nachoab/resource.yml

## resource.yml
# Create 'foo/bar' private endpoint on API Gateway, with POST method using HTTP integration
# Your APIG foo/bar endpoint will validate the request IAM session and if succeds, pass the request to your endpoint passing all data received including the user session
# It passes request headers, path, querystring, body and context (cognito user is here) to the endpoint as the body payload


ApiGatewayResourceFoo:
  Type: AWS::ApiGateway::Resource
  Properties:
    PathPart: foo
    ParentId:
      Fn::GetAtt:
        - ApiGatewayRestApi
        - RootResourceId
    RestApiId:
      Ref: ApiGatewayRestApi

ApiGatewayResourceFooBar:
  Type: AWS::ApiGateway::Resource
  Properties:
    PathPart: bar
    ParentId:
      Ref: ApiGatewayResourceFoo
    RestApiId:
      Ref: ApiGatewayRestApi

FooBarProxyMethod:
  Type: AWS::ApiGateway::Method
  Properties:
    ResourceId:
      Ref: ApiGatewayResourceFooBar
    RestApiId:
      Ref: ApiGatewayRestApi
    HttpMethod: POST
    AuthorizationType: AWS_IAM
    MethodResponses:
      -
        StatusCode: 200
        ResponseParameters:
          method.response.header.Access-Control-Allow-Origin: true
    Integration:
      Type: HTTP
      IntegrationHttpMethod: POST
      Credentials: "arn:aws:iam::*:user/*"
      Uri: http://your-enpoint
      RequestTemplates:
        application/json: "#set($allParams = $input.params())\n{\n\"body-json\" : $input.json('$'),\n\"params\" : {\n#foreach($type in $allParams.keySet())\n    #set($params = $allParams.get($type))\n\"$type\" : {\n    #foreach($paramName in $params.keySet())\n    \"$paramName\" : \"$util.escapeJavaScript($params.get($paramName))\"\n        #if($foreach.hasNext),#end\n    #end\n}\n    #if($foreach.hasNext),#end\n#end\n},\n\"stage-variables\" : {\n#foreach($key in $stageVariables.keySet())\n\"$key\" : \"$util.escapeJavaScript($stageVariables.get($key))\"\n    #if($foreach.hasNext),#end\n#end\n},\n\"context\" : {\n    \"account-id\" : \"$context.identity.accountId\",\n    \"api-id\" : \"$context.apiId\",\n    \"api-key\" : \"$context.identity.apiKey\",\n    \"authorizer-principal-id\" : \"$context.authorizer.principalId\",\n    \"caller\" : \"$context.identity.caller\",\n    \"cognito-authentication-provider\" : \"$context.identity.cognitoAuthenticationProvider\",\n    \"cognito-authentication-type\" : \"$context.identity.cognitoAuthenticationType\",\n    \"cognito-identity-id\" : \"$context.identity.cognitoIdentityId\",\n    \"cognito-identity-pool-id\" : \"$context.identity.cognitoIdentityPoolId\",\n    \"http-method\" : \"$context.httpMethod\",\n    \"stage\" : \"$context.stage\",\n    \"source-ip\" : \"$context.identity.sourceIp\",\n    \"user\" : \"$context.identity.user\",\n    \"user-agent\" : \"$context.identity.userAgent\",\n    \"user-arn\" : \"$context.identity.userArn\",\n    \"request-id\" : \"$context.requestId\",\n    \"resource-id\" : \"$context.resourceId\",\n    \"resource-path\" : \"$context.resourcePath\"\n    }\n}"
      IntegrationResponses:
        -
          StatusCode: 200
          ResponseParameters:
            method.response.header.Access-Control-Allow-Origin: "'*'"
          ResponseTemplates:
            application/json: ""

FooBarProxyOptions:
  Type: AWS::ApiGateway::Method
  Properties:
    AuthorizationType: NONE
    HttpMethod: OPTIONS
    MethodResponses:
      -
        StatusCode: 200
        ResponseParameters:
          method.response.header.Access-Control-Allow-Origin: true
          method.response.header.Access-Control-Allow-Headers: true
          method.response.header.Access-Control-Allow-Methods: true
          method.response.header.Access-Control-Allow-Credentials: true
    Integration:
      Type: MOCK
      RequestTemplates:
        application/json: "{statusCode:200}"
      IntegrationResponses:
        -
          StatusCode: 200
          ResponseParameters:
            method.response.header.Access-Control-Allow-Origin: "'*'"
            method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
            method.response.header.Access-Control-Allow-Methods: "'OPTIONS,POST'"
            method.response.header.Access-Control-Allow-Credentials: "'false'"
          ResponseTemplates:
            application/json: ""
    ResourceId:
      Ref: ApiGatewayResourceFooBar
    RestApiId:
      Ref: ApiGatewayRestApi
	# Create 'foo/bar' private endpoint on API Gateway, with POST method using HTTP integration
	# Your APIG foo/bar endpoint will validate the request IAM session and if succeds, pass the request to your endpoint passing all data received including the user session
	# It passes request headers, path, querystring, body and context (cognito user is here) to the endpoint as the body payload


	ApiGatewayResourceFoo:
	Type: AWS::ApiGateway::Resource
	Properties:
	PathPart: foo
	ParentId:
	Fn::GetAtt:
	- ApiGatewayRestApi
	- RootResourceId
	RestApiId:
	Ref: ApiGatewayRestApi

	ApiGatewayResourceFooBar:
	Type: AWS::ApiGateway::Resource
	Properties:
	PathPart: bar
	ParentId:
	Ref: ApiGatewayResourceFoo
	RestApiId:
	Ref: ApiGatewayRestApi

	FooBarProxyMethod:
	Type: AWS::ApiGateway::Method
	Properties:
	ResourceId:
	Ref: ApiGatewayResourceFooBar
	RestApiId:
	Ref: ApiGatewayRestApi
	HttpMethod: POST
	AuthorizationType: AWS_IAM
	MethodResponses:
	-
	StatusCode: 200
	ResponseParameters:
	method.response.header.Access-Control-Allow-Origin: true
	Integration:
	Type: HTTP
	IntegrationHttpMethod: POST
	Credentials: "arn:aws:iam:::user/"
	Uri: http://your-enpoint
	RequestTemplates:
	application/json: "#set($allParams = $input.params())\n{\n\"body-json\" : $input.json('$'),\n\"params\" : {\n#foreach($type in $allParams.keySet())\n #set($params = $allParams.get($type))\n\"$type\" : {\n #foreach($paramName in $params.keySet())\n \"$paramName\" : \"$util.escapeJavaScript($params.get($paramName))\"\n #if($foreach.hasNext),#end\n #end\n}\n #if($foreach.hasNext),#end\n#end\n},\n\"stage-variables\" : {\n#foreach($key in $stageVariables.keySet())\n\"$key\" : \"$util.escapeJavaScript($stageVariables.get($key))\"\n #if($foreach.hasNext),#end\n#end\n},\n\"context\" : {\n \"account-id\" : \"$context.identity.accountId\",\n \"api-id\" : \"$context.apiId\",\n \"api-key\" : \"$context.identity.apiKey\",\n \"authorizer-principal-id\" : \"$context.authorizer.principalId\",\n \"caller\" : \"$context.identity.caller\",\n \"cognito-authentication-provider\" : \"$context.identity.cognitoAuthenticationProvider\",\n \"cognito-authentication-type\" : \"$context.identity.cognitoAuthenticationType\",\n \"cognito-identity-id\" : \"$context.identity.cognitoIdentityId\",\n \"cognito-identity-pool-id\" : \"$context.identity.cognitoIdentityPoolId\",\n \"http-method\" : \"$context.httpMethod\",\n \"stage\" : \"$context.stage\",\n \"source-ip\" : \"$context.identity.sourceIp\",\n \"user\" : \"$context.identity.user\",\n \"user-agent\" : \"$context.identity.userAgent\",\n \"user-arn\" : \"$context.identity.userArn\",\n \"request-id\" : \"$context.requestId\",\n \"resource-id\" : \"$context.resourceId\",\n \"resource-path\" : \"$context.resourcePath\"\n }\n}"
	IntegrationResponses:
	-
	StatusCode: 200
	ResponseParameters:
	method.response.header.Access-Control-Allow-Origin: "'*'"
	ResponseTemplates:
	application/json: ""

	FooBarProxyOptions:
	Type: AWS::ApiGateway::Method
	Properties:
	AuthorizationType: NONE
	HttpMethod: OPTIONS
	MethodResponses:
	-
	StatusCode: 200
	ResponseParameters:
	method.response.header.Access-Control-Allow-Origin: true
	method.response.header.Access-Control-Allow-Headers: true
	method.response.header.Access-Control-Allow-Methods: true
	method.response.header.Access-Control-Allow-Credentials: true
	Integration:
	Type: MOCK
	RequestTemplates:
	application/json: "{statusCode:200}"
	IntegrationResponses:
	-
	StatusCode: 200
	ResponseParameters:
	method.response.header.Access-Control-Allow-Origin: "'*'"
	method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
	method.response.header.Access-Control-Allow-Methods: "'OPTIONS,POST'"
	method.response.header.Access-Control-Allow-Credentials: "'false'"
	ResponseTemplates:
	application/json: ""
	ResourceId:
	Ref: ApiGatewayResourceFooBar
	RestApiId:
	Ref: ApiGatewayRestApi