I'm trying to import an openapi/swagger file into api gateway, but I'm not able to get the security set as expected. I want to have an api key required for all paths.
Setting it api key required in the console after import works, but this solution is undesirable, what also works is setting the security field in each path individually, but I'm looking for a global solution.
When I'm trying to import the file I get the following warning:
Your API was not imported due to errors in the Swagger file.
Method 'GET' on resource '/' specified security,
but no custom authorizers were created and the extension
x-amazon-apigateway-auth was not set.
This method will be not be secured.
By the looks of this, I either need a lambda as a custom authorizer just for the api key (I'm not familiar with authorizers but this doesn't seem to make sense if I don't need one when setting api key required in the console); or I need to do something with this mysterious x-amazon-apigateway-auth
which I can't find docs for (all the other openapi extensions amazon have documented here).
A miniamal example is below:
openapi: 3.0.1
info:
title: test
version: 0
servers:
- url: "/"
security:
- ApiKey: []
paths:
"/":
get:
# if I copy the security part into here things work
responses:
'204':
description: no content
x-amazon-apigateway-integration:
httpMethod: GET
type: http
uri: https://httpstat.us/204
components:
securitySchemes:
ApiKey:
type: apiKey
name: x-api-key
in: header
x-amazon-apigateway-api-key-source: HEADER
since api key security is set at the root level, this suggests to me that all paths should use an api key (unless overwritten by individual paths), what actually occurs is the above warning and no api key required when imported.
At the time of me writing this answer, according to their documentation, AWS API gateway does not support setting security at the root level.
API Gateway doesn't use root level security defined in the OpenAPI specification. Hence security needs to be defined at an operation level to be appropriately applied.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With