Amazon web services 是否没有设置AWS API网关REST API以禁用CloudFormation模板中的执行API端点?
我已经使用CloudFormation模板设置了一个API网关(v1,而不是v2)REST API资源。最近我注意到还创建了默认的执行api端点,我可以在设置中禁用它 此API的类型是AWS::ApiGateway::RestApi 当然,我希望这是通过模板完成的,所以问题是:这个设置是否可以在CloudFormation模板中定义,而不是在AWS控制台中手动单击?此选项可用于云信息模板中的APIGateway V2 API资源(Amazon web services 是否没有设置AWS API网关REST API以禁用CloudFormation模板中的执行API端点?,amazon-web-services,rest,amazon-cloudformation,aws-api-gateway,serverless-framework,Amazon Web Services,Rest,Amazon Cloudformation,Aws Api Gateway,Serverless Framework,我已经使用CloudFormation模板设置了一个API网关(v1,而不是v2)REST API资源。最近我注意到还创建了默认的执行api端点,我可以在设置中禁用它 此API的类型是AWS::ApiGateway::RestApi 当然,我希望这是通过模板完成的,所以问题是:这个设置是否可以在CloudFormation模板中定义,而不是在AWS控制台中手动单击?此选项可用于云信息模板中的APIGateway V2 API资源(AWS::APIGateway V2::API),但不可用于云信
AWS::APIGateway V2::APIAWS::APIGateway::RestApi您可以通过简单的。下面是这样一个完全工作的模板的示例:
Resources:
MyRestApi:
Type: 'AWS::ApiGateway::RestApi'
Properties:
Description: A test API
Name: MyRestAPI
LambdaBasicExecutionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
Path: /
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
MyCustomResource:
Type: Custom::DisableDefaultApiEndpoint
Properties:
ServiceToken: !GetAtt 'MyCustomFunction.Arn'
APIId: !Ref 'MyRestApi'
MyCustomFunction:
Type: AWS::Lambda::Function
Properties:
Handler: index.lambda_handler
Description: "Disable default API endpoint"
Timeout: 30
Role: !GetAtt 'LambdaBasicExecutionRole.Arn'
Runtime: python3.7
Code:
ZipFile: |
import json
import logging
import cfnresponse
import boto3
logger = logging.getLogger()
logger.setLevel(logging.INFO)
client = boto3.client('apigateway')
def lambda_handler(event, context):
logger.info('got event {}'.format(event))
try:
responseData = {}
if event['RequestType'] in ["Create"]:
APIId = event['ResourceProperties']['APIId']
response = client.update_rest_api(
restApiId=APIId,
patchOperations=[
{
'op': 'replace',
'path': '/disableExecuteApiEndpoint',
'value': 'True'
}
]
)
logger.info(str(response))
cfnresponse.send(event, context,
cfnresponse.SUCCESS, responseData)
else:
logger.info('Unexpected RequestType!')
cfnresponse.send(event, context,
cfnresponse.SUCCESS, responseData)
except Exception as err:
logger.error(err)
responseData = {"Data": str(err)}
cfnresponse.send(event,context,
cfnresponse.FAILED,responseData)
return
如果有人在使用CDK时偶然发现这个答案,可以使用AwsCustomResource构造简洁地完成(无需定义Lambda函数):
const restApi = new apigw.RestApi(...);
const executeApiResource = new cr.AwsCustomResource(this, "execute-api-resource", {
functionName: "disable-execute-api-endpoint",
onCreate: {
service: "APIGateway",
action: "updateRestApi",
parameters: {
restApiId: restApi.restApiId,
patchOperations: [{
op: "replace",
path: "/disableExecuteApiEndpoint",
value: "True"
}]
},
physicalResourceId: cr.PhysicalResourceId.of("execute-api-resource")
},
policy: cr.AwsCustomResourcePolicy.fromStatements([new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
actions: ["apigateway:PATCH"],
resources: ["arn:aws:apigateway:*::/*"],
})])
});
executeApiResource.node.addDependency(restApi);
最近,AWS::ApiGateway::RestApi cloudformation中添加了对禁用默认执行api端点的支持:
您可以在AWS CDK中禁用它。这是通过查找CloudFormation资源并将其设置为true来实现的
const api = new apigateway.RestApi(this, 'api', );
(api.node.children[0] as apigateway.CfnRestApi).addPropertyOverride('DisableExecuteApiEndpoint','true')
根据,Cloudformation定义中不支持它。但这是一种选择。如果你真的想在CFN中这样做,你可以像一个魅力一样利用作品!谢谢大家!@马塞利瓦克没问题。很高兴它成功了:-)
const api = new apigateway.RestApi(this, 'api', );
(api.node.children[0] as apigateway.CfnRestApi).addPropertyOverride('DisableExecuteApiEndpoint','true')