - StatusCode: 200
  172.         PassthroughBehavior: when_no_match
  173.         Uri: "arn:aws:apigateway:${AWS::Region}:s3:path/{folder}/{tablename}/{partition}"
  174.         RequestParameters: {
  175.             "integration.request.path.partition" : "method.request.path.partition",
  176.             "integration.request.path.folder" : "method.request.path.folder",
  177.             "integration.request.path.tablename" : "method.request.path.tablename"
  178.           }
  180.   ApigatewayResourceFilename:
  181.     Type: AWS::ApiGateway::Resource
  182.     Properties:
  183.       RestApiId: 
  184.         !Ref ApigatewayRestAPI
  185.       PathPart: "{filename}"
  186.       ParentId:
  187.         !Ref ApigatewayResourcePartition
  189.   ApigatewayMethodFilename:
  190.     Type: AWS::ApiGateway::Method
  191.     Properties:
  192.       AuthorizerId:
  193.         !Ref ApigatewayAuthorizer
  194.       AuthorizationType: custom
  195.       RequestParameters: {
  196.         "method.request.path.folder": true,
  197.         "method.request.path.tablename": true,
  198.         "method.request.path.partition": true,
  199.         "method.request.path.filename": true,
  200.         "method.request.header.account": true,
  201.         "method.request.header.password": true
  202.       }
  203.       HttpMethod: GET
  204.       MethodResponses:
  205.         - StatusCode: 200
  206.           ResponseModels: 
  207.             application/json: Empty
  208.       RestApiId:
  209.         !Ref ApigatewayRestAPI
  210.       ResourceId: !GetAtt 
  211.         - ApigatewayResourceFilename
  212.         - ResourceId 
  213.       Integration:
  214.         Type: AWS
  215.         Credentials: "arn:aws:iam::${AWS::AccountId}:role/iamr-replication-${IAMIteration}"
  216.         IntegrationHttpMethod: GET
  217.         IntegrationResponses:
  218.           - StatusCode: 200
  219.         PassthroughBehavior: when_no_match
  220.         Uri: "arn:aws:apigateway:${AWS::Region}:s3:path/{folder}/{tablename}/{partition}/{filename}"
  221.         RequestParameters: {
  222.             "integration.request.path.partition" : "method.request.path.partition",
  223.             "integration.request.path.filename" : "method.request.path.filename",
  224.             "integration.request.path.folder" : "method.request.path.folder",
  225.             "integration.request.path.tablename" : "method.request.path.tablename"
  226.           }
  227.           
  228.   ApigatewayDeploymentv1:
  229.     DependsOn: ApigatewayMethodFilename
  230.     Type: AWS::ApiGateway::Deployment
  231.     Properties: 
  232.       RestApiId:
  233.         !Ref ApigatewayRestAPI
  234.       StageName : v1
  236.   PermissionToInvokeLambda: 
  237.     Type: AWS::Lambda::Permission
  238.     Properties: 
  239.       FunctionName: lamb-apigw-authorizer-${Iteration}
  240.       Action: "lambda:InvokeFunction"
  241.       Principal: "apigateway.amazonaws.com"
  242.       SourceArn: !Sub
  243.         - "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${APiId}/authorizers/${AuthorizerId}"
  244.         - APiId: 
  245.             !Ref ApigatewayRestAPI
  246.           AuthorizerId: 
  247.             !Ref ApigatewayAuthorizer
  249. Outputs:
  250.   RootResourceId:
  251.     Value: !GetAtt ApigatewayRestAPI.RootResourceId
  252.   AuthorizerId:
  253.     Value: !GetAtt ApigatewayAuthorizer.AuthorizerId
标签: aws gateway 云计算
本文转载自: https://blog.csdn.net/weixin_41758646/article/details/128456737
版权归原作者 某可儿同学的博客 所有, 如有侵权,请联系我们删除。
登录后发布评论

“【AWS】API Gateway创建Rest API--从S3下载文件”的评论:

还没有评论
关于作者
...
overfit同步小助手
文章同步
相关阅读

网络安全法-网络运行安全

使用selenium/drissionpage时如何阻止chrome自动跳转http到https

docker desktop 里部署的Open WebUI 管理员密码忘记了的处理方法

在ubuntu20.04中搭建onsite比赛运行环境

利用开源的低代码表单设计器FcDesigner高效管理和渲染复杂表单结构

Kafka学习笔记

【前端】浏览器输入url到页面呈现发生了什么?

文章导航
没有找到文章内容分段。。。