Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
CloudFormation example for an API Gateway endpoint calling a Lambda function using proxy integration.

CloudFormation example for API Gateway integration to Lambda function

Template that will create the following:

  • API Gateway endpoint:
    • A single root method, accepting POST requests only with Lambda proxy integration to a function.
  • In-line Lambda function echoing back requesting users IP address to API Gateway requests:
    • IAM role for Lambda allowing CloudWatch logs access.
    • Permissions for Lambda that allow API Gateway endpoint to successfully invoke function.
  • CloudWatch logs group for Lambda, with 90 day log retention.

After standing up the template, you should be able to curl a POST request to the URL listed as the apiGatewayInvokeURL output value.

$ curl --request POST https://APIGW_ID.execute-api.AWS_REGION.amazonaws.com/call
# Hello there 127.0.0.1

Reference

AWSTemplateFormatVersion: "2010-09-09"
Description: "My API Gateway and Lambda function"
Parameters:
apiGatewayStageName:
Type: "String"
AllowedPattern: "^[a-z0-9]+$"
Default: "call"
lambdaFunctionName:
Type: "String"
AllowedPattern: "^[a-zA-Z0-9]+[a-zA-Z0-9-]+[a-zA-Z0-9]+$"
Default: "my-function"
Resources:
apiGateway:
Type: "AWS::ApiGateway::RestApi"
Properties:
Name: "my-api"
Description: "My API"
apiGatewayRootMethod:
Type: "AWS::ApiGateway::Method"
Properties:
AuthorizationType: "NONE"
HttpMethod: "POST"
Integration:
IntegrationHttpMethod: "POST"
Type: "AWS_PROXY"
Uri: !Sub
- "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${lambdaArn}/invocations"
- lambdaArn: !GetAtt "lambdaFunction.Arn"
ResourceId: !GetAtt "apiGateway.RootResourceId"
RestApiId: !Ref "apiGateway"
apiGatewayDeployment:
Type: "AWS::ApiGateway::Deployment"
DependsOn:
- "apiGatewayRootMethod"
Properties:
RestApiId: !Ref "apiGateway"
StageName: !Ref "apiGatewayStageName"
lambdaFunction:
Type: "AWS::Lambda::Function"
Properties:
Code:
ZipFile: |
def handler(event,context):
return {
'body': 'Hello there {0}'.format(event['requestContext']['identity']['sourceIp']),
'headers': {
'Content-Type': 'text/plain'
},
'statusCode': 200
}
Description: "My function"
FunctionName: !Ref "lambdaFunctionName"
Handler: "index.handler"
MemorySize: 128
Role: !GetAtt "lambdaIAMRole.Arn"
Runtime: "python2.7"
Timeout: 10
lambdaApiGatewayInvoke:
Type: "AWS::Lambda::Permission"
Properties:
Action: "lambda:InvokeFunction"
FunctionName: !GetAtt "lambdaFunction.Arn"
Principal: "apigateway.amazonaws.com"
SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${apiGateway}/*/POST/"
lambdaIAMRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Action:
- "sts:AssumeRole"
Effect: "Allow"
Principal:
Service:
- "lambda.amazonaws.com"
Policies:
- PolicyDocument:
Version: "2012-10-17"
Statement:
- Action:
- "logs:CreateLogGroup"
- "logs:CreateLogStream"
- "logs:PutLogEvents"
Effect: "Allow"
Resource:
- !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/${lambdaFunctionName}:*"
PolicyName: "lambda"
lambdaLogGroup:
Type: "AWS::Logs::LogGroup"
Properties:
LogGroupName: !Sub "/aws/lambda/${lambdaFunctionName}"
RetentionInDays: 90
Outputs:
apiGatewayInvokeURL:
Value: !Sub "https://${apiGateway}.execute-api.${AWS::Region}.amazonaws.com/${apiGatewayStageName}"
lambdaArn:
Value: !GetAtt "lambdaFunction.Arn"
@uchar

This comment has been minimized.

Copy link

commented Apr 7, 2019

I think
SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${apiGateway}/*/POST/"
should be :
SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:my-api/*/POST/"

@aghalbert

This comment has been minimized.

Copy link

commented Apr 12, 2019

Tested @uchar's comment, the change causes an {"message": "Internal server error"} response, so the original value is correct.

@nankan06

This comment has been minimized.

Copy link

commented Apr 18, 2019

I am facing an error in AWS::ApiGateway::Deployment. The error is,
'Encountered unsupported property RestApiID'. Any help please?

@jhw

This comment has been minimized.

Copy link

commented Jun 5, 2019

My guess is u have RestApiID probably badly indented, probably under Integration when it should be under Properties - I did the same

@bmschwa

This comment has been minimized.

Copy link

commented Jul 11, 2019

When running

sam local start-api --debug

sam believes there's no apis connected to the lambda function (using sam 0.18.0)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.