Cache invalidation authorization in API gateway stage through CloudFormation

[sensriza]

Hi ,

So I used the template attached below testapiauth.json for testing.
Whenever, the "CacheClusterEnabled" property of AWS::ApiGateway::Stage is set to "true", the cache is enabled in Stage as seen from the API G/w console,
but none of the properties defined under MethodSettings get reflected in the API gateway console, but the Stage resource is marked as completed successfully by CFN. Could anyone confirm if this is a bug.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-stage-methodsetting.html

Moreover, the resource marked in the screenshot attached can also not be directly specified by CFN as of now. Therefore,Cx has to manually go and uncheck the Require Authorization from the api g/w console.

With the test template, that was used, I performed a couple of tests on PostMan to see if the same warning was received in the response headers. Indeed warnings were received because by default if Require Authorization is set to enabled in Per Key Cache Invalidation, then the handling of unauthorized requests is set as "Ignore and set warning".

I have also tested for Serverless using the doc https://github.com/awslabs/serverless-application-model/blob/master/version... , but there too, did not find way to enable/disable require authorization on cache invalidation. I have attached the test template by the name of serverlesstestapiauth.yml

testapiauth.json.pdf
serverlesstestapiauth.yml.pdf

[cbaron]

@sensriza -- did you find a solution?

[jlhood]

@sensriza Since you're experiencing this issue while not using SAM-specific resources (you indicated you used the AWS::ApiGateway::Stage resource directly), you should report this in the AWS Forum for API Gateway so the service team can investigate it.

https://forums.aws.amazon.com/forum.jspa?forumID=199&start=0

[turacma]

@sensriza
What is displayed in the console as "Stage settings" are actually the settings for the path "*/*". Your example template is not setting values on this path, so therefor would not show in the console. If you want these settings to reflect in the stages tab in the console, you should need to simply change:

"ResourcePath": "/*",
"HttpMethod": "GET",

To

"ResourcePath": "/*",
"HttpMethod": "*",

[jhaenchen]

I have this problem too, I want to not require authorization to bypass the cache and I want to include a method parameter in the cache index. Anyone solved this? cc @sensriza

[maslick]

@jhaenchen 2.5 years have passed and this is still not solved... Neither Cloudformation nor SAM has support for Per-key cache invalidation setting in Stage settings.