英文:
Update lambda function environment variables using api
问题
我收到错误消息 {message: '缺少身份验证令牌'} 。
如何修复这个问题?
如何提供正确的身份验证?
英文:
I got error {message: 'Missing Authentication Token'} .
how can i fix issue ?
const AWS_REGION = 'myREGION';
const FUNCTION_NAME = 'myfn';
const ACCESS_KEY = 'myACCESS_KEY';
const SECRET_KEY = 'mySECRET_KEY';
const updateEnvironmentVariables = async () => {
const credentials = `${ACCESS_KEY}:${SECRET_KEY}`;
const mybody = JSON.stringify({
"environment": {
"Variables": {
"API_KEY": "abc123",
"DB_URL": "https://my.com/db"
}
}
});
const response = await fetch(`https://lambda.${AWS_REGION}.amazonaws.com/2015-03-31/functions/${FUNCTION_NAME}/configuration`, {
method: 'PUT',
headers: {
'Content-Type': 'application/json',
'Authorization': credentials,
},
body: mybody,
}).then((v)=>v.json());
console.log(response)
};
how i provide correct Authentication?
答案1
得分: 0
不要回答我要翻译的问题。以下是要翻译的内容:
"发送凭证作为请求头的一部分是不足够的。要直接访问AWS API,您需要使用您的凭证对请求进行签名。
话虽如此,我强烈建议使用AWS JavaScript SDK,因为它会为您处理所有底层工作。
在您的示例中使用UpdateFunctionConfigurationCommand 会类似于以下方式:
import { LambdaClient, UpdateFunctionConfigurationCommand } from "@aws-sdk/client-lambda";
const AWS_REGION = '我的区域';
const FUNCTION_NAME = '我的函数名';
const ACCESS_KEY = '我的访问密钥';
const SECRET_KEY = '我的秘密密钥';
const client = new LambdaClient({
region: AWS_REGION,
credentials: {
accessKeyId: ACCESS_KEY,
secretAccessKey: SECRET_KEY
}
});
const config = JSON.stringify({
"environment": {
"Variables": {
"API_KEY": "abc123",
"DB_URL": "https://我的.com/db"
}
}
})
const command = new UpdateFunctionConfigurationCommand({
...JSON.parse(config),
FunctionName: FUNCTION_NAME,
});
const response = await client.send(command);
console.log(response)
注意:请确保不要将包含凭证的任何文件提交到源代码存储库,例如git。您可以使用本地AWS配置文件、环境变量或秘密存储来代替。
英文:
It's not enough to send the credentials as part of the request header. To directly access the AWS API, you need to sign the request with your credentials.
Having that said, I would strongly recommend using the AWS SDK for JavaScript instead because it takes care of all the low-level work for you.
Using the UpdateFunctionConfigurationCommand in your example would look something like this:
import { LambdaClient, UpdateFunctionConfigurationCommand } from "@aws-sdk/client-lambda";
const AWS_REGION = 'myREGION';
const FUNCTION_NAME = 'myfn';
const ACCESS_KEY = 'myACCESS_KEY';
const SECRET_KEY = 'mySECRET_KEY';
const client = new LambdaClient({
region: AWS_REGION,
credentials: {
accessKeyId: ACCESS_KEY,
secretAccessKey: SECRET_KEY
}
});
const config = JSON.stringify({
"environment": {
"Variables": {
"API_KEY": "abc123",
"DB_URL": "https://my.com/db"
}
}
})
const command = new UpdateFunctionConfigurationCommand({
...JSON.parse(config),
FunctionName: FUNCTION_NAME,
});
const response = await client.send(command);
console.log(response)
Note: Please make sure to not commit any files to a source code repository, e.g. git, that contain credentials. You can use a local AWS profile, environment variables, or a secret store instead.
答案2
得分: -1
以下是翻译好的部分:
错误消息通常表示您的请求未经身份验证。在 AWS 中,大多数经过身份验证的请求都使用 AWS Signature Version 4 进行签名。您当前传递的身份验证('Authorization':credentials,)无效,因为它包含访问密钥和秘密密钥拼接在一起。
AWS SDK 和 CLI 会为您处理请求签名,但如果您正在进行手动 API 调用(似乎您正在这样做),则需要手动进行签名。AWS Signature Version 4 签名过程有点复杂。您可以在此处查看完整详情:签名
然而,与 AWS 资源交互的一种更简单的方式是使用 AWS SDK for JavaScript 在 Node.js 中。以下是如何使用 AWS SDK 更新 AWS Lambda 环境变量的示例:
var AWS = require('aws-sdk');
AWS.config.update({
region: 'myREGION',
accessKeyId: 'myACCESS_KEY',
secretAccessKey: 'mySECRET_KEY'
});
var lambda = new AWS.Lambda();
var params = {
FunctionName: 'myfn',
Environment: {
Variables: {
'API_KEY': 'abc123',
'DB_URL': 'https://my.com/db'
}
}
};
lambda.updateFunctionConfiguration(params, function(err, data) {
if (err) console.log(err, err.stack); // 发生错误
else console.log(data); // 成功响应
});
请将 myREGION、myACCESS_KEY 和 mySECRET_KEY 替换为您的实际值。
在使用以下命令之前,请确保通过 npm 安装 AWS SDK:
npm install aws-sdk
请记住,将 AWS 访问凭据硬编码在代码中并不是一个好的做法。考虑将它们安全地存储在环境变量中,或者在运行在 EC2 实例或 AWS Lambda 上的 IAM 角色中使用它们。
最后,请始终确保您在 AWS IAM 中具有执行所需操作的必要权限。在这种情况下,您将需要 lambda:UpdateFunctionConfiguration 权限。
英文:
The error message you're seeing usually indicates that your request isn't authenticated. In AWS, most authenticated requests are signed with AWS Signature Version 4. The authentication you currently pass ('Authorization': credentials,) isn't valid as it contains the access and secret keys concatenated together.
AWS SDKs and CLI handle request signing for you, but if you're making manual API calls (as it appears you are doing), you'll have to sign them manually. AWS Signature Version 4 signing process is somewhat complex. You can see full details here: Signature
However, a simpler way to interact with AWS resources is to use the AWS SDK for JavaScript in Node.js. Here is how you could update your AWS Lambda environment variables using the AWS SDK:
var AWS = require('aws-sdk');
AWS.config.update({
region: 'myREGION',
accessKeyId: 'myACCESS_KEY',
secretAccessKey: 'mySECRET_KEY'
});
var lambda = new AWS.Lambda();
var params = {
FunctionName: 'myfn',
Environment: {
Variables: {
'API_KEY': 'abc123',
'DB_URL': 'https://my.com/db'
}
}
};
lambda.updateFunctionConfiguration(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});
Please replace 'myREGION', 'myACCESS_KEY' and 'mySECRET_KEY' with your actual values.
Please ensure you install AWS SDK via npm before you use it with the command:
npm install aws-sdk
Remember that hardcoding AWS access credentials in the code are not a good practice. Consider storing them securely in environment variables or using IAM roles running on EC2 instances or AWS Lambda.
Lastly, always ensure you have the necessary permissions in AWS IAM to perform the required operations. In this case, you'll need the lambda:UpdateFunctionConfiguration permission.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论