This message was deleted.
# aws
s
This message was deleted.
f
So I've found that
awsx.apigateway.API
generates a swagger string that contains all of the path information. Does anyone know if there's a way to write some additional data to this method before it sends off?
m
Copy code
restApiArgs?
there is also
aws.apigateway.MethodSettings
example:
Copy code
const methodSettings = new aws.apigateway.MethodSettings(`${appName}-api-method-settings`, {
  methodPath: "*/*",
  restApi: app.restAPI.id,
  settings: {
    loggingLevel: "INFO",
    metricsEnabled: true,
  },
  stageName: app.stage.stageName,
}, {
  parent: app,
});
f
Looking through the
restApiArgs
was the first thing I tried. There are inputs for
apiKeySource
and
policy
, however even when setting proper access controls for the
policy
if the method doesn't have
AWS_IAM
enabled, the route is inaccessible.
apiKeySource
unfortunately doesn't handle anything IAM related. I thought the
MethodSettings
might have something too, but after playing around with it and going through the documentation it looks like it handles things like logging and throttling rather than authorization. The flag is definitely on the
Method
resource, however since
awsx
creates a swagger json string to handle the api configuration, there aren't any accessible resources to fetch to my knowledge and patch it up in a round about fashion. The necessary addition would be in
@pulumi/awsx/apigateway/api.js
. There's a
createSwaggerSpec
function that pulls in all the parameters from
awsx.apigateway.API
and transforms them into a swagger string. Specifically this function would need to set a
"x-amazon-apigateway-auth"
attribute for each route. This attribute specifies the authentication type. Specify
"NONE"
for open access. Specify
"AWS_IAM"
to use IAM permissions I'd be happy to open a pull request to add this functionality. In the meantime is there anyway to extend this module to include this functionality? Sorry if that's sort of a dumb question.
m
Generally speaking yes… but in my [limited] experience, when I’ve hit a roadblock like this in crosswalk (
awsx
), I’ve had to move over to the
aws
package
It sounds like you were going about the right path. Looking for the aws resources that it’s orchestrating, seeing if you can pass any parameters through crosswalk that will propagate down to the orchestrated resources, or see if you can do something with the returned AWS resource components that awsx created.
f
Yeah unfortunately awsx doesn't really create many aws resources, it just compiles everything into that swagger string. Got confirmation from the pulumi team that there's no way to enable IAM auth via awsx at the moment, although from my hours of debugging it seems like the fix is pretty straight forward. I'll probably put up a pull request in a bit. In the meantime I'll just clone the awsx.apigateway.API class and add the changes myself. Thanks for spitballing some idea with me.
👍 1