lively-ice-73493
01/21/2021, 12:14 AMawsx.apigateway.API
to create a PRIVATE APIGW Rest endpoint. I documented it here: https://github.com/pulumi/pulumi-awsx/issues/627
This doesn't work because private APIGWs need a RestApiPolicy.
let endpoint = new awsx.apigateway.API(`ea-orders-${stackEnv}`, {
restApiArgs: {
endpointConfiguration: {
types: "PRIVATE",
vpcEndpointIds: [execApiVpcEndpointId],
},
},
routes: [{
path: "/",
method: "GET",
eventHandler: async (event) => {
// This code runs in an AWS Lambda and will be invoked any time `/` is hit.
return {
statusCode: 200,
body: "hello",
};
},
}],
},
);
Yeah, restApiArgs takes a policy arg but that doesn't work. This is my current hack. I run pulumi up
twice, yep twice, with the below and it works. The first time partially works but the deploy of the API fails because the policy isn't created before the deploy fires. The second pulumi up
works because the policy is in place and the deploy can work now. Is this just how the APIGW crosswalk works right now or am I missing something?
let endpoint = new awsx.apigateway.API(`ea-orders-${stackEnv}`, {
restApiArgs: {
endpointConfiguration: {
types: "PRIVATE",
vpcEndpointIds: [execApiVpcEndpointId],
},
},
routes: [{
path: "/",
method: "GET",
eventHandler: async (event) => {
// This code runs in an AWS Lambda and will be invoked any time `/` is hit.
return {
statusCode: 200,
body: "hello",
};
},
}],
},
);
const eaOrdersApiPolicy = new aws.apigateway.RestApiPolicy(`ea-orders-${stackEnv}`, {
restApiId: endpoint.restAPI.id,
policy: executeApiPolicy,
});
brave-planet-10645
01/21/2021, 11:17 AMRestApiPolicy
, there is an extra property available in `restApiArgs`called policy. Looking at the docs I think it does the same as the RestApiPolicy
.
It takes a policy as json but you can do something like the following (this is an example policy so obviously swap it for your own one):
const policy = aws.iam.getPolicyDocument({
statements: [{
actions: ["dynamodb:*"],
effect: "Allow",
resources: ["*"]
}]
});
const api = new awsx.apigateway.API("my-api",{
routes: [{
path: "/",
method: "GET",
eventHandler: async (event) => {
// This code runs in an AWS Lambda and will be invoked any time `/` is hit.
return {
statusCode: 200,
body: "hello",
};
},
}],
restApiArgs: {
endpointConfiguration: {
types: "PRIVATE",
vpcEndpointIds: [execApiVpcEndpointId]
},
policy: policy.then(policy => policy.json)
},
});
Try that and let me know if it workslively-ice-73493
01/21/2021, 2:59 PMbrave-planet-10645
01/21/2021, 3:02 PMlively-ice-73493
01/21/2021, 4:40 PMbrave-planet-10645
01/21/2021, 4:46 PMlively-ice-73493
01/21/2021, 4:49 PMbrave-planet-10645
01/21/2021, 4:49 PMlively-ice-73493
01/21/2021, 4:50 PMbrave-planet-10645
01/21/2021, 4:54 PMlively-ice-73493
01/21/2021, 4:56 PMrestApiArgs
brave-planet-10645
01/21/2021, 4:58 PMlively-ice-73493
01/25/2021, 8:44 PMpulumi up
twice on the initial deploy. Subsequent deploys work on a single run, weird.