-
Notifications
You must be signed in to change notification settings - Fork 868
/
template.yaml
82 lines (71 loc) · 2.3 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Serverless patterns - Amazon API Gateway REST API with Cognito User Pools Authorizer (uksb-1tthgi812) (tag:cognito-restapi)
Globals:
Function:
Runtime: nodejs16.x
CodeUri: src/
Parameters:
CognitoUserPoolArn:
Description: ARN of the Cognito User Pool
Type: String
Resources:
# REST API
AppApi:
Type: AWS::ApiGateway::RestApi
Properties:
Name: cognito-restapi
Description: Cognito User Pools Authorizer REST API demo
# GET Method with Cognito User Pools Authorizer enabled
RootMethodGet:
Type: AWS::ApiGateway::Method
Properties:
RestApiId: !Ref AppApi
ResourceId: !GetAtt AppApi.RootResourceId
HttpMethod: GET
AuthorizationType: COGNITO_USER_POOLS
AuthorizerId: !Ref AuthorizersCognitoUserPools
Integration:
Type: AWS_PROXY
IntegrationHttpMethod: POST
Uri: !Join ['', ['arn:aws:apigateway:', !Ref AWS::Region, ':lambda:path/2015-03-31/functions/', !GetAtt AppFunction.Arn, '/invocations']]
# Cognito User Pools Authorizer
AuthorizersCognitoUserPools:
Type: AWS::ApiGateway::Authorizer
Properties:
Name: CognitoAuthorizer
Type: COGNITO_USER_POOLS
RestApiId: !Ref AppApi
IdentitySource: method.request.header.authorizationToken
ProviderARNs:
- !Ref CognitoUserPoolArn
# Dummy function
AppFunction:
Type: AWS::Serverless::Function
Properties:
Handler: app.handler
# Permission to allow Lambda invocation from API Gateway
AppFunctionPermission:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !Ref AppFunction
Action: lambda:InvokeFunction
Principal: apigateway.amazonaws.com
SourceArn: !Sub arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${AppApi}/*/GET/
Deployment:
Type: AWS::ApiGateway::Deployment
DependsOn:
- RootMethodGet
Properties:
RestApiId: !Ref AppApi
Stage:
Type: AWS::ApiGateway::Stage
Properties:
StageName: Prod
RestApiId: !Ref AppApi
DeploymentId: !Ref Deployment
Outputs:
# API Gateway endpoint to be used during tests
AppApiEndpoint:
Description: API Endpoint
Value: !Sub "https://${AppApi}.execute-api.${AWS::Region}.amazonaws.com/Prod"