{"id":23150,"date":"2022-12-14T18:26:57","date_gmt":"2022-12-14T09:26:57","guid":{"rendered":"https:\/\/www.skyarch.net\/blog\/?p=23150"},"modified":"2022-12-14T18:26:57","modified_gmt":"2022-12-14T09:26:57","slug":"aws-chalice-%e3%81%a7-api-gateway-%e3%81%ae-api-key-%e8%aa%8d%e8%a8%bc%e3%81%a8-cognito-%e8%aa%8d%e8%a8%bc%e3%82%92%e4%bd%bf%e3%81%84%e5%88%86%e3%81%91%e3%82%8b","status":"publish","type":"post","link":"https:\/\/www.skyarch.net\/blog\/aws-chalice-%e3%81%a7-api-gateway-%e3%81%ae-api-key-%e8%aa%8d%e8%a8%bc%e3%81%a8-cognito-%e8%aa%8d%e8%a8%bc%e3%82%92%e4%bd%bf%e3%81%84%e5%88%86%e3%81%91%e3%82%8b\/","title":{"rendered":"AWS Chalice \u3067 API Gateway \u306e API Key \u8a8d\u8a3c\u3068 Cognito \u8a8d\u8a3c\u3092\u4f7f\u3044\u5206\u3051\u308b"},"content":{"rendered":"

\u6982\u8981\u3001\u5b9f\u65bd\u3057\u305f\u3044\u3053\u3068<\/h1>\n

\u5b9f\u65bd\u3057\u305f\u3044\u3053\u3068\u3068\u3057\u3066\u306f\u4ee5\u4e0b\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n

    \n
  1. AWS Chalice \u3067 API Gateway + Lambda \u3092\u30c7\u30d7\u30ed\u30a4<\/li>\n
  2. \u30d3\u30eb\u30c9\u30fb\u30c7\u30d7\u30ed\u30a4\u306f CodePipeline \u3067\u5b9f\u884c<\/li>\n
  3. 1\u3064\u306e API Gateway \u3067\u3001API Key \u8a8d\u8a3c\u3068 Cognito \u8a8d\u8a3c\u3092\u4f7f\u3044\u5206\u3051\u305f\u3044<\/li>\n<\/ol>\n

    1, 2\u70b9\u76ee\u306f\u3001\u958b\u767a\u52b9\u7387\u306e\u70b9\u3092\u8003\u616e\u3057\u305f\u3088\u304f\u3042\u308b\u69cb\u6210\u304b\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n

    3\u70b9\u76ee\u306b\u3064\u3044\u3066\u306f\u3001
    \n\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30e6\u30fc\u30b6\u30fc\u304b\u3089\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u5bfe\u3057\u3066\u306f Cognito \u8a8d\u8a3c\u3092\u3001
    \n\u5916\u90e8\u30b7\u30b9\u30c6\u30e0\u304b\u3089\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u5bfe\u3057\u3066\u306f API Key \u8a8d\u8a3c\u3092\u4f7f\u3044\u305f\u3044
    \n\u2026\u3068\u3044\u3063\u305f\u5834\u5408\u3092\u60f3\u5b9a\u3057\u305f\u69cb\u6210\u3067\u3059\u3002<\/p>\n

    \u4e0a\u8a183\u70b9\u3092\u5b9f\u88c5\u3057\u305f\u969b\u306e\u30dd\u30a4\u30f3\u30c8\u3092\u7d39\u4ecb\u3057\u307e\u3059\u3002<\/p>\n

    \u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u306e\u5185\u5bb9<\/h1>\n

    \u30bd\u30fc\u30b9\u30b3\u30fc\u30c9 (app.py) \u306b\u3064\u3044\u3066\u306f\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u5b9f\u88c5\u3057\u307e\u3057\u305f\u3002<\/p>\n

    \r\nimport os\r\n\r\nfrom chalice import Chalice, Response, CognitoUserPoolAuthorizer\r\nfrom chalicelib import sample\r\n\r\napp = Chalice(app_name='chalice_api')\r\n\r\ncognito_authorizer = CognitoUserPoolAuthorizer(\r\n    'ChaliceUserPool', provider_arns=[\r\n        os.environ['COGNITO_USERPOOL_ARN']\r\n    ]\r\n)\r\n\r\n@app.route('\/app-user', authorizer=cognito_authorizer)\r\ndef function():\r\n    return sample.hello_world()\r\n\r\n@app.route('\/ext-system', api_key_required=True)\r\ndef function():\r\n    return sample.hello_world()\r\n<\/pre>\n
    API Key \u8a8d\u8a3c\u3068 Cognito \u8a8d\u8a3c\u3092\u4f7f\u3044\u5206\u3051\u308b\u305f\u3081\u306b URL \u30d1\u30b9\u3092\u5206\u3051\u307e\u3057\u305f\u3002
    \n\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30e6\u30fc\u30b6\u30fc\u7528\u30d1\u30b9(\/app-user)\u306b\u306f authorizer=cognito_authorizer<\/code> \u3067 Cognito \u8a8d\u8a3c\u3092\u8a2d\u5b9a\u3057\u3001
    \n\u5916\u90e8\u30b7\u30b9\u30c6\u30e0\u7528\u30d1\u30b9(\/ext-system)\u306b\u306f api_key_required=True<\/code> \u3067 API Key \u8a8d\u8a3c\u3092\u8a2d\u5b9a\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n
    \u30d3\u30eb\u30c9\u306e\u8a2d\u5b9a<\/h1>\n
    CodePipeline \u306e\u8a2d\u5b9a\u3068\u3057\u3066\u306f\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002
    \nBuild \u30b9\u30c6\u30fc\u30b8\u3067 CloudFormation \u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3092\u4f5c\u6210\u3057 Deploy \u30b9\u30c6\u30fc\u30b8\u306b\u6e21\u3059\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n\"\"<\/a>\n
    \u305d\u306e\u305f\u3081 Build \u30b9\u30c6\u30fc\u30b8\u3067 chalice package \u3092\u5b9f\u884c\u3057\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3092\u751f\u6210\u3057\u3066\u3044\u307e\u3059\u3002
    \n\u4ee5\u4e0b\u306e\u3088\u3046\u306a buildspec \u3092\u4f7f\u3044\u307e\u3057\u305f\u3002<\/p>\n
    version: 0.2\nartifacts:\n  discard-paths: no\n  files:\n    - '**\/*'\nphases:\n  install:\n    runtime-versions:\n      python: 3.9\n    commands:\n      - pip install --upgrade chalice\n  build:\n    commands:\n      - pip install -r requirements.txt -t vendor\/\n      - python3 build.py --cognito-userpool-arn ${COGNITO_USERPOOL_ARN} # \u72ec\u81ea\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3001\u5f8c\u8ff0\n      - chalice --debug package . --template-format yaml\n<\/pre>\n
    chalice package \u306e\u5b9f\u884c\u6642\u306b\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9(app.py<\/code>)\u304c\u53c2\u7167\u3055\u308c\u308b\u305f\u3081
    \n\u30d3\u30eb\u30c9\u6642\u70b9\u3067\u3001\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u306b\u5b9a\u7fa9\u3055\u308c\u305f\u74b0\u5883\u5909\u6570(COGNITO_USERPOOL_ARN)\u304c\u5229\u7528\u3067\u304d\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n
    \u3053\u306e\u3088\u3046\u306a\u74b0\u5883\u5909\u6570\u306f\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e .chalice\/config.json<\/code> \u306b\u8a18\u8f09\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002
    \n    Configuration File - environment_variables<\/a><\/p>\n
    \u3067\u3059\u304c\u3001\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u5185\u306b\u74b0\u5883\u56fa\u6709\u306e\u5024(COGNITO_USERPOOL_ARN)\u3092\u8a18\u8f09\u3059\u308b\u3053\u3068\u306b\u62b5\u6297\u304c\u3042\u3063\u305f\u306e\u3067\u3001
    \n\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u5916\u304b\u3089 COGNITO_USERPOOL_ARN \u3092\u633f\u5165\u3059\u308b\u4ed5\u7d44\u307f\u306b\u3057\u307e\u3057\u305f\u3002
    \n\u305d\u308c\u304c\u4e0a\u8a18 buildspec \u5185\u3067\u5b9f\u65bd\u3057\u3066\u3044\u308b build.py<\/code> \u3067\u3059\u3002<\/p>\n
    \u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30eb\u30fc\u30c8\u306b config.json<\/code> \u306e\u5143\u306b\u306a\u308b chalice-config.json<\/code> \u3092\u914d\u7f6e\u3057\u3001
    \nbuild.py<\/code> \u304c\u305d\u3053\u306b COGNITO_USERPOOL_ARN (CodeBuild \u306e\u74b0\u5883\u5909\u6570) \u3092\u8ffd\u52a0\u3057 .chalice\/config.json<\/code> \u3068\u3057\u3066\u4fdd\u5b58\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n
    .\n\u251c\u2500\u2500 .chalice\n\u2502   \u2514\u2500\u2500 config.json (build.py \u3067\u751f\u6210)\n\u251c\u2500\u2500 app.py\n\u251c\u2500\u2500 build.py\n\u2514\u2500\u2500 chalice-config.json (config.json \u306e\u5143\u306b\u306a\u308b\u30d5\u30a1\u30a4\u30eb)\n<\/pre>\n
    build.py<\/code> \u306e\u5185\u5bb9\u306f\u4ee5\u4e0b\u306e\u901a\u308a\u3067\u3059\u3002<\/p>\n
    \r\nimport argparse\r\nimport os\r\nimport json\r\n\r\nROOT_PATH = os.path.dirname(os.path.abspath(__file__))\r\n\r\nclass Build():\r\n    def __init__(self, args):\r\n        self.cognito_userpool_arn = args.cognito_userpool_arn\r\n\r\n    def main(self) -> None:\r\n        self.config = self.load_base_config()\r\n        self.generate_config()\r\n        self.output_config()\r\n    \r\n    def load_base_config(self) -> dict:\r\n        with open(f'{ROOT_PATH}\/chalice-config.json', 'r') as file:\r\n            base_config = json.load(file)\r\n        return base_config\r\n\r\n    def generate_config(self) -> None:\r\n        self.config['environment_variables'] = {\r\n            'COGNITO_USERPOOL_ARN': self.cognito_userpool_arn\r\n        }\r\n        \r\n    def output_config(self) -> None:\r\n        with open(f'{ROOT_PATH}\/.chalice\/config.json', 'w') as file:\r\n            file.write(json.dumps(self.config, indent=2))\r\n\r\ndef main():\r\n    parser = argparse.ArgumentParser()\r\n    parser.add_argument('--cognito-userpool-arn', required=True)\r\n    args = parser.parse_args()\r\n    return Build(args).main()\r\n\r\nmain()\r\n<\/pre>\n
    \u672c\u5f53\u306f\u3053\u306e\u3088\u3046\u306a\u72ec\u81ea\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u4f5c\u308a\u305f\u304f\u306a\u304b\u3063\u305f\u306e\u3067\u3059\u304c\u3001
    \n\u305d\u3053\u307e\u3067\u8907\u96d1\u306a\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u3082\u306a\u3044\u306e\u3067\u3001\u3053\u308c\u306f\u3053\u308c\u3067\u826f\u3057\u3068\u3057\u307e\u3057\u305f\u3002<\/p>\n
    \u307e\u3068\u3081<\/h1>\n
      \n
    • Cognito \u8a8d\u8a3c \/ API Key \u8a8d\u8a3c \u3092\u4f7f\u3044\u5206\u3051\u308b\u306b\u306f URL \u30d1\u30b9\u3092\u5206\u3051\u308b\u5fc5\u8981\u304c\u3042\u308b<\/li>\n
    • Chalice \u3067 Cognito \u8a8d\u8a3c\u3092\u8a2d\u5b9a\u3059\u308b\u5834\u5408\u306f authorizer=...<\/code> \u3067\u8a2d\u5b9a\u3059\u308b<\/li>\n
    • Chalice \u3067 API Key \u8a8d\u8a3c\u3092\u8a2d\u5b9a\u3059\u308b\u5834\u5408\u306f api_key_required=True<\/code> \u3067\u8a2d\u5b9a\u3059\u308b<\/li>\n
    • \u30d3\u30eb\u30c9(chalice package)\u5b9f\u884c\u6642\u306b Cognito \u30e6\u30fc\u30b6\u30fc\u30d7\u30fc\u30eb ARN \u304c\u5fc5\u8981\u306b\u306a\u308b\u304c\u3001ARN \u3092\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u306b\u542b\u3081\u305f\u304f\u306a\u3044\u5834\u5408\u306f\u4eca\u56de\u7d39\u4ecb\u3057\u305f build.py<\/code> \u306e\u3088\u3046\u306a\u5de5\u592b\u304c\u5fc5\u8981<\/li>\n<\/ul>\n
      \u5171\u540c\u8457\u8005: \u795e\u6d25<\/p>\n","protected":false},"excerpt":{"rendered":"
      \u6982\u8981\u3001\u5b9f\u65bd\u3057\u305f\u3044\u3053\u3068 \u5b9f\u65bd\u3057\u305f\u3044\u3053\u3068\u3068\u3057\u3066\u306f\u4ee5\u4e0b\u306b\u306a\u308a\u307e\u3059\u3002 AWS Chalice \u3067 API Gateway + Lambda \u3092\u30c7\u30d7\u30ed\u30a4 \u30d3\u30eb\u30c9\u30fb\u30c7\u30d7\u30ed\u30a4\u306f CodePipeline \u3067\u5b9f\u884c 1\u3064\u306e API Gat…<\/p>\n","protected":false},"author":60,"featured_media":23164,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_locale":"ja","_original_post":"https:\/\/www.skyarch.net\/blog\/?p=23150","footnotes":""},"categories":[20,1020],"tags":[102,659,383],"class_list":{"0":"post-23150","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-aws","8":"category-ci-cd","9":"tag-aws","10":"tag-aws-codebuild","11":"tag-aws-codepipeline","12":"ja"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts\/23150","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/users\/60"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/comments?post=23150"}],"version-history":[{"count":16,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts\/23150\/revisions"}],"predecessor-version":[{"id":23735,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts\/23150\/revisions\/23735"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/media\/23164"}],"wp:attachment":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/media?parent=23150"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/categories?post=23150"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/tags?post=23150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}