This is an automated email from the ASF dual-hosted git repository.
wenming pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 114a08821 docs: improve `aws-lambda` plugin docs (#11211)
114a08821 is described below
commit 114a08821c528aa1fa79bb86109cf157b7a8f403
Author: Traky Deng <trakyd...@gmail.com>
AuthorDate: Tue May 7 11:05:55 2024 +0800
docs: improve `aws-lambda` plugin docs (#11211)
---
docs/en/latest/plugins/aws-lambda.md | 19 +++++++------------
docs/zh/latest/plugins/aws-lambda.md | 19 +++++++------------
2 files changed, 14 insertions(+), 24 deletions(-)
diff --git a/docs/en/latest/plugins/aws-lambda.md
b/docs/en/latest/plugins/aws-lambda.md
index 1b80dc9da..2cfca4637 100644
--- a/docs/en/latest/plugins/aws-lambda.md
+++ b/docs/en/latest/plugins/aws-lambda.md
@@ -29,11 +29,11 @@ description: This document contains information about the
Apache APISIX aws-lamb
## Description
-The `aws-lambda` Plugin is used for integrating APISIX with [AWS
Lambda](https://aws.amazon.com/lambda/) as a dynamic upstream to proxy all
requests for a particular URI to the AWS Cloud.
+The `aws-lambda` Plugin is used for integrating APISIX with [AWS
Lambda](https://aws.amazon.com/lambda/) and [Amazon API
Gateway](https://aws.amazon.com/api-gateway/) as a dynamic upstream to proxy
all requests for a particular URI to the AWS Cloud.
When enabled, the Plugin terminates the ongoing request to the configured URI
and initiates a new request to the AWS Lambda Gateway URI on behalf of the
client with configured authorization details, request headers, body and
parameters (all three passed from the original request). It returns the
response with headers, status code and the body to the client that initiated
the request with APISIX.
-This Plugin supports authorization via AWS API key and AWS IAM secrets.
+This Plugin supports authorization via AWS API key and AWS IAM secrets. The
Plugin implements [AWS Signature Version 4
signing](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html)
for IAM secrets.
## Attributes
@@ -43,21 +43,16 @@ This Plugin supports authorization via AWS API key and AWS
IAM secrets.
| authorization | object | False | | |
Authorization credentials to access the cloud function.
|
| authorization.apikey | string | False | | |
Generated API Key to authorize requests to the AWS Gateway endpoint.
|
| authorization.iam | object | False | | | Used
for AWS IAM role based authorization performed via AWS v4 request signing. See
[IAM authorization schema](#iam-authorization-schema). |
+| authorization.iam.accesskey | string | True | | Generated
access key ID from AWS IAM console. |
+| authorization.iam.secretkey | string | True | | Generated
access key secret from AWS IAM console. |
+| authorization.iam.aws_region | string | False | "us-east-1" | AWS
region where the request is being sent.
|
+| authorization.iam.service | string | False | "execute-api" | The
service that is receiving the request. For Amazon API gateway APIs, it should
be set to `execute-api`. For Lambda function, it should be set to `lambda`. |
| timeout | integer | False | 3000 | [100,...] | Proxy
request timeout in milliseconds.
|
| ssl_verify | boolean | False | true | true/false | When
set to `true` performs SSL verification.
|
| keepalive | boolean | False | true | true/false | When
set to `true` keeps the connection alive for reuse.
|
| keepalive_pool | integer | False | 5 | [1,...] | Maximum
number of requests that can be sent on this connection before closing it.
|
| keepalive_timeout | integer | False | 60000 | [1000,...] | Time is
ms for connection to remain idle without closing.
|
-### IAM Authorization Schema
-
-| Name | Type | Required | Default | Description
|
-|------------|--------|----------|---------------|-------------------------------------------------------------------------------------|
-| accesskey | string | True | | Generated access key ID
from AWS IAM console. |
-| secret_key | string | True | | Generated access key secret
from AWS IAM console. |
-| aws_region | string | False | "us-east-1" | AWS region where the
request is being sent. |
-| service | string | False | "execute-api" | The service that is
receiving the request. For HTTP trigger, it is `"execute-api"`. |
-
## Enable Plugin
The example below shows how you can configure the Plugin on a specific Route:
@@ -78,7 +73,7 @@ curl http://127.0.0.1:9180/apisix/admin/routes/1 -H
"X-API-KEY: $admin_key" -X P
"aws-lambda": {
"function_uri":
"https://x9w6z07gb9.execute-api.us-east-1.amazonaws.com/default/test-apisix";,
"authorization": {
- "apikey": "<Generated API Key from aws console>",
+ "apikey": "<Generated API Key from aws console>"
},
"ssl_verify":false
}
diff --git a/docs/zh/latest/plugins/aws-lambda.md
b/docs/zh/latest/plugins/aws-lambda.md
index 1f543b57a..7b23a355a 100644
--- a/docs/zh/latest/plugins/aws-lambda.md
+++ b/docs/zh/latest/plugins/aws-lambda.md
@@ -29,11 +29,11 @@ description: 本文介绍了关于 Apache APISIX aws-lambda 插件的基本信
## 描述
-`aws-lambda` 插件用于将 [AWS Lambda](https://aws.amazon.com/lambda/) 作为动态上游集成至
APISIX,从而实现将访问指定 URI 的请求代理到 AWS 云。
+`aws-lambda` 插件用于将 [AWS Lambda](https://aws.amazon.com/lambda/) 和 [Amazon API
Gateway](https://aws.amazon.com/api-gateway/) 作为动态上游集成至 APISIX,从而实现将访问指定 URI
的请求代理到 AWS 云。
启用 `aws-lambda` 插件后,该插件会终止对已配置 URI 的请求,并代表客户端向 AWS Lambda Gateway URI
发起一个新的请求。这个新请求中携带了之前配置的授权详细信息,包括请求头、请求体和参数(以上参数都是从原始请求中传递的),然后 `aws-lambda`
插件会将带有响应头、状态码和响应体的响应信息返回给使用 APISIX 发起请求的客户端。
-该插件支持通过 AWS API key 和 AWS IAM secrets 进行授权。
+该插件支持通过 AWS API key 和 AWS IAM secrets 进行授权。当使用 AWS IAM secrets 时,该插件支持 [AWS
Signature Version 4
signing](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html)。
## 属性
@@ -43,21 +43,16 @@ description: 本文介绍了关于 Apache APISIX aws-lambda 插件的基本信
| authorization | object | 否 | | |
访问云函数的授权凭证。 |
| authorization.apikey | string | 否 | | | 生成的 API
密钥,用于授权对 AWS Gateway 端点的请求。 |
| authorization.iam | object | 否 | | | 用于通过 AWS
v4 请求签名执行的基于 AWS IAM 角色的授权。请参考 [IAM 授权方案](#iam-授权方案)。 |
+| authorization.iam.accesskey | string | 是 | | 从 AWS IAM
控制台生成的访问密钥 ID。 |
+| authorization.iam.secretkey | string | 是 | | 从 AWS IAM
控制台生成的访问密钥。 |
+| authorization.iam.aws_region | string | 否 | "us-east-1" | 发出请求的 AWS
区域。有关更多 AWS 区域代码的信息请参考 [AWS
区域代码表](https://docs.aws.amazon.com/zh_cn/general/latest/gr/rande.html#region-names-codes)。
|
+| authorization.iam.service | string | 否 | "execute-api" |
接收该请求的服务。若使用 Amazon API gateway APIs, 应设置为 `execute-api`。若使用 Lambda function,
应设置为 `lambda`。 |
| timeout | integer | 否 | 3000 | [100,...] |
代理请求超时(以毫秒为单位)。 |
| ssl_verify | boolean | 否 | true | true/false | 当设置为
`true` 时执行 SSL 验证。 |
| keepalive | boolean | 否 | true | true/false | 当设置为
`true` 时,保持连接的活动状态以便重复使用。 |
| keepalive_pool | integer | 否 | 5 | [1,...] |
在关闭该连接之前,可以在该连接上发送的最大请求数。 |
| keepalive_timeout | integer | 否 | 60000 | [1000,...] |
当连接空闲时,保持该连接处于活动状态的时间,以毫秒为单位。 |
-### IAM 授权方案
-
-| 名称 | 类型 | 必选项 | 默认值 | 描述
|
-| ---------- | ------ | -------- | ------------- |
------------------------------------------------------------ |
-| accesskey | string | 是 | | 从 AWS IAM 控制台生成的访问密钥 ID。
|
-| secret_key | string | 是 | | 从 AWS IAM 控制台生成的访问密钥。
|
-| aws_region | string | 否 | "us-east-1" | 发出请求的 AWS 区域。有关更多 AWS
区域代码的信息请参考 [AWS
区域代码表](https://docs.aws.amazon.com/zh_cn/general/latest/gr/rande.html#region-names-codes)。
|
-| service | string | 否 | "execute-api" | 接收该请求的服务。请注意,对于 HTTP 触发器是
`"execute-api"`。 |
-
## 启用插件
你可以通过以下命令在指定路由中启用该插件:
@@ -80,7 +75,7 @@ curl http://127.0.0.1:9180/apisix/admin/routes/1 \
"aws-lambda": {
"function_uri":
"https://x9w6z07gb9.execute-api.us-east-1.amazonaws.com/default/test-apisix";,
"authorization": {
- "apikey": "<Generated API Key from aws console>",
+ "apikey": "<Generated API Key from aws console>"
},
"ssl_verify":false
}
