To grant authorization for API Gateway to call a Lambda function within a CloudFormation template, follow these steps:
In your CloudFormation template, define your API Gateway and Lambda function resources.
Add a resource policy to your Lambda function, which will allow the API Gateway to invoke it. For example:
"MyFunction": {
"Type": "AWS::Lambda::Function",
"Properties": {
"FunctionName": "my-function",
"Code": {...},
"Role": {...},
"Handler": "...",
"Runtime": "nodejs14.x",
"ResourcePolicy": {
"PolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"apigateway.amazonaws.com"
]
},
"Action": "lambda:InvokeFunction",
"Resource": "*"
}
]
}
}
}
}
"MyRestApi": {
"Type": "AWS::ApiGateway::RestApi",
"Properties": {
"Name": "my-api"
}
},
"MyResource": {
"Type": "AWS::ApiGateway::Resource",
"Properties": {
"ParentId": {"Fn::GetAtt": ["MyRestApi", "RootResourceId"]},
"PathPart": "my-resource"
}
},
"MyMethod": {
"Type": "AWS::ApiGateway::Method",
"Properties": {
"RestApiId": {"Ref": "MyRestApi"},
"ResourceId": {"Ref": "MyResource"},
"HttpMethod": "GET",
"AuthorizationType": "NONE",
"Integration": {
"IntegrationHttpMethod": "POST",
"Type": "AWS_PROXY",
"Uri": {"Fn::Join": ["", ["arn:aws:apigateway:", {"Ref": "AWS::Region"}, ":lambda:path/2015-03-31/functions/", {"Fn::GetAtt": ["MyFunction", "Arn"]}, "/invocations"]]}
}
}
}
With these steps, your API Gateway will be authorized to call your Lambda function, and your CloudFormation stack will be able to create and manage the resources needed for this integration.
Asked: 2021-07-14 11:00:00 +0000
Seen: 17 times
Last updated: Jul 12 '22