future-diamond-31373
08/13/2020, 5:45 PMawsx
and have run into a major roadblock trying to enable IAM authorization on my methods. The documentation seems to have extensive support for token auth, lambda auth, and api key auth - however doesn't seem to have much detail in the way of IAM auth. After doing a lot of documentation and library digging, I've found that the AWS_IAM
string can be specified on the aws.apigateway.Method
resource, however when using awsx
a lot of this wiring and resource generation happens behind the scenes, so I'm unable to get the method (since I don't know the id and the resource isn't accounted for anywhere in the output or UI to my knowledge), and unable to create a new method since the path is already in use. Any help on the matter would be greatly appreciated!awsx.apigateway.API
generates a swagger string that contains all of the path information. Does anyone know if there's a way to write some additional data to this method before it sends off?millions-furniture-75402
08/13/2020, 6:34 PMrestApiArgs?
aws.apigateway.MethodSettings
const methodSettings = new aws.apigateway.MethodSettings(`${appName}-api-method-settings`, {
methodPath: "*/*",
restApi: app.restAPI.id,
settings: {
loggingLevel: "INFO",
metricsEnabled: true,
},
stageName: app.stage.stageName,
}, {
parent: app,
});
future-diamond-31373
08/13/2020, 7:21 PMrestApiArgs
was the first thing I tried. There are inputs for apiKeySource
and policy
, however even when setting proper access controls for the policy
if the method doesn't have AWS_IAM
enabled, the route is inaccessible. apiKeySource
unfortunately doesn't handle anything IAM related.
I thought the MethodSettings
might have something too, but after playing around with it and going through the documentation it looks like it handles things like logging and throttling rather than authorization.
The flag is definitely on the Method
resource, however since awsx
creates a swagger json string to handle the api configuration, there aren't any accessible resources to fetch to my knowledge and patch it up in a round about fashion.
The necessary addition would be in @pulumi/awsx/apigateway/api.js
. There's a createSwaggerSpec
function that pulls in all the parameters from awsx.apigateway.API
and transforms them into a swagger string. Specifically this function would need to set a "x-amazon-apigateway-auth"
attribute for each route. This attribute specifies the authentication type. Specify "NONE"
for open access. Specify "AWS_IAM"
to use IAM permissions I'd be happy to open a pull request to add this functionality.
In the meantime is there anyway to extend this module to include this functionality? Sorry if that's sort of a dumb question.millions-furniture-75402
08/14/2020, 12:49 PMawsx
), I’ve had to move over to the aws
packagefuture-diamond-31373
08/14/2020, 11:00 PM