Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Created API Key is not associated with a Usage Plan #390

Open
jakul opened this issue Oct 11, 2016 · 4 comments
Open

Created API Key is not associated with a Usage Plan #390

jakul opened this issue Oct 11, 2016 · 4 comments

Comments

@jakul
Copy link
Contributor

jakul commented Oct 11, 2016

I have "Usage Plans" enabled on my AWS API Gateways and now when I create a new API with Zappa which has api_key_required: true all requests I make to that API return 403.

Apparantly AWS requires created API Keys to be associated with a usage plan before they can be used

[2b4492] [2016-10-11 15:26:57] Verifying Usage Plan for request: 25bdd356-8fc7-11e6-93c4-e3cf41861839. API Key: **********************************gE96dR API Stage: i01t0vftre/staging
[2b4492] [2016-10-11 15:26:57] API Key **********************************gE96dR not authorized because method 'GET /' requires API Key and API Key is not associated with a Usage Plan for API Stage i01t0vftre/staging: API Stage is not in a Usage Plan
[2b4492] [2016-10-11 15:26:57] Method completed with status: 403

I can associate the keys manually in the AWS UI for now, but ideally Zappa should auto create the usage plan for me (or allow me to specify the name of an existing usage plan to associate the key with)
@mjgorman
Copy link
Contributor

This looks like it wouldn't be that hard to do. I wasn't familiar with Usage plans when i implemented the api key portion. I'll see what I can do to add this feature.

@thinkmonkeys
Copy link

Any update on this?

@alfonsomhc
Copy link

I have also had troubles with this issue. As it is now, api key authentication won't work unless the user manually creates a user plan in Amazon Gateway API and links the API and the Key.

This was referenced Aug 30, 2017
Closed
Open
@jcomish
Copy link

jcomish commented Dec 18, 2020
edited
Loading

For those, like me, that were waiting for a fix, here is a temporary workaround. It will create the usage plan and link the api key to it via a Zappa post script.

import boto3


def create_usage_plan(zappa_cli):
    if zappa_cli.command == 'deploy':
        api_id = zappa_cli.zappa.get_api_id(zappa_cli.lambda_name)
        session = boto3.session.Session(profile_name=zappa_cli.profile_name,
                                        region_name=zappa_cli.aws_region)

        # Create the usage plan
        client = session.client('apigateway')
        usage_plan = client.create_usage_plan(
            name=f"{zappa_cli.api_stage}-{api_id}",
            description=f'Usage plan for {api_id}',
            apiStages=[
                {
                    'apiId': api_id,
                    'stage': zappa_cli.api_stage,
                },
            ],
        )

        # Link the api key to the usage plan
        response = client.create_usage_plan_key(
            usagePlanId=usage_plan['id'],
            keyId=next(zappa_cli.zappa.get_api_keys(api_id, zappa_cli.api_stage)),
            keyType='API_KEY'
        )

Then add the following to your zappa settings. This assumes that you have the code in a file called "zappa_post.py" in the same directory as zappa_settings.

"callbacks": {
            "post": "zappa_post.create_usage_plan"
        },

Largely based on romabysen's response on #707.

@jneves jneves mentioned this issue Feb 20, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jakul @alfonsomhc @thinkmonkeys @mjgorman @jcomish