- 浏览: 2482413 次
- 性别:
- 来自: 成都
文章分类
最新评论
-
nation:
你好,在部署Mesos+Spark的运行环境时,出现一个现象, ...
Spark(4)Deal with Mesos -
sillycat:
AMAZON Relatedhttps://www.godad ...
AMAZON API Gateway(2)Client Side SSL with NGINX -
sillycat:
sudo usermod -aG docker ec2-use ...
Docker and VirtualBox(1)Set up Shared Disk for Virtual Box -
sillycat:
Every Half an Hour30 * * * * /u ...
Build Home NAS(3)Data Redundancy -
sillycat:
3 List the Cron Job I Have>c ...
Build Home NAS(3)Data Redundancy
AMAZON API Gateway(1)Feel of API Gateway
1 Feeling about AMAZON API Gateway
Login in my amazon account and go to [Amazon API Gateway]
Create API
Under ROOT of Resource /, Choose [Create Resource]
Type “petstorewalkthrough” for demo —> [Create Resource], under “petstorewalkthrough”, create a sub resource named “pets"
Create the third resource under pets, using name as petid, the path will be /petstorewalkthrough/pets/{petid}
After all these, we have the resources, we need to create the methods on top of that.
Click on /petstorewalkthrough/pets/GET, choose [HTTP Proxy] —> Endpoint URL “http://petstore-demo-endpoint.execute-api.com/petstore/pets"
In the [Method Execution] Panel, choose [Method Request] —> [URL Query String Parameters] —> Add query string
Add query string “petType”, “petsPage"
[Method Execution] —> [Integration Request] —> [URL Query String Parameters]
type —> method.request.querystring.petType
page—> method.request.querystring.petsPage
Click the Test Button in [Method Execution] Panel petType=cat, petsPage = 2
skips the single get, post and other demo, I already understand the idea.
[Deploy API]
Go to the Stages editor page, there is a Invoke URL like https://my-api-id.execute-api.region-id.amazonaws.com/test and this URL will works
https://my-api-id.execute-api.region-id.amazonaws.com/test/petstorewalkthrough/pets
Some Limits from AMAZON
https://docs.aws.amazon.com/apigateway/latest/developerguide/limits.html
60 APIs maximum per account
60 client certificates per account
300 resources perl API
10 stages maximum per API
10 second timeout, this limit can not be changed.
500 requests per second per account for all the API under this account. Bursts of up to 1,000 request per second.
2 Authentication
API keys typically appropriate for a service to service interaction, putting a long lived secret on a client is risky.
AWS IAM is solution for clients. SAML and Auth0 SAML. Auth0 delegation with AWS IAM and then later step by adding an identity token to flow identity to my service layer.
API Key is simple, we can create [Create API Key] and select the API and stages.
http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-api-keys.html
[Method Execution] —> Authorization Settings —> API Key Required
Redeploy that to Stage - Test
I get response
{
"message": "Forbidden"
}
If I put x-api-key there, it will work.
Auth0
https://auth0.com/docs/integrations/aws-api-gateway/part-2
http://docs.aws.amazon.com/zh_cn/IAM/latest/UserGuide/id_roles_providers_saml_3rd-party.html
https://auth0.com/
https://auth0.com/docs/integrations/aws
Create my auth0 domain name
sillycat.auth0.com
Login Auth0 and [NEW APP/API] in Dashboard —> Create Application named “AWS API Gateway"
[Settings] —> [Addons] —> Turn On AMAZON WEB SERVICE
https://auth0.com/docs/aws-api-setup
Follow the document and go to the IAM Console https://console.aws.amazon.com/iam/home#home
Identity Providers —> Create Provider
SAML and auth0-provider
Download the metadata file from URL https://sillycat.auth0.com/samlp/metadata/key
Not finished yet because of lack of IAM knowledge.
3 Limit Access
This can be set on the method level or the API level.
4 Cache
Cache can be on method level, we can set up the cache key and TTL.
5 API Gateway with EC2
https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-aws-proxy.html
Create the AWS Service Proxy Execution Role
Login in IAM, choose Policies
https://console.aws.amazon.com/iam/home#policies
Create Policy —> Create Your Own Policy
Policy Name - APIGatewayAWSProxyExecPolicy
Policy Document
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"sns:ListTopics"
]
}
]
}
It is not what I wants.
6 Authenticate Access to Backend Systems with Client-side SSL
https://aws.amazon.com/about-aws/whats-new/2015/09/authenticate-access-to-your-backend-systems-with-client-side-ssl-certificates-in-amazon-api-gateway/
http://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-client-side-ssl-authentication.html
var options = {
ca: fs.readFileSync('ssl/ca.crt'),
requestCert: true,
rejectUnauthorized: false
};
https.createServer(options, function (req, res) {
NodeJS
http://nategood.com/nodejs-ssl-client-cert-auth-api-rest
Nginx
http://nategood.com/client-side-certificate-authentication-in-ngi
Playframework
https://www.playframework.com/documentation/2.4.3/ConfiguringHttps
http://stackoverflow.com/questions/21220101/ssl-tls-support-in-play-2-2-1
https://github.com/typesafehub/activator-play-tls-example
http://stackoverflow.com/questions/31945955/play-framework-https-sslengineprovider-override
Amazon
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-create-https-ssl-load-balancer.html
References:
https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started.html
https://auth0.com/docs/integrations/aws-api-gateway
http://docs.aws.amazon.com/zh_cn/IAM/latest/UserGuide/id_roles_providers_saml_3rd-party.html
1 Feeling about AMAZON API Gateway
Login in my amazon account and go to [Amazon API Gateway]
Create API
Under ROOT of Resource /, Choose [Create Resource]
Type “petstorewalkthrough” for demo —> [Create Resource], under “petstorewalkthrough”, create a sub resource named “pets"
Create the third resource under pets, using name as petid, the path will be /petstorewalkthrough/pets/{petid}
After all these, we have the resources, we need to create the methods on top of that.
Click on /petstorewalkthrough/pets/GET, choose [HTTP Proxy] —> Endpoint URL “http://petstore-demo-endpoint.execute-api.com/petstore/pets"
In the [Method Execution] Panel, choose [Method Request] —> [URL Query String Parameters] —> Add query string
Add query string “petType”, “petsPage"
[Method Execution] —> [Integration Request] —> [URL Query String Parameters]
type —> method.request.querystring.petType
page—> method.request.querystring.petsPage
Click the Test Button in [Method Execution] Panel petType=cat, petsPage = 2
skips the single get, post and other demo, I already understand the idea.
[Deploy API]
Go to the Stages editor page, there is a Invoke URL like https://my-api-id.execute-api.region-id.amazonaws.com/test and this URL will works
https://my-api-id.execute-api.region-id.amazonaws.com/test/petstorewalkthrough/pets
Some Limits from AMAZON
https://docs.aws.amazon.com/apigateway/latest/developerguide/limits.html
60 APIs maximum per account
60 client certificates per account
300 resources perl API
10 stages maximum per API
10 second timeout, this limit can not be changed.
500 requests per second per account for all the API under this account. Bursts of up to 1,000 request per second.
2 Authentication
API keys typically appropriate for a service to service interaction, putting a long lived secret on a client is risky.
AWS IAM is solution for clients. SAML and Auth0 SAML. Auth0 delegation with AWS IAM and then later step by adding an identity token to flow identity to my service layer.
API Key is simple, we can create [Create API Key] and select the API and stages.
http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-api-keys.html
[Method Execution] —> Authorization Settings —> API Key Required
Redeploy that to Stage - Test
I get response
{
"message": "Forbidden"
}
If I put x-api-key there, it will work.
Auth0
https://auth0.com/docs/integrations/aws-api-gateway/part-2
http://docs.aws.amazon.com/zh_cn/IAM/latest/UserGuide/id_roles_providers_saml_3rd-party.html
https://auth0.com/
https://auth0.com/docs/integrations/aws
Create my auth0 domain name
sillycat.auth0.com
Login Auth0 and [NEW APP/API] in Dashboard —> Create Application named “AWS API Gateway"
[Settings] —> [Addons] —> Turn On AMAZON WEB SERVICE
https://auth0.com/docs/aws-api-setup
Follow the document and go to the IAM Console https://console.aws.amazon.com/iam/home#home
Identity Providers —> Create Provider
SAML and auth0-provider
Download the metadata file from URL https://sillycat.auth0.com/samlp/metadata/key
Not finished yet because of lack of IAM knowledge.
3 Limit Access
This can be set on the method level or the API level.
4 Cache
Cache can be on method level, we can set up the cache key and TTL.
5 API Gateway with EC2
https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-aws-proxy.html
Create the AWS Service Proxy Execution Role
Login in IAM, choose Policies
https://console.aws.amazon.com/iam/home#policies
Create Policy —> Create Your Own Policy
Policy Name - APIGatewayAWSProxyExecPolicy
Policy Document
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"sns:ListTopics"
]
}
]
}
It is not what I wants.
6 Authenticate Access to Backend Systems with Client-side SSL
https://aws.amazon.com/about-aws/whats-new/2015/09/authenticate-access-to-your-backend-systems-with-client-side-ssl-certificates-in-amazon-api-gateway/
http://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-client-side-ssl-authentication.html
var options = {
ca: fs.readFileSync('ssl/ca.crt'),
requestCert: true,
rejectUnauthorized: false
};
https.createServer(options, function (req, res) {
NodeJS
http://nategood.com/nodejs-ssl-client-cert-auth-api-rest
Nginx
http://nategood.com/client-side-certificate-authentication-in-ngi
Playframework
https://www.playframework.com/documentation/2.4.3/ConfiguringHttps
http://stackoverflow.com/questions/21220101/ssl-tls-support-in-play-2-2-1
https://github.com/typesafehub/activator-play-tls-example
http://stackoverflow.com/questions/31945955/play-framework-https-sslengineprovider-override
Amazon
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-create-https-ssl-load-balancer.html
References:
https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started.html
https://auth0.com/docs/integrations/aws-api-gateway
http://docs.aws.amazon.com/zh_cn/IAM/latest/UserGuide/id_roles_providers_saml_3rd-party.html
发表评论
-
Stop Update Here
2020-04-28 09:00 259I will stop update here, and mo ... -
NodeJS12 and Zlib
2020-04-01 07:44 427NodeJS12 and Zlib It works as ... -
Docker Swarm 2020(2)Docker Swarm and Portainer
2020-03-31 23:18 308Docker Swarm 2020(2)Docker Swar ... -
Docker Swarm 2020(1)Simply Install and Use Swarm
2020-03-31 07:58 319Docker Swarm 2020(1)Simply Inst ... -
Traefik 2020(1)Introduction and Installation
2020-03-29 13:52 290Traefik 2020(1)Introduction and ... -
Portainer 2020(4)Deploy Nginx and Others
2020-03-20 12:06 375Portainer 2020(4)Deploy Nginx a ... -
Private Registry 2020(1)No auth in registry Nginx AUTH for UI
2020-03-18 00:56 370Private Registry 2020(1)No auth ... -
Docker Compose 2020(1)Installation and Basic
2020-03-15 08:10 323Docker Compose 2020(1)Installat ... -
VPN Server 2020(2)Docker on CentOS in Ubuntu
2020-03-02 08:04 396VPN Server 2020(2)Docker on Cen ... -
Buffer in NodeJS 12 and NodeJS 8
2020-02-25 06:43 332Buffer in NodeJS 12 and NodeJS ... -
NodeJS ENV Similar to JENV and PyENV
2020-02-25 05:14 414NodeJS ENV Similar to JENV and ... -
Prometheus HA 2020(3)AlertManager Cluster
2020-02-24 01:47 354Prometheus HA 2020(3)AlertManag ... -
Serverless with NodeJS and TencentCloud 2020(5)CRON and Settings
2020-02-24 01:46 288Serverless with NodeJS and Tenc ... -
GraphQL 2019(3)Connect to MySQL
2020-02-24 01:48 204GraphQL 2019(3)Connect to MySQL ... -
GraphQL 2019(2)GraphQL and Deploy to Tencent Cloud
2020-02-24 01:48 388GraphQL 2019(2)GraphQL and Depl ... -
GraphQL 2019(1)Apollo Basic
2020-02-19 01:36 272GraphQL 2019(1)Apollo Basic Cl ... -
Serverless with NodeJS and TencentCloud 2020(4)Multiple Handlers and Running wit
2020-02-19 01:19 260Serverless with NodeJS and Tenc ... -
Serverless with NodeJS and TencentCloud 2020(3)Build Tree and Traverse Tree
2020-02-19 01:19 257Serverless with NodeJS and Tenc ... -
Serverless with NodeJS and TencentCloud 2020(2)Trigger SCF in SCF
2020-02-19 01:18 250Serverless with NodeJS and Tenc ... -
Serverless with NodeJS and TencentCloud 2020(1)Running with Component
2020-02-19 01:17 232Serverless with NodeJS and Tenc ...
相关推荐
Amazon API Gateway 是一种完全托管的服务,可以帮助开发者轻松创建、发布、维护、监控和保护任意规模的 API。只需在 AWS 管理控制台中点击几下,您便可以创建可充当应用程序“前门”的 API,从后端服务访问数据、...
Amazon API Gateway是一项完全托管的服务,使开发人员可以轻松创建,发布,维护,监控和保护各种规模的API。 此方法有效,但需要您手动创建多个配置文件。 我们如何使这项任务自动化? 在本文中,我们将展示如
Amazon API Gateway是一项完全托管的服务,使开发人员可以轻松创建,发布,维护,监控和保护各种规模的API。 API Gateway是RESTaaS(REST即服务)吗? 可能是! 因为具有AWS Lambda和AWS DynamoDB的API网关允许构建...
aws-apigateway-importer, 使用Amazon网关,Swagger和RAML的工具 网关导入程序Amazon API网关导入器允许你从Swagger或者 RAML API表示create创建或者更新网关 API APIs 。要了解更多关于API网关,请参见文档文档或者...
使用DynamoDB,API Gateway和AWS Lambda构建基本的无服务器API 入门 创建React项目,安装依赖项 $ npx create-react-app serverless-api $ cd serverless-api $ npm install aws-amplify 接下来,创建放大项目并...
api-gateway-secure-pet-store, Amazon API网关示例通过 AWS Lambda使用 Amazon Cognito凭证 设置安全宠物商店简介Secure是一个用Java构建的应用程序,用于 。 协议使用网关将Lambda函数公开为HTTP端点,使用身份和...
Gateway、AWS Lambda 和 Amazon DynamoDB 在 AWS Serverless Envinronment 上构建应用程序。 它还使用 DynamoDBMapper ORM 结构将 DynamoDB 表中的行程项目映射到 RESTful API 以管理行程。 要求 AWS CLI 已配置至少...
apilogs:轻松记录和调试Amazon API Gateway和AWS Lambda Serverless API
无服务器照片识别:Amazon S3或Amazon API Gateway调用的3个lambda函数的集合,以使用Amazon Rekognition分析上传的图像并将图片标签保存到ElasticSearch(以Kotlin编写)
Amazon API Gateway开发人员指南介绍了如何 。 生成的SDK依赖于第三方库。 在yoru页面中包含所有脚本 [removed][removed][removed][removed][removed][removed]<script type="text/javascript" src="lib/...
Amazon API Gateway无服务器开发人员门户是一个用于开发人员参与的应用程序,通过自助发现这些用户的API网关API使其对客户可用。 您的客户可以使用开发人员门户网站浏览API文档,注册并立即获得他们自己的API密钥,...
Petard为Amazon API Gateway服务提供了一个简单的Python接口。 API网关使用与其他Amazon Web Services完全不同的API样式,因此官方SDK为该服务提供支持花费了更长的时间。 因为迫切需要API Gateway的Python库,...
Amazon API Gateway和Amazon Lambda的管理工具。 要求 Ruby 2.2.0或更高版本 ~/.aws/credentials默认~/.aws/credentials [default] aws_access_key_id = YOUR_AWS_ACCESS_KEY_ID aws_secret_access_key = YOUR_AWS...
集成Amazon API Gateway和Amazon Lambda的示例应用程序。 用法 $ npm install $ npm run Scripts available in api-gateway-lambda-example via `npm run-script`: bundle gulp bundle clean gulp clean ...
亚马逊新接口
Amazon api
松弛钩aws api网关 实用程序库可帮助在Amazon API Gateway中开发松弛的Webhooks
Amazon API Gateway开发人员指南 Amazon API Gateway开发人员指南的开源版本。 要提交反馈或更改请求,请提交问题或进行更改,然后提交拉取请求。 许可证摘要 该文档可在知识共享署名-相同方式共享4.0国际许可下获得...
Create React App入门该项目是通过引导的。可用脚本在项目目录中,可以运行:yarn start 在开发模式下运行该应用程序。 打开在浏览器中查看它。 如果您进行编辑,则页面将重新加载。 您还将在控制台中看到任何棉绒...
在本研讨会中,您将学习保护由AWS Lambda,Amazon API Gateway和RDS Aurora构建的无服务器应用程序的技术。 我们将介绍可用于改善5个域中无服务器应用程序安全性的AWS服务和功能: 身份和访问管理 基础设施 数据 ...