-
Notifications
You must be signed in to change notification settings - Fork 4
/
template.yaml
119 lines (110 loc) · 3.33 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
APIKeyQueryString blog post.
Globals:
Function:
Timeout: 10
Api:
OpenApiVersion: 3.0.1
Resources:
MyAuthFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: auth_function/
Handler: app.lambda_handler
Runtime: python3.8
BackendFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: hello_world/
Handler: app.lambda_handler
Runtime: python3.8
Events:
HelloWorld:
Type: Api
Properties:
RestApiId:
Ref: MyApi
Path: /auth
Method: get
MyApi:
DependsOn: MyAuthFunction
Type: AWS::Serverless::Api
Properties:
StageName: prod
Auth:
DefaultAuthorizer: MyLambdaRequestAuthorizer
ApiKeyRequired: true
Authorizers:
MyLambdaRequestAuthorizer:
FunctionPayloadType: REQUEST
FunctionArn: !GetAtt MyAuthFunction.Arn
Identity:
ReauthorizeEvery: 0
QueryStrings:
- apiKey
DefinitionBody:
swagger: "2.0"
info:
version: "2021-08-10T13:18:57Z"
title: "API-Key-QueryString"
basePath: "/prod"
x-amazon-apigateway-api-key-source: "AUTHORIZER" #important
schemes:
- "https"
paths:
/auth:
get:
produces:
- "application/json"
responses:
"200":
description: "200 response"
schema:
$ref: "#/definitions/Empty"
x-amazon-apigateway-integration:
type: "aws_proxy"
httpMethod: "POST"
uri:
Fn::Sub: "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${BackendFunction.Arn}/invocations"
responses:
default:
statusCode: "200"
passthroughBehavior: "when_no_match"
contentHandling: "CONVERT_TO_TEXT"
definitions:
Empty:
type: "object"
title: "Empty Schema"
ApiKey:
Type: AWS::ApiGateway::ApiKey
DependsOn: MyApiprodStage
Properties:
Name: !Join ["", [{"Ref": "AWS::StackName"}, "-apikey"]]
Enabled: true
StageKeys:
- RestApiId: !Ref MyApi
StageName: prod
Value: !Join ["", [{"Ref": "AWS::StackName"}, "-abcdefhijk1234567890"]]
UsagePlan:
DependsOn: MyApiprodStage
Type: AWS::ApiGateway::UsagePlan
Properties:
ApiStages:
- ApiId: !Ref MyApi
Stage: prod
Throttle:
BurstLimit: 50
RateLimit: 100
UsagePlanName: MyUsagePlan
UsagePlanKey:
Type: AWS::ApiGateway::UsagePlanKey
Properties:
KeyId: !Ref ApiKey
KeyType: API_KEY
UsagePlanId: !Ref UsagePlan
Outputs:
HelloWorldApi:
Description: "API Gateway endpoint URL for Prod stage for Hello World function"
Value: !Sub "https://${MyApi}.execute-api.${AWS::Region}.amazonaws.com/prod/auth?apiKey=${AWS::StackName}-abcdefhijk1234567890"