Referencing this post and the Serverless docs, I’ve appeared to have configured request body validation correctly in my serverless template (and verified as much in the AWS API Gateway dashboard), however, the request body validations I’ve configured are not firing.
API settings in my root serverless.yml
are as follows:
provider:
name: aws
runtime: nodejs18.x
region: us-west-2
profile: myApplication
environment:
LOGGING_SVC_FUNC: !Sub myApplication-api-gateway-${sls:stage}-loggingService
MOESIF_APP_ID: ${param:moesif-app-id}
# ${file(env.${sls:stage}.json)}
apiName: myApplication-api-gateway-${sls:stage}
endpointType: EDGE
logs:
restApi:
accessLogging: true
executionLogging: false
format: '{"apiId": "$context.apiId","requestId": "$context.requestId","requestTime": "$context.requestTime","protocol": "$context.protocol","httpMethod": "$context.httpMethod","resourcePath": "$context.path","requestHostHeader": "$context.domainName","requestUserAgentHeader": "$context.identity.userAgent","ip": "$context.identity.sourceIp","status": "$context.status","responseLength": "$context.responseLength","durationMs": "$context.responseLatency","caller": "$context.identity.caller","user": "$context.authorizer.client_id","principalId": "$context.authorizer.principalId","cognitoIdentityId": "$context.identity.cognitoIdentityId","userArn": "$context.identity.userArn","apiKey": "$context.identity.apiKey","apiKeyId": "$context.identity.apiKeyId"}'
apiGateway:
binaryMediaTypes:
- '*/*'
apiKeySourceType: AUTHORIZER
description: myApplication partner API
disableDefaultEndpoint: true
While my actual validation model varies from this, the request body validation fails even when using the following template or templates pulled directly from AWS’ site:
{
"definitions": {},
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"title": "The Root Schema",
"required": [
"username"
],
"properties": {
"username": {
"type": "string",
"title": "The Foo Schema",
"default": "",
"pattern": "^[a-zA-Z0-9]+$"
}
}
}
Note that I am using a custom lambda authorizer and the custom access logging as defined above.
Anyone else experiencing this issue? Thanks much.