Created
April 5, 2016 23:39
-
-
Save sapessi/0ba5fcead944ca1134101273617f6f18 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @gene_wood Glad you find the import functionality useful! Using the API you can also merge multiple Swagger files in a single API. | |
| API Gateway calls Lambda functions using the public invoke endpoint. There are 2 ways to authorize a call to Lambda: | |
| 1. You can use roles in your account (what was call the invocation role). API Gateway will assume the role in your account and invoke the Lambda function. In this case your role needs to allow invocations in Lambda and have a trust relationship with apigateway.amazonaws.com that allows sts:AssumeRole | |
| 2. Using resource policies in Lambda, this is why you see the popup in the console. In this case the API Gateway console makes an AddPermission call to Lambda in the background to authorize API Gateway as a caller on your Lambda function (http://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html) | |
| when deploying APIs using the Swagger import you can use either method. For the first one, simply specify the invocation role ARN in the credentials field of the x-apigateway-integration tag. For the second one, you will have to use the AWS CLI to make the AddPermission call to Lambda with the new method ARN in API Gateway. | |
| After the API is deployed using Swagger you can get the method ARN from API Gateway, then use the AWS CLI to make this call: | |
| aws lambda add-permission --function-name MyLambdaFunction --statement-id 123UniqueStatementId123 --action lambda:InvokeFunction --principal apigateway.amazonaws.com --source-arn arn:aws:execute-api:us-east-1:XXXXXXXXXXXXXX:API_ID/*/GET/ |
The template would look like this:
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Resources:
MyApi:
Type: AWS::Serverless::Api
Properties:
StageName: prod
DefinitionBody:
'Fn::Transform':
Name: 'AWS::Include'
Parameters:
Location: ./openapi.yaml
MyLambdaFunction:
Type: AWS::Serverless::Function
...In the same directory you'd have an OpenAPI specification file. Because the OpenAPI file is included in the template automatically (Fn::Transform), you can reference other resources in the template such as Lambda functions:
openapi: 3.0.1
info:
title: Sample API
paths:
/example:
get:
responses:
200:
description: Succesful response
content: {}
security:
- sigv4:
- sigv4
x-amazon-apigateway-integration:
responses:
default:
statusCode: 200
uri:
Fn::Sub: "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyLambdaFunction.Arn}/invocations"
passthroughBehavior: when_no_match
httpMethod: POST
type: aws_proxy
securitySchemes:
sigv4:
type: apiKey
name: api_key
in: header
x-amazon-apigateway-authtype: awsSigv4
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
do u have some example using openapi ?