Add API Gateway endpoint security

[GrahamCampbell]

Summary

• Replacement for feat(rest-api): SecurityPolicy & EndpointAccessMode support #144 adding REST API endpoint security policy and access mode support.
• Uses upstream-style provider.apiGateway.endpoint config while preserving AWS's empty access mode unset behavior.

[Copilot]

Pull request overview

Adds support for configuring API Gateway v1 (REST API) endpoint security settings via provider.apiGateway.endpoint, aligning config shape with upstream while preserving AWS’s “unset via empty string” behavior for access mode.

Changes:

• Add provider.apiGateway.endpoint.securityPolicy and provider.apiGateway.endpoint.accessMode configuration schema and TypeScript typings.
• Compile REST API CloudFormation with SecurityPolicy and EndpointAccessMode when configured (including preserving accessMode: '').
• Add unit + integration test coverage and update documentation for the new configuration.

Reviewed changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
types/index.d.ts	Adds typings for provider.apiGateway.endpoint.{securityPolicy,accessMode}.
lib/plugins/aws/provider.js	Extends config schema to validate apiGateway.endpoint and restrict allowed accessMode values.
lib/plugins/aws/package/compile/events/api-gateway/lib/rest-api.js	Maps endpoint.securityPolicy / endpoint.accessMode into AWS::ApiGateway::RestApi properties.
test/unit/lib/plugins/aws/package/compile/events/api-gateway/lib/rest-api.test.js	Adds unit + integration tests for security policy/access mode mapping and schema validation failures.
docs/guides/serverless.yml.md	Documents provider.apiGateway.endpoint settings in the main serverless.yml guide.
docs/events/apigateway.md	Documents REST API SecurityPolicy/EndpointAccessMode behavior and limitations (http vs httpApi, restApiId import).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.