Edit: This started working as expected by itself the day after. I'm very sure I didn't do anything different. Don't know what to do with the question. Close, Delete?, Let it be?
I am creating a servless web api using AWS SAM and the new HTTP API gateway.
This is my current template file:
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
fotffleet-api
Sample SAM Template for fotffleet-api
# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
Function:
Timeout: 3
CodeUri: fotffleet/
Runtime: python3.7
Resources:
ServerlessHttpApi:
Type: AWS::Serverless::HttpApi
Properties:
CorsConfiguration:
AllowOrigins:
- "http://localhost:3000"
AllowMethods:
- GET
DefinitionBody:
openapi: "3.0.1"
info:
title: "sam-app"
version: "1.0"
tags:
- name: "httpapi:createdBy"
x-amazon-apigateway-tag-value: "SAM"
paths:
/cells:
get:
responses:
default:
description: "Default response for GET /cells"
x-amazon-apigateway-integration:
payloadFormatVersion: "2.0"
type: "aws_proxy"
httpMethod: "POST"
uri:
Fn::GetAtt: [CellsFunction, Arn]
connectionType: "INTERNET"
/cells/{cellName}:
get:
responses:
default:
description: "Default response for GET /cells/{cellName}"
x-amazon-apigateway-integration:
payloadFormatVersion: "2.0"
type: "aws_proxy"
httpMethod: "POST"
uri:
Fn::GetAtt: [CellInfoFunction, Arn]
connectionType: "INTERNET"
/hello:
get:
responses:
default:
description: "Default response for GET /hello"
x-amazon-apigateway-integration:
payloadFormatVersion: "2.0"
type: "aws_proxy"
httpMethod: "POST"
uri:
Fn::GetAtt: [HelloFunction, Arn]
connectionType: "INTERNET"
/jobs/{cellName}:
get:
responses:
default:
description: "Default response for GET /jobs/{cellName}"
x-amazon-apigateway-integration:
payloadFormatVersion: "2.0"
type: "aws_proxy"
httpMethod: "POST"
uri:
Fn::GetAtt: [JobsFunction, Arn]
connectionType: "INTERNET"
x-amazon-apigateway-cors:
maxAge: 0
allowCredentials: false
allowOrigins:
- "http://localhost:3000"
x-amazon-apigateway-importexport-version: "1.0"
HelloFunction:
Type: AWS::Serverless::Function
Properties:
Handler: app.hello
Events:
Hello:
Type: HttpApi
Properties:
Path: /hello
Method: get
ApiId: !Ref ServerlessHttpApi
CellInfoFunction:
Type: AWS::Serverless::Function
Properties:
Handler: app.cell_info
Policies:
- AWSIoTFullAccess
Events:
Http:
Type: HttpApi
Properties:
Path: /cells/{cellName}
Method: get
ApiId: !Ref ServerlessHttpApi
CellsFunction:
Type: AWS::Serverless::Function
Properties:
Handler: app.cells
Policies:
- AWSIoTFullAccess
Events:
Http:
Type: HttpApi
Properties:
Path: /cells
Method: get
ApiId: !Ref ServerlessHttpApi
JobsFunction:
Type: AWS::Serverless::Function
Properties:
Handler: app.jobs
Policies:
- AmazonDynamoDBReadOnlyAccess
Events:
Http:
Type: HttpApi
Properties:
Path: /jobs/{cellName}
Method: get
ApiId: !Ref ServerlessHttpApi
Outputs:
# Find out more about other implicit resources you can reference within SAM
# https://github.com/awslabs/serverless-application-model/blob/master/docs/internals/generated_resources.rst#api
HelloWorldApi:
Description: "API Gateway endpoint URL for Prod stage"
Value: !Sub "https://${ServerlessHttpApi}.execute-api.${AWS::Region}.amazonaws.com"
As it can be seen, I have added some CORS configuration. Both in the AWS::Serverless::HttpApi and also in the DefinitionBody i.e. the OpenAPI spec.
My problem is that as far as I can tell, all CORS configurations are completely ignored. When I deploy after changing cors configuration, it says:
Waiting for changeset to be created..
Error: No changes to deploy. Stack sam-app is up to date
When I run sam validate --debug --profile [my-profile] it is my understandign that the CloudFormation file which it tries to deploy is output. It looks like this:
AWSTemplateFormatVersion: '2010-09-09'
Description: 'fotffleet-api
Sample SAM Template for fotffleet-api
'
Resources:
HelloFunction:
Properties:
Code:
S3Bucket: bucket
S3Key: value
Handler: app.hello
Role:
Fn::GetAtt:
- HelloFunctionRole
- Arn
Runtime: python3.7
Tags:
- Key: lambda:createdBy
Value: SAM
Timeout: 3
Type: AWS::Lambda::Function
HelloFunctionRole:
Properties:
AssumeRolePolicyDocument:
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Version: '2012-10-17'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
Tags:
- Key: lambda:createdBy
Value: SAM
Type: AWS::IAM::Role
HelloFunctionHelloPermission:
Properties:
Action: lambda:InvokeFunction
FunctionName:
Ref: HelloFunction
Principal: apigateway.amazonaws.com
SourceArn:
Fn::Sub:
- arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/hello
- __ApiId__:
Ref: ServerlessHttpApi
__Stage__: '*'
Type: AWS::Lambda::Permission
CellInfoFunction:
Properties:
Code:
S3Bucket: bucket
S3Key: value
Handler: app.cell_info
Role:
Fn::GetAtt:
- CellInfoFunctionRole
- Arn
Runtime: python3.7
Tags:
- Key: lambda:createdBy
Value: SAM
Timeout: 3
Type: AWS::Lambda::Function
CellInfoFunctionRole:
Properties:
AssumeRolePolicyDocument:
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Version: '2012-10-17'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
- arn:aws:iam::aws:policy/AWSIoTFullAccess
Tags:
- Key: lambda:createdBy
Value: SAM
Type: AWS::IAM::Role
CellInfoFunctionHttpPermission:
Properties:
Action: lambda:InvokeFunction
FunctionName:
Ref: CellInfoFunction
Principal: apigateway.amazonaws.com
SourceArn:
Fn::Sub:
- arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cells/*
- __ApiId__:
Ref: ServerlessHttpApi
__Stage__: '*'
Type: AWS::Lambda::Permission
CellsFunction:
Properties:
Code:
S3Bucket: bucket
S3Key: value
Handler: app.cells
Role:
Fn::GetAtt:
- CellsFunctionRole
- Arn
Runtime: python3.7
Tags:
- Key: lambda:createdBy
Value: SAM
Timeout: 3
Type: AWS::Lambda::Function
CellsFunctionRole:
Properties:
AssumeRolePolicyDocument:
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Version: '2012-10-17'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
- arn:aws:iam::aws:policy/AWSIoTFullAccess
Tags:
- Key: lambda:createdBy
Value: SAM
Type: AWS::IAM::Role
CellsFunctionHttpPermission:
Properties:
Action: lambda:InvokeFunction
FunctionName:
Ref: CellsFunction
Principal: apigateway.amazonaws.com
SourceArn:
Fn::Sub:
- arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/cells
- __ApiId__:
Ref: ServerlessHttpApi
__Stage__: '*'
Type: AWS::Lambda::Permission
JobsFunction:
Properties:
Code:
S3Bucket: bucket
S3Key: value
Handler: app.jobs
Role:
Fn::GetAtt:
- JobsFunctionRole
- Arn
Runtime: python3.7
Tags:
- Key: lambda:createdBy
Value: SAM
Timeout: 3
Type: AWS::Lambda::Function
JobsFunctionRole:
Properties:
AssumeRolePolicyDocument:
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Version: '2012-10-17'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
- arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess
Tags:
- Key: lambda:createdBy
Value: SAM
Type: AWS::IAM::Role
JobsFunctionHttpPermission:
Properties:
Action: lambda:InvokeFunction
FunctionName:
Ref: JobsFunction
Principal: apigateway.amazonaws.com
SourceArn:
Fn::Sub:
- arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/jobs/*
- __ApiId__:
Ref: ServerlessHttpApi
__Stage__: '*'
Type: AWS::Lambda::Permission
ServerlessHttpApi:
Properties:
Body:
info:
title:
Ref: AWS::StackName
version: '1.0'
openapi: 3.0.1
paths:
/cells:
get:
responses: {}
x-amazon-apigateway-integration:
httpMethod: POST
payloadFormatVersion: '2.0'
type: aws_proxy
uri:
Fn::Sub: arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${CellsFunction.Arn}/invocations
/cells/{cellName}:
get:
parameters:
- in: path
name: cellName
required: true
responses: {}
x-amazon-apigateway-integration:
httpMethod: POST
payloadFormatVersion: '2.0'
type: aws_proxy
uri:
Fn::Sub: arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${CellInfoFunction.Arn}/invocations
/hello:
get:
responses: {}
x-amazon-apigateway-integration:
httpMethod: POST
payloadFormatVersion: '2.0'
type: aws_proxy
uri:
Fn::Sub: arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${HelloFunction.Arn}/invocations
/jobs/{cellName}:
get:
parameters:
- in: path
name: cellName
required: true
responses: {}
x-amazon-apigateway-integration:
httpMethod: POST
payloadFormatVersion: '2.0'
type: aws_proxy
uri:
Fn::Sub: arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${JobsFunction.Arn}/invocations
tags:
- name: httpapi:createdBy
x-amazon-apigateway-tag-value: SAM
Type: AWS::ApiGatewayV2::Api
ServerlessHttpApiApiGatewayDefaultStage:
Properties:
ApiId:
Ref: ServerlessHttpApi
AutoDeploy: true
StageName: $default
Tags:
httpapi:createdBy: SAM
Type: AWS::ApiGatewayV2::Stage
Outputs:
HelloWorldApi:
Description: API Gateway endpoint URL for Prod stage
Value:
Fn::Sub: https://${ServerlessHttpApi}.execute-api.${AWS::Region}.amazonaws.com
I don't know what this should look like, but I find it strange that there is no mention of anything CORS related in there at all.
I have tried many variations such as: CORS settings only in the properites, only in the openAPI definition, not having a definition body and letting SAM generate it, having it in a seperate file.
No matter what I do, it is as if SAM completely and silently ignores any cors settings.
If it is not obvious, I would like to know what to do in order to get SAM to apply these CORS settings on deploy.
I get {"message": "Internal server error"} return from AWS API gateway when I write a Cloudformation template. Everything works well if I configure them on AWS console.
curl https://abcdefgh.execute-api.ap-southeast-1.amazonaws.com/demo/getitems
{"message": "Internal server error"}
I check all parts in the CF template and I think the problem is in "AWS::ApiGateway::Method". All configuration/parameters are the same between CF template and AWS console ( I checked them on console). When I delete the method created by CF, re-create and re-deploy it manually, it works.
I believe that "AWS::Lambda::Permission" works because I see it in Resource-based policy.
Does anyone have a solution to this problem? Thank you in advance.
The CF template:
apigwGETMethod:
DependsOn:
- apiResourceGET
- lambdaFunction3
Type: "AWS::ApiGateway::Method"
Properties:
AuthorizationType: "NONE"
HttpMethod: "GET"
ResourceId: !Ref apiResourceGET
RestApiId: !Ref apiGateway
Integration:
IntegrationHttpMethod: "GET"
Type: "AWS"
Credentials: !GetAtt ServerlessIAMRole.Arn
Uri: !Sub
- "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${lambdaArn}/invocations"
- lambdaArn: !GetAtt lambdaFunction3.Arn
IntegrationResponses:
- ResponseTemplates:
"application/json": ""
StatusCode: 200
MethodResponses:
- ResponseModels:
"application/json": "Empty"
StatusCode: 200
apiGatewayDeployment:
Type: "AWS::ApiGateway::Deployment"
DependsOn:
- apiGatewayGETMethod
Properties:
RestApiId: !Ref apiGateway
StageName: !Ref apiGatewayStageName
lambdaFunction3:
DependsOn:
- ServerlessIAMRole
Type: "AWS::Serverless::Function"
Properties:
FunctionName: !Ref lambdaFunction3Name
Handler: lambda_function3.lambda_handler
Description: "get all items from DynamoDB table"
Runtime: python3.6
CodeUri: .
Role: !GetAtt ServerlessIAMRole.Arn
lambda3ApiGatewayInvoke:
DependsOn:
- lambdaFunction3
- apiGatewayGETMethod
Type: "AWS::Lambda::Permission"
Properties:
Action: "lambda:InvokeFunction"
FunctionName: !GetAtt lambdaFunction3.Arn
Principal: "apigateway.amazonaws.com"
SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${apiGateway}/*"
How do I create methods under API Gateway's root / folder using CF? So for example I have a Gateway that looks like the following:
/
OPTIONS
POST
However when trying to do that with CF I get:
Resource's path part only allow a-zA-Z0-9._- and curly braces at the beginning and the end. So my PathPart is the offending line.
ApiGate:
Type: AWS::ApiGateway::Resource
Properties:
ParentId: !GetAtt
- ApiGateApi
- RootResourceId
PathPart: '{/}'
RestApiId: !Ref ApiGateApi
I can change the PathPart to something else but then it creates it as a child object under / which is what I don't want.
Turns out after adding the following to my AWS::ApiGateway::Method it works now.
MyMethodOPTIONS:
Type: 'AWS::ApiGateway::Method'
Properties:
ResourceId: !GetAtt MyRestApi.RootResourceId
Here is more context into my Template:
ApiGatewayMethodOPTIONS:
Type: 'AWS::ApiGateway::Method'
Properties:
ResourceId: !GetAtt ApiGatewayRestApi.RootResourceId
RestApiId: !Ref ApiGatewayRestApi
AuthorizationType: NONE
HttpMethod: OPTIONS
Integration:
Type: MOCK
IntegrationResponses:
- ResponseParameters:
method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
method.response.header.Access-Control-Allow-Methods: "'POST,OPTIONS'"
method.response.header.Access-Control-Allow-Origin: "'*'"
ResponseTemplates:
application/json: ''
StatusCode: '200'
PassthroughBehavior: NEVER
RequestTemplates:
application/json: '{"statusCode": 200}'
MethodResponses:
- ResponseModels:
application/json: Empty
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: true
method.response.header.Access-Control-Allow-Methods: true
method.response.header.Access-Control-Allow-Origin: true
StatusCode: '200'
ApiGatewayRestApi:
Type: AWS::ApiGateway::RestApi
Properties:
ApiKeySourceType: HEADER
EndpointConfiguration:
Types:
- REGIONAL
Name: SearchAPI
This fixes my problem, in my case I needed to have 2 methods:
1. will respond to requests to root e.g. https://<api-url>/prod or https://<api-url>/prod/. This will use the RootResourceId of the API Gateway:
ResourceId: !GetAtt myApiGateway.RootResourceId
this will respond to requests to whatever has been set under https://<api-url>/prod/. Could be petstore or if using {proxy+} then the backend workload will try to resolve the request. It will refer to the Resource type defined in the template:
ResourceId: !Ref myResource
I'm trying to make a simple Cloudformation to create a website hosted on S3 with an API Gateway backend. Everything seems OK as far as I can tell but I get errors when trying to create the API Gateway:
Errors found during import: Unable to put integration on 'ANY' for resource at path '/{proxy+}': AWS ARN for integration must contain path or action (Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException; Request ID: b28983d9-687c-11e8-8692-27df1db97456)
The gateway should just be a single route that sends everything to a single lambda. Should be super simple.
---
AWSTemplateFormatVersion: '2010-09-09'
Description: Website S3 Hosted, API Gateway Backend
Parameters:
DomainName:
Type: String
Description: The DNS name of an Amazon Route 53 hosted zone e.g. server.com
AllowedPattern: '(?!-)[a-zA-Z0-9-.]{1,63}(?<!-)'
ConstraintDescription: must be a valid DNS zone name.
Mappings:
S3RegionMap:
us-east-1:
S3HostedZoneId: Z3AQBSTGFYJSTF
S3WebsiteEndpoint: s3-website-us-east-1.amazonaws.com
us-west-1:
S3HostedZoneId: Z2F56UZL2M1ACD
S3WebsiteEndpoint: s3-website-us-west-1.amazonaws.com
us-west-2:
S3HostedZoneId: Z3BJ6K6RIION7M
S3WebsiteEndpoint: s3-website-us-west-2.amazonaws.com
eu-west-1:
S3HostedZoneId: Z1BKCTXD74EZPE
S3WebsiteEndpoint: s3-website-eu-west-1.amazonaws.com
ap-southeast-1:
S3HostedZoneId: Z3O0J2DXBE1FTB
S3WebsiteEndpoint: s3-website-ap-southeast-1.amazonaws.com
ap-southeast-2:
S3HostedZoneId: Z1WCIGYICN2BYD
S3WebsiteEndpoint: s3-website-ap-southeast-2.amazonaws.com
ap-northeast-1:
S3HostedZoneId: Z2M4EHUR26P7ZW
S3WebsiteEndpoint: s3-website-ap-northeast-1.amazonaws.com
sa-east-1:
S3HostedZoneId: Z31GFT0UA1I2HV
S3WebsiteEndpoint: s3-website-sa-east-1.amazonaws.com
Resources:
LambdaExecutionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action:
- sts:AssumeRole
Path: '/'
Policies:
- PolicyName: execution
PolicyDocument:
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: '*'
- Effect: Allow
Action:
- s3:GetObject
- s3:PutObject
- s3:ListBucket
Resource: '*'
- Effect: Allow
Action:
- ec2:DescribeNetworkInterfaces
- ec2:CreateNetworkInterface
- ec2:DeleteNetworkInterface
Resource: '*'
- Effect: Allow
Action:
- cognito-idp:AdminGetUser
- cognito-idp:AdminUpdateUserAttributes
Resource: '*'
APIGatewayExecutionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: apigateway.amazonaws.com
Action:
- sts:AssumeRole
Path: '/'
Policies:
- PolicyName: execution
PolicyDocument:
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: '*'
- Effect: Allow
Action:
- lambda:InvokeFunction
Resource: '*'
LambdaFunctionAPI:
Type: AWS::Lambda::Function
Properties:
Code:
ZipFile: exports.handler = function (event, context, callback) { callback(null, event); };
Handler: index.handler
MemorySize: 128
Role: !GetAtt LambdaExecutionRole.Arn
Runtime: nodejs4.3
Timeout: 30
APIGateway:
Type: AWS::ApiGateway::RestApi
Properties:
FailOnWarnings: true
Name: !Join ['-', !Split ['.', !Join ['.', ['api', !Ref DomainName]]]]
Body:
swagger: '2.0'
info:
version: 0.0.1
title: !Join [' ', ['API route for', !Ref DomainName]]
basePath: '/api'
paths:
'/{proxy+}':
options:
summary: CORS support
description: |
Enable CORS by returning correct headers
consumes:
- application/json
produces:
- application/json
tags:
- CORS
x-amazon-apigateway-integration:
type: mock
requestTemplates:
application/json: |
{
"statusCode" : 200
}
responses:
"default":
statusCode: "200"
responseParameters:
method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key'"
method.response.header.Access-Control-Allow-Methods: "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'"
method.response.header.Access-Control-Allow-Origin: "'*'"
responseTemplates:
application/json: |
{}
responses:
'200':
description: Default response for CORS method
headers:
Access-Control-Allow-Headers:
type: "string"
Access-Control-Allow-Methods:
type: "string"
Access-Control-Allow-Origin:
type: "string"
x-amazon-apigateway-any-method:
produces:
- "application/json"
responses:
'200':
description: "200 response"
schema:
$ref: "#/definitions/Empty"
x-swagger-router-controller: main
x-amazon-apigateway-integration:
type: aws_proxy
httpMethod: POST
uri: !GetAtt LambdaFunctionAPI.Arn
credentials: !Ref APIGatewayExecutionRole
definitions:
Empty:
type: "object"
title: "Empty Schema"
APIDeployment:
Type: AWS::ApiGateway::Deployment
Properties:
RestApiId: !Ref APIGateway
Description: Deploy for live
StageName: Live
WebsiteBucket:
Type: AWS::S3::Bucket
Properties:
BucketName:
Ref: DomainName
AccessControl: PublicRead
WebsiteConfiguration:
IndexDocument: index.html
ErrorDocument: 404.html
Tags:
- Key: Name
Value: !Join ['_', ['WebsiteBucket', !Ref 'AWS::StackName']]
- Key: Domain
Value: !Ref DomainName
DeletionPolicy: Retain
WWWBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Join ['.', ['www', !Ref DomainName]]
AccessControl: PublicRead
WebsiteConfiguration:
RedirectAllRequestsTo:
HostName: !Ref WebsiteBucket
Tags:
- Key: Name
Value: !Join ['_', ['WWWBucket', !Ref 'AWS::StackName']]
- Key: Domain
Value: !Ref DomainName
WebsiteBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref WebsiteBucket
PolicyDocument:
Statement:
- Action:
- s3:GetObject
Effect: Allow
Resource: !Join ['', ['arn:aws:s3:::', !Ref WebsiteBucket, '/*']]
Principal: '*'
WWWBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref WWWBucket
PolicyDocument:
Statement:
- Action:
- s3:GetObject
Effect: Allow
Resource: !Join ['', ['arn:aws:s3:::', !Ref WWWBucket, '/*']]
Principal: '*'
DNS:
Type: AWS::Route53::HostedZone
Properties:
HostedZoneConfig:
Comment: !Join [' ', ['Hosted zone for', !Ref DomainName]]
Name: !Ref DomainName
HostedZoneTags:
- Key: Application
Value: Blog
DNSRecord:
Type: AWS::Route53::RecordSetGroup
DependsOn: DNS
Properties:
HostedZoneName:
Fn::Join: ['', [!Ref DomainName, '.']]
Comment: Zone records.
RecordSets:
- Name: !Ref DomainName
Type: A
AliasTarget:
HostedZoneId: !FindInMap [S3RegionMap, !Ref 'AWS::Region', S3HostedZoneId]
DNSName: !FindInMap [S3RegionMap, !Ref 'AWS::Region', S3WebsiteEndpoint]
- Name: !Join ['.', ['www', !Ref DomainName]]
Type: A
AliasTarget:
HostedZoneId: !FindInMap [S3RegionMap, !Ref 'AWS::Region', S3HostedZoneId]
DNSName: !FindInMap [S3RegionMap, !Ref 'AWS::Region', S3WebsiteEndpoint]
Outputs:
S3WebsiteURL:
Value: !GetAtt WebsiteBucket.WebsiteURL
Description: URL for website hosted on S3
The URI you should use to connect to the Lambda is not the Arn of the Lambda, but an API gateway invocation URI. Additionally, you need to change the credential line from a ref to the Arn of the execution role.
Here a short excerpt of the changed section:
x-amazon-apigateway-integration:
type: aws_proxy
httpMethod: POST
uri: !Sub "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionAPI.Arn}/invocations"
credentials: !GetAtt APIGatewayExecutionRole.Arn
For those who are using terraform and getting this error, the following works (note that the uri parameter should not be the lambda arn, but the invoke arn which is different):
resource "aws_api_gateway_integration" "ordersIntegration" {
rest_api_id = aws_api_gateway_rest_api.msdApi.id
resource_id = aws_api_gateway_resource.orders.id
http_method = aws_api_gateway_method.ordersget.http_method
integration_http_method = "POST"
type = "AWS_PROXY"
uri = "arn:aws:apigateway:${var.AWS_REGION}:lambda:path/2015-03-31/functions/${var.LAMBDA_FN_ARN}/invocations"
}
Where the LAMBDA_FN_ARN is simply "arn:aws:lambda:${var.AWS_REGION}:${var.AWS_ACCOUNT_ID}:function:${var.LAMBDA_NAME}"
Also, 2015-03-31 is a constant value that needs to be used.
Description:
I am trying to define Serverless API resource. But having trouble in defining location of swagger specification file using function ImportValue.
Steps to reproduce the issue:
I am not able to define AWS::Serverless::Api resource having nested function ImportValue in Location. I have tried following three ways, none of them work.
Note: Stack parameters are defined properly and export value from other stack exists. Not showing them here for brevity reason.
ApiGatewayApi:
Type: AWS::Serverless::Api
Properties:
Name: !Sub ${AWS::StackName}-API
StageName: !Ref ApiGatewayStageName
DefinitionBody:
'Fn::Transform':
Name: 'AWS::Include'
Parameters:
Location:
Fn::Sub:
- s3://${BucketName}/${SwaggerSpecificationS3Key}
- BucketName:
Fn::ImportValue:
!Sub "${EnvironmentName}-dist-bucket-${AWS::Region}"
ApiGatewayApi:
Type: AWS::Serverless::Api
Properties:
Name: !Sub ${AWS::StackName}-API
StageName: !Ref ApiGatewayStageName
DefinitionBody:
'Fn::Transform':
Name: 'AWS::Include'
Parameters:
Location:
Fn::Sub:
- s3://${BucketName}/${SwaggerSpecificationS3Key}
- BucketName:
!ImportValue 'dev-dist-bucket-us-east-1'
ApiGatewayApi:
Type: AWS::Serverless::Api
Properties:
Name: !Sub ${AWS::StackName}-API
StageName: !Ref ApiGatewayStageName
DefinitionBody:
'Fn::Transform':
Name: 'AWS::Include'
Parameters:
Location:
Fn::Sub:
- s3://${BucketName}/${SwaggerSpecificationS3Key}
- BucketName:
Fn::ImportValue: 'dev-dist-bucket-us-east-1'
Cloudformation shows following error.
FAILED - The value of parameter Location under transform Include must
resolve to a string, number, boolean or a list of any of these.
However, if I do not use ImportValue it works with a nested Fn::Sub
ApiGatewayApi:
Type: AWS::Serverless::Api
Properties:
Name: !Sub ${AWS::StackName}-API
StageName: !Ref ApiGatewayStageName
DefinitionBody:
'Fn::Transform':
Name: 'AWS::Include'
Parameters:
Location:
Fn::Sub:
- s3://${BucketName}/${SwaggerSpecificationS3Key}
- BucketName:
Fn::Sub: dist-bucket-${EnvironmentName}-${AWS::Region}
Is it because of Fn::Transform or AWS::Include?