Início / user-2179222

Eduard Grinberg's questions

Martin Hope
Eduard Grinberg
Asked: 2025-04-10 16:17:36 +0800 CST
  • 5

Estou tentando criar um API Gateway com lambda e anexar o autorizador a ele. A criação da API e do lambda funciona perfeitamente, mas quando adiciono a seção do autorizador, recebo o seguinte erro:

Erro: Falha ao criar o changeset para a pilha: dev-device-management-api-stack, por exemplo: Waiter ChangeSetCreateComplete falhou: Waiter encontrou uma falha de terminal. Estado: Para a expressão "Status", correspondemos ao caminho esperado: "FAILED". Status: FAILED. Motivo: Valores 'null' não são permitidos em modelos em [/Resources/DeviceManagementApi/Type/Body/securityDefinitions/JwtAuthorizer/x-amazon-apigateway-authorizer/authorizerUri/Fn::Sub/1/ FunctionArn ].

Não consegui entender o erro e o motivo. Alguém ajuda?

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31

Parameters:
  EnvironmentStackName:
    Type: String
    AllowedValues:
      - dev
      - prod

Resources:
  DeviceManagementApi:
    Type: AWS::Serverless::Api
    Properties:
      Name: !Sub "${EnvironmentStackName}-device-management"
      StageName: "api"
      EndpointConfiguration: REGIONAL
      Auth:
        Authorizers:
          JwtAuthorizer:
            AuthorizationScopes:
              - scope
            IdentitySource: $request.header.Authorization
            JwtConfiguration:
              audience:
                - "my-audience"
              issuer: "https://issuer.clerk.accounts.dev"

  GetAllLocationsLambda:
    Type: AWS::Serverless::Function
    Properties:
      FunctionName: !Sub "${EnvironmentStackName}-lambda-locations-get-all"
      Handler: app.lambda_handler
      Runtime: python3.12
      CodeUri: src/location/get-all/
      MemorySize: 128
      Timeout: 10
      Role: !GetAtt DeviceApiLambdaExecutionRole.Arn
      Environment:
        Variables:
          STACK_NAME: !Ref EnvironmentStackName
      Events:
        GetAllLocationsApiEvent:
          Type: Api
          Properties:
            Path: /locations
            Method: GET
            RestApiId: !Ref DeviceManagementApi
#            Auth:
#              Authorizer: MyOauth2Authorizer
  
  DeviceApiLambdaExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "${EnvironmentStackName}-lambda-device-api-execution-role"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: "sts:AssumeRole"
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
      Policies:
        - PolicyName: LambdaDynamoDBReadAccess
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - dynamodb:Scan
                  - dynamodb:GetItem
                  - dynamodb:PutItem
                  - dynamodb:BatchGetItem
                  - dynamodb:BatchWriteItem
                  - dynamodb:ConditionCheckItem
                  - dynamodb:PutItem
                  - dynamodb:DescribeTable
                  - dynamodb:DeleteItem
                  - dynamodb:GetItem
                  - dynamodb:Scan
                  - dynamodb:Query
                  - dynamodb:UpdateItem
                Resource: "*"