Seth Geoghegan
02/26/2021, 9:52 PMdefaultAuthorizationType
?Frank
Frank
const api = new sst.Api(this, "Api", {
defaultAuthorizationType: "AWS_IAM",
routes: {
"GET /private": "src/private.main",
"GET /public": {
authorizationType: "NONE",
function: "src/public.main",
},
},
});
Seth Geoghegan
02/26/2021, 9:56 PMauthorizationType
or defaultAuthorizationType
, will I need to remove and re-deploy to see the changes?Seth Geoghegan
02/26/2021, 9:57 PMSeth Geoghegan
02/26/2021, 9:57 PMFrank
Frank
start
command after u made the change?Seth Geoghegan
02/26/2021, 10:03 PMSeth Geoghegan
02/26/2021, 10:04 PM// Create the HTTP API
this.api = new sst.Api(this, "api", {
defaultAuthorizationType: sst.ApiAuthorizationType.NONE,
defaultFunctionProps: {
// Pass in the table name to our API
environment: {
tableName: table.tableName,
region: table.env.region
}
},
routes: {
...auth_routes,
...unauth_routes
}
});
Seth Geoghegan
02/26/2021, 10:05 PMsst.ApiAuthorizationType.AWS_IAM
to sst.ApiAuthorizationType.NONE
for the defaultAuthorizationType
Seth Geoghegan
02/26/2021, 10:06 PMFrank
autorizationType
for auth_routes and unauth_routes?Seth Geoghegan
02/26/2021, 10:07 PMunauth_routes
, just to test out the concept
const auth_routes = {
"PUT /races/{id}": "src/races/update.handler",
"POST /races": "src/races/create.handler",
"POST /races/{id}/register": "src/races/register.handler",
"GET /users/{user_id}/messages": "src/messages/list.handler",
"PUT /users/{user_id}/messages/{message_id}":
"src/messages/mark_as_read.handler"
};
const unauth_routes = {
"GET /races/featured": {
function: {
authorizationType: sst.ApiAuthorizationType.NONE,
handler: "src/races/featured.handler"
}
},
"GET /races/{id}": "src/races/get.handler",
"GET /races/search": "src/races/list.handler",
"GET /strava/webhook": "src/strava/validate_webhook.handler"
};
Frank
Frank
Frank
AWS_IAM
CloudFormation template looks something like:
"Type": "AWS::ApiGatewayV2::Route",
"Properties": {
"AuthorizationType": "AWS_IAM",
...
}
Frank
NONE
, AuthorizationType
in the template is removed:
"Type": "AWS::ApiGatewayV2::Route",
"Properties": {
...
}
Frank
Frank
Seth Geoghegan
02/26/2021, 10:27 PMFrank
AuthorizationType
to NONE
in CloudFormation template
"Type": "AWS::ApiGatewayV2::Route",
"Properties": {
"AuthorizationType": "NONE",
...
}
Frank
Seth Geoghegan
02/26/2021, 10:29 PMSeth Geoghegan
02/26/2021, 10:44 PMdefaultAuthorizationType
of AWS_IAM. Instead of defining authorization types of NONE, I could control what guest users see by assigning the API endpoints to the Cognito guest role (maybe this is what the API construct is doing under the covers?)Frank
Seth Geoghegan
02/26/2021, 10:45 PMSeth Geoghegan
02/26/2021, 10:45 PMattachPermissionsForUnauthUsers
on the Auth constructFrank
Frank
NONE
2. all routes are private, authorizationType AWS_IAM
, and guest users also get IAM credentials, and you control which route they can call and not call in IAMSeth Geoghegan
02/26/2021, 10:48 PMSeth Geoghegan
02/26/2021, 10:48 PMFrank
Seth Geoghegan
02/26/2021, 10:50 PMFrank
AWS_IAM
makes more snseFrank
Seth Geoghegan
02/26/2021, 10:51 PMFrank
npm install --save --save-exact @serverless-stack/cli@0.9.9 @serverless-stack/resources@0.9.9
Seth Geoghegan
02/26/2021, 10:54 PMFrank
Seth Geoghegan
02/26/2021, 10:56 PMSeth Geoghegan
02/26/2021, 11:05 PMSeth Geoghegan
02/26/2021, 11:06 PMSeth Geoghegan
02/26/2021, 11:06 PMSeth Geoghegan
02/26/2021, 11:07 PMFrank
Frank
Frank
.build/cdk.out/xxxxx.template.json
Frank
Seth Geoghegan
02/26/2021, 11:15 PMSeth Geoghegan
02/26/2021, 11:15 PMFrank
AuthorizationType
set to AWS_IAM
Frank
defaultAuthorizationType
is set to sst.ApiAuthorizationType.NONE
still?Seth Geoghegan
02/26/2021, 11:20 PMSeth Geoghegan
02/26/2021, 11:20 PMFrank
authorizationType: sst.ApiAuthorizationType.NONE
outside of the function
Frank
"GET /strava/webhook": {
authorizationType: sst.ApiAuthorizationType.NONE,
function: {
handler: "src/strava/validate_webhook.handler"
}
}
Frank
"GET /strava/webhook": {
authorizationType: sst.ApiAuthorizationType.NONE,
function: "src/strava/validate_webhook.handler"
}
Seth Geoghegan
02/26/2021, 11:23 PMSeth Geoghegan
02/26/2021, 11:24 PMconst unauth_routes = {
"GET /races/featured": {
authorizationType: sst.ApiAuthorizationType.NONE,
handler: "src/races/featured.handler"
},
"GET /races/{id}": {
authorizationType: sst.ApiAuthorizationType.NONE,
handler: "src/races/get.handler"
},
"GET /races/search": {
authorizationType: sst.ApiAuthorizationType.NONE,
handler: "src/races/list.handler"
},
"GET /strava/webhook": {
authorizationType: sst.ApiAuthorizationType.NONE,
handler: "src/strava/validate_webhook.handler"
}
};
Frank
handler
, function
Frank
const unauth_routes = {
"GET /races/featured": {
authorizationType: sst.ApiAuthorizationType.NONE,
function: "src/races/featured.handler"
},
...
};
Seth Geoghegan
02/26/2021, 11:26 PMSeth Geoghegan
02/26/2021, 11:27 PMFrank
Seth Geoghegan
02/26/2021, 11:29 PMroutes
incorrectly, or has the latest implementation outpaced the docs?Frank
Frank
Seth Geoghegan
02/26/2021, 11:31 PMSeth Geoghegan
02/26/2021, 11:31 PMSeth Geoghegan
02/26/2021, 11:32 PMFrank
Seth Geoghegan
02/26/2021, 11:34 PMSeth Geoghegan
02/26/2021, 11:35 PMFrank