how do I add a role to an api gateway native integration while using `@pulumi/aws-apigateway`? the `...

brief-rain-28254

08/01/2024, 10:44 PM

how do I add a role to an api gateway native integration while using

@pulumi/aws-apigateway

? the

TargetArgs

type doesn't provide any keys related to that.

Copy code

import * as aws from '@pulumi/aws';
import * as apigateway from '@pulumi/aws-apigateway';
import * as pulumi from '@pulumi/pulumi';

interface Props {
  createMessage: {
    stateMachine: aws.sfn.StateMachine;
  };
  userPool: aws.cognito.UserPool;
}

export class RestApi {
  public readonly api: apigateway.RestAPI;

  constructor(props: Props) {
    const createMessageStateMachineUri = pulumi.interpolate`arn:aws:apigateway:${aws.config.region}:states:action/StartExecution&stateMachineArn=${props.createMessage.stateMachine.arn.apply(
      (arn) => arn,
    )}&name=APIGW-Execution`;

    const apiRole = new aws.iam.Role('papi-role', {
      assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({
        Service: '<http://apigateway.amazonaws.com|apigateway.amazonaws.com>',
      }),
    });

    new aws.iam.RolePolicy('api-policy', {
      role: apiRole,
      policy: {
        Version: '2012-10-17',
        Statement: [
          {
            Effect: 'Allow',
            Action: ['states:StartExecution', 'states:DescribeExecution'],
            Resource: props.createMessage.stateMachine.arn,
          },
        ],
      },
    });

    this.api = new apigateway.RestAPI('patient-portal', {
      stageName: 'v1',
      routes: [
        {
          path: '/{userId}/messages',
          method: 'POST',
          requiredParameters: [
            {
              name: 'userId',
              in: 'path',
            },
          ],
          target: {
            httpMethod: 'ANY',
            type: 'aws',
            uri: createMessageStateMachineUri,
          },
          requestValidator: apigateway.RequestValidator.PARAMS_ONLY,
          authorizers: [
            {
              methodsToAuthorize: ['api/write'],
              identitySource: ['method.request.header.Authorization'],
              type: 'token',
              parameterLocation: 'header',
              parameterName: 'Authorization',
              providerARNs: [props.userPool.arn],
            },
          ],
        },
      ],
    });
  }
}

Open in Slack

Previous Next

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.