Comments (7)
Hi there, thanks for opening an issue. It would often result in weird behaviour if you mix SAM resources with regular CloudFormation resources. I would recommend defining the gateway response as part of the openapi specification in DefintionBody
or DefinitionUri
property of your SAM API. An simple example is given here:
openapi: 3.0.0
info:
title: Sample API
version: 1.0.0
paths:
/someEndpoint:
get:
summary: Sample endpoint
responses:
'401':
description: Unauthorized access. The client will be redirected.
content:
text/html:
schema:
type: string
example: |
<html>
<head>
<meta
http-equiv="refresh"
content="0;url=/shell?target=$context.path">
</head>
<body></body>
</html>
from serverless-application-model.
Thanks @GavinZZ, unfortunately, I don't think this will work for my use case. The responses I'm manipulating are generated by the CognitoAuthorizer, not by any of my mapped endpoints. As far as I understand things, your solution would require the request getting past the authorizer before those response transformations were implemented.
from serverless-application-model.
@mousedownmike I spent some time and wrote an example following your description. However, I cannot reproduce this problem.
I'm using a simple template like the following
Transform: AWS::Serverless-2016-10-31
Resources:
MyApi:
Type: AWS::Serverless::Api
Properties:
StageName: MyNewStageName
DefinitionBody:
# Simple HTTP Proxy API
openapi: '3.0'
info:
version: '2016-09-23T22:23:23Z'
title: Simple Api
basePath: /demo
schemes:
- https
paths:
/http/{proxy+}:
x-amazon-apigateway-any-method:
parameters:
- name: proxy
in: path
x-amazon-apigateway-integration:
type: http_proxy
uri: http://httpbin.org/{proxy}
httpMethod: ANY
passthroughBehavior: when_no_match
requestParameters:
integration.request.path.proxy: method.request.path.proxy
UnauthorizedRedirect:
Type: AWS::ApiGateway::GatewayResponse
Properties:
ResponseTemplates:
text/html: |
<html>
<head>
<meta
http-equiv="refresh"
content="0;url=/shell?target=$context.path">
</head>
<body></body>
</html>
ResponseType: UNAUTHORIZED
RestApiId: !Ref MyApi
StatusCode: '401'
Note that this template includes a SAM API, a AWS::ApiGateway::GatewayResponse
resource. I am able to deploy this template successfully for the first time.
Then I proceeded with updating the AWS::ApiGateway::GatewayResponse
resource
UnauthorizedRedirect:
ResponseType: UNAUTHORIZED
RestApiId: !Ref MyApi
StatusCode: '403'
I then tried to deploy this updated template again and I am able to deploy it and I can see changes reflected in the console as well. So I'm not able to reproduce the issue described.
To be super clear, this problem is not related to AlwaysDeploy
as this property only works with properties changed in SAM API resource itself. Also, since the GatewayResponse resource depends on the API resource (implicit depends on through the RestApiId: !Ref MyApi
), changes in AWS::ApiGateway::GatewayResponse
should always be deployed prior to deploying the API resource. If a change is not recognized, this is most likely not a SAM issue but a CloudFormation or ApiGateway issue.
from serverless-application-model.
@GavinZZ, thank you for your time on this. Without using an Authorizer on the API, I don't think it replicates the experience I was having. To be clear, I do see the changes reflected in the console when I apply the template. The problem is that they don't actually function for responses generated by the Authorizer. From my understanding of what you're saying, it sounds like that's expected.
I might recommend a minor documentation update for the AlwaysDeploy
property to call out the fact that changes to standard CloudFormation resources "should always be deployed prior to deploying the API resource". Unfortunately, using a DependsOn relationship doesn't appear to guarantee that (or, quite possibly, I didn't test that properly).
Ultimately, I've decided not to use the GatewayResponse resources because they just don't offer the flexibility I was hoping for... specifically, no $context
interpolation in headers. I've opted to use Lambda@Edge functions to manipulate the respones as necessary.
from serverless-application-model.
⚠️ COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.
from serverless-application-model.
⚠️ COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.
from serverless-application-model.
@mousedownmike thanks for the suggestion, I'm going to create a task internally for doc update to clearly state the limitation of AlwaysDeploy
property.
To be clear, I do see the changes reflected in the console when I apply the template. The problem is that they don't actually function for responses generated by the Authorizer. From my understanding of what you're saying, it sounds like that's expected.
That's definitely not expected, but all SAM Transform does it to transform the template into standard CloudFormation template. Specifically in your scenario, this problem seems to be an issue on ApiGateway side or CloudFormation side. Unfortunately, there's not much SAM can do since the transformed template looks valid.
from serverless-application-model.
Related Issues (20)
- Please explain how to version AWS::Serverless::Function artifacts cleanly HOT 11
- Bug: AWS::Serverless::Function Policies partly not applied HOT 8
- Cors error from SAM template and Auth enabled. HOT 3
- VSCode SAM Schema Validation Error with !Ref in Conditions Section HOT 7
- Bug: Creates unnecessary AWSLambdaVPCAccessExecutionRole role HOT 7
- Api CORS issue with 500 status after setup Cognito authorizer HOT 3
- Building features for AWS SAM HOT 4
- Can't reset BinaryMediaTypes to a default value for API Gateway REST API HOT 2
- AWS::Serverless::Api auto deploys API when a resource is being added HOT 4
- Environment variables not updated HOT 5
- Bug: Using a Ref in StageName is Not Working Properly - Template.yaml HOT 4
- !If not working on Serverless:Function handler HOT 5
- how to configure KMSVerifyPolicy and KMSSignPolicy HOT 1
- Feature request: Git sync HOT 4
- Security: default permission allow any service to invoke a lambda function HOT 3
- Several tests fail with Pydantic 1.10.15 (latest 1.x) HOT 6
- (New Connector Profile) AWS Batch HOT 1
- EventInvokeConfig does not appear in processed template when following the spec HOT 3
- (New Connector Profile) AWS::ApiGateway::RestApi > AWS::Serverless::StateMachine HOT 1
- Bug: Lambda function (with alias) doesn't create a new version after its layer is updated, even if `AutoPublishAliasAllProperties` is set to `true` HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from serverless-application-model.