API Gateway Resource Policy Support Feature

[ptrivedi9400]

This is a Feature Proposal

Description

Recently API Gateway (April 2nd, 2018) started providing resource policy to handle each API. Which includes blacklisting IP or allowing denying IP.

This is currently only supported by the API Gateway API, AWS console, AWS SDK and not yet by CloudFormation, which I'm guessing is why it is not yet supported by Serverless.

Announcement

Blog for console-based setup

Probably best to wait for CloudFormation to catch up on this so I'm just registering for a future task.

For feature proposals:

• IP Blacklisting or allowing a certain type of method. Basically IAM type policy but without creating IAM role/policy.
• Json input or parameter based information can be set up.

Note
** Forum Question in relation

[horike37]

@ptrivedi9400
Sounds good to introduce this functionality 😄
I just added wait-cf-support tag so that someone can get started to implement it after support.

[laardee]

@horike37 Just noticed that CloudFormation supports resource policy. Here's a PR #5071

[horike37]

@laardee
Awesome! Great!
We will review as soon as possible 👍

[superandrew]

such a good news! would this enable serverless to use private vpc endpoints?

[dailyherold]

@superandrew still believe there's a pre-req to create the vpc endpoint (type integration). CF just added support for that end of last week, but don't think it's in scope of this PR.

[superandrew]

@dailyherold does this mean that we have to manually create the VPC endpoint in API Gateway and link it manually to the CloudFormation stack which has to be built without the API Gateway?

[laardee]

@superandrew this PR (#5080) adds support for private endpoints