Custom CloudFormation resource providers for managing KONG API Gateway
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.idea
cloudformation
docs
src
tests
.dockerignore
.gitignore
.gitlab-ci.yml
.make-release-support
.pep8.rc
.release
Dockerfile.lambda
LICENSE
Makefile
Makefile.mk
README.md
requirements.txt
test-requirements.txt

README.md

cfn-kong-provider

A collection of CloudFormation custom providers for managing KONG API Gateway resources

How do I add an Kong Service?

It is quite easy: you specify a CloudFormation resource of type Custom::KongService and a Custom::KongRoute:

  HeaderService:
    Type: Custom::KongService
    Properties:
      Service:
        name: header-service
        host: httpbin.org
        protocol: https

      AdminURL: !Ref 'AdminURL'
      ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:binxio-cfn-kong-provider'

  HeaderRoute:
    Type: Custom::KongRoute
    Properties:
      Route:
        paths:
          - /headers
        service: 
          id: !Ref 'HeaderService'
      AdminURL: !Ref 'AdminURL'
      ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:binxio-cfn-kong-provider'

The Service object takes all properties as defined by add-service except url. The Route object takes all properties as defined by add-route.

How do I add a Plugin?

You specify a CloudFormation resource of type Custom::KongPlugin, as follows:

  KeyAuthPlugin:
    Type: Custom::KongPlugin
    Properties:
      Plugin:
        name: key-auth
        service_id: !Ref 'HeaderService'
      AdminURL: !Ref 'AdminURL'
      ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:binxio-cfn-kong-provider'

the Plugin object takes all properties as defined by add-plugin.

How do I add a Consumer?

You specify a CloudFormation resource of type Custom::KongConsumer, as follows:

  KongConsumer:
    Type: Custom::KongConsumer
    Properties:
      Consumer:
        username: johndoe
      AdminURL: !Ref 'AdminURL'
      ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:binxio-cfn-kong-provider'

The Consumer object takes all properties as defined by add-consumer.

You can also add credentials with Custom::KongCredential and ACLs with Custom::KongACL to the consumer.

Installation

To install these custom resources, type:

aws cloudformation create-stack \
	--capabilities CAPABILITY_IAM \
	--stack-name cfn-kong-provider \
	--template-body file://cloudformation/cfn-resource-provider.yaml

aws cloudformation wait stack-create-complete  --stack-name cfn-kong-provider 

This CloudFormation template will use our pre-packaged provider from s3://binxio-public-${AWS_REGION}/lambdas/cfn-kong-provider-0.5.1.zip.

Demo

For the demo to work, we need a deployed Kong API Gateway that is accessible from the Internet. If you do not have one, type:

aws cloudformation create-stack --stack-name kong-environment \
	--capabilities CAPABILITY_IAM \
	--template-body file://cloudformation/kong.yaml \
	--parameters ParameterKey=KongKeyName,ParameterValue=#insert-your-key-name-here#

aws cloudformation wait stack-create-complete  --stack-name kong-environment

ADMIN_URL=$(aws --output text --query 'Stacks[*].Outputs[?OutputKey==`AdminURL`].OutputValue' \
		cloudformation describe-stacks --stack-name kong-environment)
export ADMIN_URL

Note that it will create an entire Kong setup, including a VPC, loadbalancers and a Postgres Database. Do not forget to clean up afterwards.

aws cloudformation create-stack --stack-name cfn-kong-provider-demo \
	--template-body file://cloudformation/demo-stack.yaml \
	--parameters ParameterKey=AdminURL,ParameterValue=$ADMIN_URL

aws cloudformation wait stack-create-complete  --stack-name cfn-kong-provider-demo

To validate the result, type:

curl $ADMIN_URL/services/header-service
curl $ADMIN_URL/services/header-service/plugins
curl $ADMIN_URL/consumers/johndoe
curl $ADMIN_URL/consumers/johndoe/acls
curl $ADMIN_URL/consumers/johndoe/basic-auth
curl $ADMIN_URL/consumers/johndoe/key-auth

Note

As of version 0.5.0 we added support for Kong service and route API objects and deprecated support for the Kong api API object.