This message was deleted Pulumi Community #aws

Join Slack

This message was deleted.

# aws

sparse-intern-71089

08/13/2020, 5:45 PM

This message was deleted.

future-diamond-31373

08/13/2020, 6:27 PM

So I've found that

awsx.apigateway.API

generates a swagger string that contains all of the path information. Does anyone know if there's a way to write some additional data to this method before it sends off?

millions-furniture-75402

08/13/2020, 6:34 PM

Copy code

restApiArgs?

millions-furniture-75402

08/13/2020, 6:35 PM

there is also

aws.apigateway.MethodSettings

millions-furniture-75402

08/13/2020, 6:36 PM

example:

Copy code

const methodSettings = new aws.apigateway.MethodSettings(`${appName}-api-method-settings`, {
  methodPath: "*/*",
  restApi: app.restAPI.id,
  settings: {
    loggingLevel: "INFO",
    metricsEnabled: true,
  },
  stageName: app.stage.stageName,
}, {
  parent: app,
});

future-diamond-31373

08/13/2020, 7:21 PM

Looking through the

restApiArgs

was the first thing I tried. There are inputs for

apiKeySource

and

policy

, however even when setting proper access controls for the

policy

if the method doesn't have

AWS_IAM

enabled, the route is inaccessible.

apiKeySource

unfortunately doesn't handle anything IAM related. I thought the

MethodSettings

might have something too, but after playing around with it and going through the documentation it looks like it handles things like logging and throttling rather than authorization. The flag is definitely on the

Method

resource, however since

awsx

creates a swagger json string to handle the api configuration, there aren't any accessible resources to fetch to my knowledge and patch it up in a round about fashion. The necessary addition would be in

@pulumi/awsx/apigateway/api.js

. There's a

createSwaggerSpec

function that pulls in all the parameters from

awsx.apigateway.API

and transforms them into a swagger string. Specifically this function would need to set a

"x-amazon-apigateway-auth"

attribute for each route. This attribute specifies the authentication type. Specify

"NONE"

for open access. Specify

"AWS_IAM"

to use IAM permissions I'd be happy to open a pull request to add this functionality. In the meantime is there anyway to extend this module to include this functionality? Sorry if that's sort of a dumb question.

millions-furniture-75402

08/14/2020, 12:49 PM

Generally speaking yes… but in my [limited] experience, when I’ve hit a roadblock like this in crosswalk (

awsx

), I’ve had to move over to the

aws

package

millions-furniture-75402

08/14/2020, 12:50 PM

It sounds like you were going about the right path. Looking for the aws resources that it’s orchestrating, seeing if you can pass any parameters through crosswalk that will propagate down to the orchestrated resources, or see if you can do something with the returned AWS resource components that awsx created.

future-diamond-31373

08/14/2020, 11:00 PM

Yeah unfortunately awsx doesn't really create many aws resources, it just compiles everything into that swagger string. Got confirmation from the pulumi team that there's no way to enable IAM auth via awsx at the moment, although from my hours of debugging it seems like the fix is pretty straight forward. I'll probably put up a pull request in a bit. In the meantime I'll just clone the awsx.apigateway.API class and add the changes myself. Thanks for spitballing some idea with me.

👍 1

Open in Slack

Previous Next