how do I add a role to an api gateway native integ...
# awsb
brief-rain-28254
08/01/2024, 10:44 PMhow do I add a role to an api gateway native integration while using
@pulumi/aws-apigatewayTargetArgs Copy code
import * as aws from '@pulumi/aws';
import * as apigateway from '@pulumi/aws-apigateway';
import * as pulumi from '@pulumi/pulumi';
interface Props {
createMessage: {
stateMachine: aws.sfn.StateMachine;
};
userPool: aws.cognito.UserPool;
}
export class RestApi {
public readonly api: apigateway.RestAPI;
constructor(props: Props) {
const createMessageStateMachineUri = pulumi.interpolate`arn:aws:apigateway:${aws.config.region}:states:action/StartExecution&stateMachineArn=${props.createMessage.stateMachine.arn.apply(
(arn) => arn,
)}&name=APIGW-Execution`;
const apiRole = new aws.iam.Role('papi-role', {
assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({
Service: '<http://apigateway.amazonaws.com|apigateway.amazonaws.com>',
}),
});
new aws.iam.RolePolicy('api-policy', {
role: apiRole,
policy: {
Version: '2012-10-17',
Statement: [
{
Effect: 'Allow',
Action: ['states:StartExecution', 'states:DescribeExecution'],
Resource: props.createMessage.stateMachine.arn,
},
],
},
});
this.api = new apigateway.RestAPI('patient-portal', {
stageName: 'v1',
routes: [
{
path: '/{userId}/messages',
method: 'POST',
requiredParameters: [
{
name: 'userId',
in: 'path',
},
],
target: {
httpMethod: 'ANY',
type: 'aws',
uri: createMessageStateMachineUri,
},
requestValidator: apigateway.RequestValidator.PARAMS_ONLY,
authorizers: [
{
methodsToAuthorize: ['api/write'],
identitySource: ['method.request.header.Authorization'],
type: 'token',
parameterLocation: 'header',
parameterName: 'Authorization',
providerARNs: [props.userPool.arn],
},
],
},
],
});
}
}2 Views