Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: sam support to add resource policies to api properties (#1045)
- Loading branch information
Showing
18 changed files
with
1,045 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# Api Resource Policy Event Source Example | ||
|
||
Example SAM template for adding Custom Resource Policy to Api. | ||
|
||
## Running the example | ||
|
||
```bash | ||
# Replace YOUR_S3_ARTIFACTS_BUCKET | ||
aws cloudformation package --template-file template.yaml --output-template-file cfn-transformed-template.yaml --s3-bucket YOUR_S3_ARTIFACTS_BUCKET | ||
aws cloudformation deploy --template-file ./cfn-transformed-template.yaml --stack-name example-resource-policy --capabilities CAPABILITY_IAM | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
AWSTemplateFormatVersion: '2010-09-09' | ||
Transform: AWS::Serverless-2016-10-31 | ||
Globals: | ||
Api: | ||
Auth: | ||
ResourcePolicy: | ||
CustomStatements: [{ | ||
"Effect": "Allow", | ||
"Principal": "*", | ||
"Action": "execute-api:Invoke", | ||
"Resource": "execute-api:*/*/*", | ||
"Condition": { | ||
"IpAddress": { | ||
"aws:SourceIp": "1.2.3.4" | ||
} | ||
} | ||
}] | ||
Resources: | ||
MyFunction: | ||
Type: AWS::Serverless::Function | ||
Properties: | ||
InlineCode: | | ||
exports.handler = async (event) => { | ||
const response = { | ||
statusCode: 200, | ||
body: JSON.stringify('Hello from Lambda!'), | ||
}; | ||
return response; | ||
}; | ||
Handler: index.handler | ||
Runtime: nodejs8.10 | ||
Events: | ||
Api: | ||
Type: Api | ||
Properties: | ||
Method: Put | ||
Path: /get |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
Resources: | ||
ExplicitApi: | ||
Type: AWS::Serverless::Api | ||
Properties: | ||
StageName: Prod | ||
Auth: | ||
ResourcePolicy: | ||
CustomStatements: { | ||
Action: 'execute-api:Invoke', | ||
Resource: ['execute-api:/*/*/*'] | ||
} | ||
|
38 changes: 38 additions & 0 deletions
38
tests/translator/input/api_with_resource_policy_global.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
Globals: | ||
Api: | ||
Auth: | ||
ResourcePolicy: | ||
CustomStatements: [{ | ||
Action: 'execute-api:Invoke', | ||
Resource: ['execute-api:/*/*/*'] | ||
}, | ||
{ | ||
Action: 'execute-api:blah', | ||
Resource: ['execute-api:/*/*/*'] | ||
}] | ||
|
||
Resources: | ||
ExplicitApi: | ||
Type: AWS::Serverless::Api | ||
Properties: | ||
StageName: Prod | ||
DefinitionBody: { | ||
"info": { | ||
"version": "1.0", | ||
"title": { | ||
"Ref": "AWS::StackName" | ||
} | ||
}, | ||
"paths": {}, | ||
"swagger": "2.0", | ||
"x-amazon-apigateway-policy": { | ||
"Version": "2012-10-17", | ||
"Statement": { | ||
"Action": "sts:AssumeRole", | ||
"Effect": "Allow", | ||
"Principal": { | ||
"Service": "lambda.amazonaws.com" | ||
} | ||
} | ||
} | ||
} |
26 changes: 26 additions & 0 deletions
26
tests/translator/input/api_with_resource_policy_global_implicit.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
Globals: | ||
Api: | ||
Auth: | ||
ResourcePolicy: | ||
CustomStatements: [{ | ||
Action: 'execute-api:Invoke', | ||
Resource: ['execute-api:/*/*/*'] | ||
}, | ||
{ | ||
Action: 'execute-api:blah', | ||
Resource: ['execute-api:/*/*/*'] | ||
}] | ||
Resources: | ||
MinimalFunction: | ||
Type: 'AWS::Serverless::Function' | ||
Properties: | ||
CodeUri: s3://sam-demo-bucket/hello.zip | ||
Handler: hello.handler | ||
Runtime: python2.7 | ||
Events: | ||
AddItem: | ||
Type: Api | ||
Properties: | ||
Path: /add | ||
Method: post | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
{ | ||
"Resources": { | ||
"ExplicitApiDeploymente11dac9531": { | ||
"Type": "AWS::ApiGateway::Deployment", | ||
"Properties": { | ||
"RestApiId": { | ||
"Ref": "ExplicitApi" | ||
}, | ||
"Description": "RestApi deployment id: e11dac9531e1328d9249c42ac3e40044b4159d60", | ||
"StageName": "Stage" | ||
} | ||
}, | ||
"ExplicitApiProdStage": { | ||
"Type": "AWS::ApiGateway::Stage", | ||
"Properties": { | ||
"DeploymentId": { | ||
"Ref": "ExplicitApiDeploymente11dac9531" | ||
}, | ||
"RestApiId": { | ||
"Ref": "ExplicitApi" | ||
}, | ||
"StageName": "Prod" | ||
} | ||
}, | ||
"ExplicitApi": { | ||
"Type": "AWS::ApiGateway::RestApi", | ||
"Properties": { | ||
"Body": { | ||
"info": { | ||
"version": "1.0", | ||
"title": { | ||
"Ref": "AWS::StackName" | ||
} | ||
}, | ||
"paths": {}, | ||
"swagger": "2.0", | ||
"x-amazon-apigateway-policy": { | ||
"Version": "2012-10-17", | ||
"Statement": [ | ||
{ | ||
"Action": "execute-api:Invoke", | ||
"Resource": [ | ||
"execute-api:/*/*/*" | ||
] | ||
} | ||
] | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} |
65 changes: 65 additions & 0 deletions
65
tests/translator/output/api_with_resource_policy_global.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
{ | ||
"Resources": { | ||
"ExplicitApiProdStage": { | ||
"Type": "AWS::ApiGateway::Stage", | ||
"Properties": { | ||
"DeploymentId": { | ||
"Ref": "ExplicitApiDeployment8d22456d58" | ||
}, | ||
"RestApiId": { | ||
"Ref": "ExplicitApi" | ||
}, | ||
"StageName": "Prod" | ||
} | ||
}, | ||
"ExplicitApiDeployment8d22456d58": { | ||
"Type": "AWS::ApiGateway::Deployment", | ||
"Properties": { | ||
"RestApiId": { | ||
"Ref": "ExplicitApi" | ||
}, | ||
"Description": "RestApi deployment id: 8d22456d5883ad51c72f5d9be988d14f0a41182e", | ||
"StageName": "Stage" | ||
} | ||
}, | ||
"ExplicitApi": { | ||
"Type": "AWS::ApiGateway::RestApi", | ||
"Properties": { | ||
"Body": { | ||
"info": { | ||
"version": "1.0", | ||
"title": { | ||
"Ref": "AWS::StackName" | ||
} | ||
}, | ||
"paths": {}, | ||
"swagger": "2.0", | ||
"x-amazon-apigateway-policy": { | ||
"Version": "2012-10-17", | ||
"Statement": [ | ||
{ | ||
"Action": "sts:AssumeRole", | ||
"Effect": "Allow", | ||
"Principal": { | ||
"Service": "lambda.amazonaws.com" | ||
} | ||
}, | ||
{ | ||
"Action": "execute-api:Invoke", | ||
"Resource": [ | ||
"execute-api:/*/*/*" | ||
] | ||
}, | ||
{ | ||
"Action": "execute-api:blah", | ||
"Resource": [ | ||
"execute-api:/*/*/*" | ||
] | ||
} | ||
] | ||
} | ||
} | ||
} | ||
} | ||
} | ||
} |
Oops, something went wrong.