Ask Your Question
2

What is the process to grant authorization for API Gateway to call Lambda function within a CloudFormation template?

asked 2021-07-14 11:00:00 +0000

pufferfish gravatar image

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-07-12 20:00:00 +0000

qstack gravatar image

To grant authorization for API Gateway to call a Lambda function within a CloudFormation template, follow these steps:

  1. In your CloudFormation template, define your API Gateway and Lambda function resources.

  2. Add a resource policy to your Lambda function, which will allow the API Gateway to invoke it. For example:

"MyFunction": {
    "Type": "AWS::Lambda::Function",
    "Properties": {
        "FunctionName": "my-function",
        "Code": {...},
        "Role": {...},
        "Handler": "...",
        "Runtime": "nodejs14.x",
        "ResourcePolicy": {
            "PolicyDocument": {
                "Statement": [
                    {
                        "Effect": "Allow",
                        "Principal": {
                            "Service": [
                                "apigateway.amazonaws.com"
                            ]
                        },
                        "Action": "lambda:InvokeFunction",
                        "Resource": "*"
                    }
                ]
            }
        }
    }
}
  1. Add an integration between your API Gateway and Lambda function, specifying the ARN of the Lambda function and the method for invoking it. For example:
"MyRestApi": {
    "Type": "AWS::ApiGateway::RestApi",
    "Properties": {
        "Name": "my-api"
    }
},
"MyResource": {
    "Type": "AWS::ApiGateway::Resource",
    "Properties": {
        "ParentId": {"Fn::GetAtt": ["MyRestApi", "RootResourceId"]},
        "PathPart": "my-resource"
    }
},
"MyMethod": {
    "Type": "AWS::ApiGateway::Method",
    "Properties": {
        "RestApiId": {"Ref": "MyRestApi"},
        "ResourceId": {"Ref": "MyResource"},
        "HttpMethod": "GET",
        "AuthorizationType": "NONE",
        "Integration": {
            "IntegrationHttpMethod": "POST",
            "Type": "AWS_PROXY",
            "Uri": {"Fn::Join": ["", ["arn:aws:apigateway:", {"Ref": "AWS::Region"}, ":lambda:path/2015-03-31/functions/", {"Fn::GetAtt": ["MyFunction", "Arn"]}, "/invocations"]]}
        }
    }
}
  1. Deploy your API Gateway, which will create an endpoint for invoking your Lambda function.

With these steps, your API Gateway will be authorized to call your Lambda function, and your CloudFormation stack will be able to create and manage the resources needed for this integration.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss

Add Answer


Question Tools

subscribe to rss feed

Stats

Asked: 2021-07-14 11:00:00 +0000

Seen: 15 times

Last updated: Jul 12 '22

Related questions

How to distribute Elasticache cluster nodes among several AWS Availability Zones?

What are the steps to connect a subdomain from Google Domains to a server port that is hosted on AWS?

How can authentication with AWS Amplify be integrated into a monorepo using Nx?

What is the process of automating deployment from GitHub to AWS?

How to create a user pool in AWS?

Which alternative to aws.Endpoint can be utilized in AWS SDK v3?

How to utilize AWS KMS for signing a Pdf document?

What is the process to modify the background of the login/signup screen for aws amplify/cognito?

How to use Sim 7080 AT Commands for establishing an MQTTS connection with AWS IOT?

What is the significance of AWS Glue and AWS Glue Connector for Elasticsearch?

Copyright QStack.ai, 2010-2023. Content on this site is licensed under the Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service | contact