1. Docs
  2. @pulumi/awsx
  3. classic
  4. apigateway

Module classic/apigateway

    Pulumi API Gateway Components

    Pulumi’s API for simplifying working with API Gateway. The API currently provides ways to define routes that accepts and forwards traffic to a specified destination. A route is a publicly accessible URI that supports the defined HTTP methods and responds according to the route definition.

    Defining an Endpoint

    To define an endpoint you will need to specify a route. You can also define the stage name (else it will default to “stage”). A stage is an addressable instance of the Rest API.

    Routes

    The destination is determined by the route, which can be an Event Handler Route, a Static Route, an Integration Route or a Raw Data Route.

    Event Handler Route

    An Event Handler Route is a route that will map to a Lambda. You will need to specify the path, method and the Lambda. Pulumi allows you to define the Lambda inline with your application code and provisions the appropriate permissions on your behalf so that API Gateway can communicate with your Lambda.

    import * as awsx from "@pulumi/awsx";
    
    let endpoint = new awsx.apigateway.API("example", {
        routes: [{
            path: "/",
            method: "GET",
            eventHandler: async (event) => {
                // This code runs in an AWS Lambda and will be invoked any time `/` is hit.
                return {
                    statusCode: 200,
                    body: "hello",
                };
            },
        }],
    })
    

    A complete example can be found here.

    You can also link a route to an existing Lambda using aws.lambda.Function.get.

    import * as aws from "@pulumi/aws";
    import * as awsx from "@pulumi/awsx";
    
    let endpoint = new awsx.apigateway.API("example", {
        routes: [{
            path: "/",
            method: "GET",
            eventHandler: aws.lambda.Function.get("example", "your_lambda_id"),
        }],
    })
    

    Additionally, you can control the Lambda that is created by calling new aws.lambda.CallbackFunction.

    import * as aws from "@pulumi/aws";
    import * as awsx from "@pulumi/awsx";
    
    let endpoint = new awsx.apigateway.API("example", {
        routes: [{
            path: "/",
            method: "GET",
            eventHandler: new aws.lambda.CallbackFunction("test", {
                memorySize: 256,
                callback: async (event) => {
                    return {
                        statusCode: 200,
                        body: "<h1>Hello world!</h1>",
                    };
                },
            }),
        }],
    })
    
    Static Route

    A Static Route is a route that will map to static content in files/directories. You will need to define the local path and then the files (and subdirectories) will be uploaded into S3 objects. If the local path points to a file, you can specify the content-type. Else, the content types for all files in a directory are inferred.

    By default, any request on directory will serve index.html. This behavior can be disabled by setting the index field to false.

    import * as awsx from "@pulumi/awsx";
    
    let endpoint = new awsx.apigateway.API("example", {
        routes: [{
            path: "/www",
            localPath: "www",
            index: false,
        }],
    })
    

    A complete example can be found here.

    Integration Route

    An Integration Route is a route that will map an endpoint to a specified backend. The supported types are:

    * `http` or `http_proxy`: integration with an HTTP backend
    * `aws_proxy`: integration with AWS Lambda functions
    * `aws`: integration with AWS Lambda functions or other AWS services, such as Amazon DynamoDB, Amazon Simple Notification Service or Amazon Simple Queue Service
    * `mock`: integration with API Gateway without invoking any backend
    
    import * as awsx from "@pulumi/awsx";
    
    let endpoint = new awsx.apigateway.API("example", {
        routes: [{
            path: "/integration",
            target: {
                uri: "https://www.google.com",
                type: "http_proxy",
            },
        }],
    })
    

    For more information API Integrations, visit the AWS documentation.

    Raw Data Route

    A Raw Data Route is a fallback route for when raw swagger control is desired. The data field should be an object that will be then included in the final swagger specification. For more information on the x-amazon-apigateway-integration swagger object, visit the AWS documentation.

    import * as awsx from "@pulumi/awsx";
    
    let endpoint = new awsx.apigateway.API("example", {
        routes: [{
            path: "/rawdata",
            method: "GET",
            data: {
                "x-amazon-apigateway-integration": {
                    "uri": "https://www.google.com/",
                    "responses": {
                        "default": {
                            "statusCode": "200",
                        },
                    },
                    "passthroughBehavior": "when_no_match",
                    "httpMethod": "GET",
                    "type": "http_proxy",
                },
            },
        }],
    })
    

    Request Validation

    API Gateway can perform basic validations against request parameters, a request payload or both. When a validation fails, a 400 error is returned immediately.

    Validators

    Validators can be assigned at the API level or at the method level. The validators defined at a method level override any validator set at the API level.

    You must specify one of the following validators:

    • “ALL” - validate both the request body and request parameters
    • “BODY_ONLY” - validate only the request body
    • “PARAMS_ONLY” - validate only the request parameters
    import * as awsx from "@pulumi/awsx";
    
    let endpoint = new awsx.apigateway.API("example", {
        routes: [{
            path: "/www",
            localPath: "www",
            index: false,
            requestValidator: "PARAMS_ONLY",
        }],
        requestValidator: "ALL",
    })
    
    Request Parameters

    For each required request parameter, you must define the name and where the parameter is expected (i.e. “path”, “query”, or “header”).

    import * as awsx from "@pulumi/awsx";
    
    let endpoint = new awsx.apigateway.API("example", {
        routes: [{
            path: "/www",
            localPath: "www",
            index: false,
            requestValidator: "PARAMS_ONLY",
            requiredParams: [{
                name: "key",
                in: "query",
            }]
        }],
    })
    
    Request Body

    Request body validation is currently not supported. If you have a strong use case, please comment on this open issue.

    API Keys

    To require an API Key for an API Gateway route you set the apiKeyRequired property equal to true. At the API level, you can choose if you want the API Key source to be HEADER (i.e. client includes a x-api-key header with the API Key) or AUTHORIZER (i.e. a Lambda authorizer sends the API Key as part of the authorization response). If the API Key source is not set, then the source will default to HEADER.

    import * as awsx from "@pulumi/awsx";
    
    const api = new awsx.apigateway.API("myapi", {
        routes: [{
            path: "/a",
            method: "GET",
            eventHandler: async () => {
                return {
                    statusCode: 200,
                    body: "<h1>Hello world!</h1>",
                };
            },
            apiKeyRequired: true,
        }],
        apiKeySource: "AUTHORIZER",
    });
    

    You will also need to create a usage plan (new aws.apigateway.UsagePlan) and an API key (new aws.apigateway.ApiKey) and then associate the key with the usage plan (new aws.apigateway.UsagePlanKey). To simplify the creation of API Keys associated with your API you can use awsx.apigateway.createAssociatedAPIKeys, which create a Usage Plan, API Keys and associates the API Keys by creating a UsagePlanKey. Below is an example of using this helper function:

    import * as awsx from "@pulumi/awsx";
    
    const apikeys = awsx.apigateway.createAssociatedAPIKeys("my-api-keys", {
        apis: [api],
        apiKeys: [{
            name: "test-key",
        }],
    });
    
     // Export the API Key if desired
    export const apiKeyValue = apikeys.keys[0].apikey.value;
    

    awsx.apigateway.createAssociatedAPIKeys will return an object that contains the Usage Plan, API Keys and Usage Plan Keys. Instead of providing the APIs, you can also specify the api stages for the Usage Plan as follows:

    import * as awsx from "@pulumi/awsx";
    
    const apikeys = awsx.apigateway.createAssociatedAPIKeys("my-api-keys", {
        usagePlan: {
            apiStages: [{
                apiId: api.restAPI.id,
                stage: api.stage.stageName,
            }],
        },
        apiKeys: [{
            name: "test-key",
        }],
    });
    

    Lambda Authorizers

    Lambda Authorizers are AWS Lambda functions that provide control access to an API. You can define a Lambda Authorizer for an Event Handler Route or a Static Route. API Gateway supports request or token type Lambda authorizers. A token Lambda Authorizer uses an authorization token (i.e. a header in the form Authorization: Token <token>) to authorize the user, whereas a request Lambda Authorizer uses the request parameters (i.e. headers, path parameter or query parameters).

    To define an Authorizer, you provide a Lambda that fulfills aws.lambda.EventHandler<AuthorizerEvent, AuthorizerResponse> or you provide information on a pre-existing Lambda authorizer. The example below shows defining the Authorizer Lambda directly inline. See the Event Handler Route section for other ways you can define a Lambda for the Authorizer.

    Request Authorizer

    Below is an example of a custom request Lambda Authorizer that uses awsx.apigateway.getRequestLambdaAuthorizer to simplify defining the authorizer.

    import * as awsx from "@pulumi/awsx";
    
    const api = new awsx.apigateway.API("myapi", {
        routes: [{
            path: "/b",
            method: "GET",
            eventHandler: async () => {
                return {
                    statusCode: 200,
                    body: "<h1>Hello world!</h1>",
                };
            },
            authorizers: [awsx.apigateway.getRequestLambdaAuthorizer({
                queryParameters: ["auth"],
                handler: async (event: awsx.apigateway.AuthorizerEvent) => {
                    // Add your own custom authorization logic here.
                    // Access the headers using event.headers, the query parameters using
                    // event.queryStringParameters or path parameters using event.pathParameters
                    return awsx.apigateway.authorizerResponse("user", "Allow", event.methodArn);
                },
            })],
        }],
    });
    

    You may also define the authorizer by specifying all the values. As seen below:

    import * as awsx from "@pulumi/awsx";
    
    const api = new awsx.apigateway.API("myapi", {
        routes: [{
            ...
            authorizers: [{
                authorizerName: "prettyAuthorizer",
                parameterName: "auth",
                parameterLocation: "query",
                authType: "custom",
                type: "request",
                handler: async (event: awsx.apigateway.AuthorizerEvent) => {
                    // Add your own custom authorization logic here.
                    return awsx.apigateway.authorizerResponse(
                        "user",
                        "Allow",
                        event.methodArn);
                },
                identitySource: ["method.request.querystring.auth"],
            }],
        }],
    });
    
    Token Authorizer

    Below is an example of a custom token Lambda Authorizer that uses awsx.apigateway. to simplify the creation of the authorizer.

    import * as awsx from "@pulumi/awsx";
    
    const api = new awsx.apigateway.API("myapi", {
        routes: [{
            path: "/b",
            method: "GET",
            eventHandler: async () => {
                return {
                    statusCode: 200,
                    body: "<h1>Hello world!</h1>",
                };
            },
            authorizers: [awsx.apigateway.getTokenLambdaAuthorizer({
                handler: async (event: awsx.apigateway.AuthorizerEvent) => {
                    // Add your own custom authorization logic here.
                    const token = event.authorizationToken;
                    if (token === "Allow") {
                        return awsx.apigateway.authorizerResponse("user","Allow", event.methodArn);
                    }
                    return awsx.apigateway.authorizerResponse("user", "Deny", event.methodArn);
                },
            })],
        }],
    });
    

    You may also define the authorizer by specifying all the values. As seen below:

    import * as awsx from "@pulumi/awsx";
    
    const api = new awsx.apigateway.API("myapi", {
        routes: [{
            path: "/b",
            method: "GET",
            eventHandler: async () => {
                return {
                    statusCode: 200,
                    body: "<h1>Hello world!</h1>",
                };
            },
            authorizers: [{
                parameterName: "Authorization",
                parameterLocation: "header",
                authType: "oauth2",
                type: "request",
                handler: async (event: awsx.apigateway.AuthorizerEvent) => {
                    // Add your own custom authorization logic here.
                     return awsx.apigateway.authorizerResponse("user", "Allow", event.methodArn);
                },
            }],
        }],
    });
    
    Specifying the Role

    If your Authorizer requires access to other AWS resources, you will need to provision the appropriate role. You can do so by using new aws.lambda.CallbackFunction.

    import * as aws from "@pulumi/aws";
    import * as awsx from "@pulumi/awsx";
    
    const callbackFxn = new aws.lambda.CallbackFunction("callbackFxn", {
        callback: async (event: awsx.apigateway.AuthorizerEvent) => {
            // Add custom authorization logic here
            return awsx.apigateway.authorizerResponse("user", "Allow", event.methodArn);
        },
        role: role, // Specify role with appropriate AWS permissions.
    });
    
    const api = new awsx.apigateway.API("myapi", {
        routes: [{
            path: "/b",
            method: "GET",
            eventHandler: async () => {
                return {
                    statusCode: 200,
                    body: "<h1>Hello world!</h1>",
                };
            },
            authorizers: [{
                parameterName: "Authorization",
                parameterLocation: "header",
                authType: "oauth2",
                type: "request",
                handler: callbackFxn,
            }],
        }],
    });
    
    Using a Pre-existing AWS Lambda

    You can also define the Lambda Authorizer elsewhere and then reference the required values.

    import * as awsx from "@pulumi/awsx";
    
    const apiWithAuthorizer = new awsx.apigateway.API("authorizer-api", {
        routes: [{
            ...
            authorizers: [{
                authorizerName: "testing",
                parameterName: "auth",
                parameterLocation: "query",
                authType: "custom",
                type: "request",
                handler: {
                    // Either specify the aws.lambda.Function or provide the invoke URI
                    uri: authorizerLambda,
                    credentials: gatewayRole.arn,
                },
                identitySource: ["method.request.querystring.auth"],
            }],
        }],
    });
    

    A complete example of defining the Lambda Authorizer elsewhere can be found here.

    Authorizer Response

    A helper function awsx.apigateway.authorizerResponse has been created to simplify generating the authorizer response. This can be used when defining the authorizer handler as follows:

    import * as awsx from "@pulumi/awsx";
    
    const api = new awsx.apigateway.API("myapi", {
        routes: [{
            ...
            authorizers: [{
                header: "Authorization",
                handler: async (event: awsx.apigateway.AuthorizerEvent) => {
                    // Add your own custom authorization logic here.
                    const token = event.authorizationToken;
                    if (token === "Allow") {
                        return awsx.apigateway.authorizerResponse("user", "Allow", event.methodArn);
                    }
                    return awsx.apigateway.authorizerResponse("user", "Deny", event.methodArn);
                },
            }],
        }],
    });
    

    Cognito Authorizers

    Cognito Authorizers allow you to use Amazon Cognito User Pools as an Authorizer for API Gateway. This will require users to sign in to the user pool, obtain an identity/access token and then call your API with said token.

    import * as awsx from "@pulumi/awsx";
    
    // Create an AWS Cognito User Pool
    const cognitoUserPool = new aws.cognito.UserPool("pool", {});
    
    // Create an API that requires authorizes against the User Pool
    const apiWithCognitoAuthorizer = new awsx.apigateway.API("cognito-protected-api", {
        routes: [{
            path: "/www_old",
            localPath: "www",
            authorizers: [awsx.apigateway.getCognitoAuthorizer({
                providerARNs: [cognitoUserPool],
            })],
        }],
    });
    

    Swagger String

    You can use a OpenAPI specification that is in string form to initialize the API Gateway. This in a way is an escape hatch for implementing featured not yet supported by Pulumi. You must manually provide permission for any route targets to be invoked by API Gateway when using this option.

    import * as awsx from "@pulumi/awsx";
    
    const swaggerSpec = {
        swagger: "2.0",
        info: { title: "api", version: "1.0" },
        ...
    };
    
    let endpoint = new awsx.apigateway.API("example", {
        swaggerString: JSON.stringify(swaggerSpec),
        stageName: "dev",
    })
    

    Resources

    Others

    Resources

    Resource API

    class API extends ComponentResource

    constructor

    new API(name: string, args: APIArgs, opts: ComponentResourceOptions)

    method getData

    protected getData(): Promise<TData>

    Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

    method getFunction

    public getFunction(route?: undefined | string, method?: Method): Function

    Returns the [aws.lambda.Function] an [EventHandlerRoute] points to. This will either be for the aws.lambda.Function created on your behalf if the route was passed a normal JavaScript/Typescript function, or it will be the [aws.lambda.Function] that was explicitly passed in.

    [route] and [method] can both be elided if this API only has a single [EventHandlerRoute] assigned to it.

    [method] can be elided if [route] only has a single [EventHandlerRoute] assigned to it.

    This method will throw if the provided [route] and [method] do not resolve to a single [aws.lambda.Function]

    method getProvider

    getProvider(moduleMember: string): ProviderResource | undefined

    method initialize

    protected initialize(args: Inputs): Promise<TData>

    Can be overridden by a subclass to asynchronously initialize data for this Component automatically when constructed. The data will be available immediately for subclass constructors to use. To access the data use .getData.

    method isInstance

    static isInstance(obj: any): obj is ComponentResource

    Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

    method registerOutputs

    protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

    registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

    ComponentResources can call this at the end of their constructor to indicate that they are done creating child resources. This is not strictly necessary as this will automatically be called after the initialize method completes.

    property apiPolicy

    public apiPolicy?: aws.apigateway.RestApiPolicy;

    property deployment

    public deployment: Deployment;

    property restAPI

    public restAPI: RestApi;

    property stage

    public stage: Stage;

    property staticRoutesBucket

    public staticRoutesBucket?: aws.s3.Bucket;

    Bucket where static resources were placed. Only set if a Bucket was provided to the API at construction time, or if there were any [StaticRoute]s passed to the API.

    property url

    public url: pulumi.Output<string>;

    property urn

    urn: Output<URN>;

    urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

    Others

    type AdditionalRoute

    type AdditionalRoute = IntegrationRoute | RawDataRoute;

    Subset of Route types that can be passed in as an Output to the API. These Route types will not themselves cause other Resources to be created.

    Unlike routes, these can be provided as an Output of an array instead of having to just be an array. However, because they can be Outputs, they are restricted to a subset of Route types that will not cause resources to be created.

    This can be useful, for example, when creating an API that needs to create an indeterminate number of integration-routes based on the Output of some other resource. For example:

    const additionalRoutes = elasticBeanstalkEnvironment.loadBalancers.apply(lbs =>
      lbs.map(arn => <awsx.apigateway.IntegrationRoute>{
        path: "/greeting",
        method: "GET",
        target: {
            type: "http_proxy",
            uri: `http://${aws.lb.getLoadBalancer({ arn }).dnsName}`,
        }
      }));
    
    const api = new awsx.apigateway.API("apiName", { additionalRoutes });
    

    In this example computing all of the individual additionalRoutes depends on the individual array values in elasticBeanstalkEnvironment.loadBalancers (which is itself an Output). These could not normally be converted into the reified Route[] array since computing a value off of an Output produces yet another Output. routes itself cannot be an Output because it will often create additional AWS resources, and creating those resources dependent on some other resource value would mean not being able to create and present a preview plan because the actual resources created would depend on previous resources.

    So additionalRoutes serves as a way to bridge both approaches. Routes is used when the values are known up-front (or when it would cause Resources to be created). additionalRoutes is used when values are not a-priori known, and when they will not create additional Resources themselves.

    interface APIArgs

    interface APIArgs

    property additionalRoutes

    additionalRoutes?: pulumi.Input<pulumi.Input<AdditionalRoute>[]>;

    Routes to use to initialize the APIGateway. These will be used to create the Swagger specification for the API.

    Either [swaggerString] or [routes] or [additionalRoutes] must be specified. [routes] can be provided along with [additionalRoutes].

    property apiKeySource

    apiKeySource?: APIKeySource;

    The source for the apikey. This can either be a HEADER or AUTHORIZER. If [apiKeyRequired] is set to true on a route, and this is not defined the value will default to HEADER.

    property deploymentArgs

    deploymentArgs?: DeploymentArgs;

    Additional optional args that can be passed along to the aws.apigateway.Deployment created by the awsx.apigateway.API.

    property gatewayResponses

    gatewayResponses?: Record<string, SwaggerGatewayResponse>;

    Define custom gateway responses for the API. This can be used to properly enable CORS for Lambda Authorizers.

    property requestValidator

    requestValidator?: RequestValidator;

    Request Validator specifies the validator to use at the API level. Note method level validators override this.

    property restApiArgs

    restApiArgs?: RestApiArgs;

    Additional optional args that can be passed along to the aws.apigateway.RestApi created by the awsx.apigateway.API.

    property routes

    routes?: Route[];

    Routes to use to initialize the APIGateway. These will be used to create the Swagger specification for the API.

    Either [swaggerString] or [routes] or [additionalRoutes] must be specified. [routes] can be provided along with [additionalRoutes].

    property stageArgs

    stageArgs?: StageArgs;

    Additional optional args that can be passed along to the aws.apigateway.Stage created by the awsx.apigateway.API.

    property stageName

    stageName?: pulumi.Input<string>;

    The stage name for your API. This will get added as a base path to your API url.

    property staticRoutesBucket

    staticRoutesBucket?: Bucket | BucketArgs;

    Bucket to use for placing resources for static resources. If not provided a default one will be created on your behalf if any [StaticRoute]s are provided.

    property swaggerString

    swaggerString?: pulumi.Input<string>;

    A Swagger specification already in string form to use to initialize the APIGateway. Note that you must manually provide permission for any route targets to be invoked by API Gateway when using [swaggerString].

    Either [swaggerString] or [routes] must be specified.

    interface ApigatewayAuth

    interface ApigatewayAuth

    property type

    type: string;

    interface ApigatewayIntegration

    interface ApigatewayIntegration

    property connectionId

    connectionId?: pulumi.Input<string | undefined>;

    property connectionType

    connectionType?: pulumi.Input<IntegrationConnectionType | undefined>;

    property credentials

    credentials?: pulumi.Output<string>;

    property httpMethod

    httpMethod: pulumi.Input<Method>;

    property passthroughBehavior

    passthroughBehavior?: pulumi.Input<IntegrationPassthroughBehavior>;

    property requestParameters

    requestParameters?: any;

    property responses

    responses?: undefined | {[pattern: string]: SwaggerAPIGatewayIntegrationResponse};

    property type

    type: pulumi.Input<IntegrationType>;

    property uri

    uri: pulumi.Input<string>;

    interface APIKeyArgs

    interface APIKeyArgs

    Input properties for creating a UsagePlan and associated API Keys.

    property apiKeys

    apiKeys?: Array<ApiKey | ApiKeyArgs>;

    The API keys you would like to create & associate with the usage plan. You can pass an array that has a combination of:

    1. an existing APIKey
    2. ApiKeyArgs for a new APIKey

    property apis

    apis?: API[];

    Define the apis you would like to associate the usage plan with. This can be used in place of defining the apiStages defined in the [usagePlan]. You cannot define both [apis] and [usagePlan.apiStages].

    property usagePlan

    usagePlan?: UsagePlan | UsagePlanArgs;

    Define the usage plan to create. You can either define:

    1. an existing Usage Plan - the API Keys will be associated with the usage plan
    2. UsagePlanArgs with [usagePlan.apiStages] defined to define a new Usage Plan
    3. UsagePlanArgs with [apis] defined and [usagePlan.apiStages] NOT defined to define a new Usage Plan
    4. Nothing - if you do not specify [apis] and pass in an empty object, a new usage plan will be created on your behalf with the all the default values.

    const apiKeySecurityDefinition

    let in

    let in: "header" = "header";

    let name

    let name: string = "x-api-key";

    let type

    let type: "apiKey" = "apiKey";

    type APIKeySource

    type APIKeySource = "HEADER" | "AUTHORIZER";

    interface AssociatedAPIKeys

    interface AssociatedAPIKeys

    The associate api keys and the usage plan as created by the createAssociatedAPIKeys function.

    property keys

    keys: Key[];

    The keys that were associated with the usage plan.

    property usagePlan

    usagePlan: UsagePlan;

    Either the aws.apigateway.UsagePlan created for you, or the usage plan passed to as part of the APIKeyArgs.

    type AuthorizerEvent

    type AuthorizerEvent = CustomAuthorizerEvent;

    function authorizerResponse

    authorizerResponse(principalId: string, effect: Effect, resource: string, context?: AuthResponseContext, apiKey?: undefined | string): AuthorizerResponse

    Simplifies creating an AuthorizerResponse.

    type AuthorizerResponse

    type AuthorizerResponse = awslambda.CustomAuthorizerResult;

    type AuthResponseContext

    type AuthResponseContext = awslambda.AuthResponseContext;

    interface BaseRoute

    interface BaseRoute

    property apiKeyRequired

    apiKeyRequired?: undefined | false | true;

    If true, an API key will be required for this route. The source for the API Key can be set at the API level and by default, the source will be the HEADER.

    property authorizers

    authorizers?: Authorizer[] | Authorizer;

    Authorizers allows you to define Lambda authorizers be applied for authorization when the the route is called.

    property iamAuthEnabled

    iamAuthEnabled?: undefined | false | true;

    By default, the route method auth type is set to NONE. If true, the auth type will be set to AWS_IAM.

    property requestValidator

    requestValidator?: RequestValidator;

    Request Validator specifies the validator to use at the method level. This will override anything defined at the API level.

    property requiredParameters

    requiredParameters?: Parameter[];

    Required Parameters to validate. If the request validator is set to ALL or PARAMS_ONLY, api gateway will validate these before sending traffic to the event handler.

    interface CognitoAuthorizer

    interface CognitoAuthorizer

    CognitoAuthorizer provides the definition for a Cognito User Pools Authorizer for API Gateway.

    property authorizerName

    authorizerName?: undefined | string;

    The name for the Authorizer to be referenced as. This must be unique for each unique authorizer within the API. If no name if specified, a name will be generated for you.

    property authorizerResultTtlInSeconds

    authorizerResultTtlInSeconds?: undefined | number;

    The number of seconds during which the resulting IAM policy is cached. Default is 300s. You can set this value to 0 to disable caching. Max value is 3600s. Note - if you are sharing an authorizer across more than one route you will want to disable the cache or else it will cause problems for you.

    property identitySource

    identitySource: string[];

    List containing the request header that holds the authorization token. Example: if the token header is Auth the identity source would be [“method.request.header.Auth”]

    property identityValidationExpression

    identityValidationExpression?: undefined | string;

    A regular expression for validating the token as the incoming identity. It only invokes the authorizer if there is a match, else it will return a 401. Example: “^x-[a-z]+”

    property methodsToAuthorize

    methodsToAuthorize?: string[];

    For method authorization, you can define resource servers and custom scopes by specifying the “resource-server/scope”. e.g. [“com.hamuta.movies/drama.view”, “http://my.resource.com/file.read”] For more information on resource servers and custom scopes visit the AWS documentation - https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html

    property parameterName

    parameterName: string;

    parameterName is the name of the header containing the authorization token.

    property providerARNs

    providerARNs: string | Promise<string> | OutputInstance<string> | UserPool[];

    The ARNs of the Cognito User Pools to use.

    interface CognitoAuthorizerArgs

    interface CognitoAuthorizerArgs

    The set of arguments for constructing a CognitoAuthorizer resource.

    property authorizerName

    authorizerName?: undefined | string;

    The name for the Authorizer to be referenced as. This must be unique for each unique authorizer within the API. If no name if specified, a name will be generated for you.

    property authorizerResultTtlInSeconds

    authorizerResultTtlInSeconds?: undefined | number;

    The number of seconds during which the resulting IAM policy is cached. Default is 300s. You can set this value to 0 to disable caching. Max value is 3600s. Note - if you are sharing an authorizer across more than one route you will want to disable the cache or else it will cause problems for you.

    property header

    header?: undefined | string;

    The request header for the authorization token. If not set, this defaults to “Authorization”.

    property identityValidationExpression

    identityValidationExpression?: undefined | string;

    A regular expression for validating the token as the incoming identity. It only invokes the authorizer if there is a match, else it will return a 401. Example: “^x-[a-z]+”

    property methodsToAuthorize

    methodsToAuthorize?: string[];

    For method authorization, you can define resource servers and custom scopes by specifying the “resource-server/scope”. e.g. [“com.hamuta.movies/drama.view”, “http://my.resource.com/file.read”] For more information on resource servers and custom scopes visit the AWS documentation - https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html

    property providerARNs

    providerARNs: string | Promise<string> | OutputInstance<string> | UserPool[];

    The ARNs of the Cognito User Pools to use.

    function createAPI

    createAPI(parent: Resource, name: string, args: APIArgs, optsParent?: pulumi.Resource): APIResources

    function createAssociatedAPIKeys

    createAssociatedAPIKeys(name: string, args: APIKeyArgs, opts: CustomResourceOptions): AssociatedAPIKeys

    Helper function that allows you to quickly create API Keys and associate them with an API.

    interface DeploymentArgs

    interface DeploymentArgs

    Additional optional args that can be passed along to the Deployment created by the awsx.apigateway.API.

    property description

    description?: pulumi.Input<string>;

    The description of the deployment

    property stageDescription

    stageDescription?: pulumi.Input<string>;

    The description of the stage

    type Effect

    type Effect = "Allow" | "Deny";

    interface Endpoint

    interface Endpoint

    property hostname

    hostname: string;

    property loadBalancer

    loadBalancer: LoadBalancer;

    property port

    port: number;

    interface EventHandlerRoute

    interface EventHandlerRoute extends BaseRoute

    property apiKeyRequired

    apiKeyRequired?: undefined | false | true;

    If true, an API key will be required for this route. The source for the API Key can be set at the API level and by default, the source will be the HEADER.

    property authorizers

    authorizers?: Authorizer[] | Authorizer;

    Authorizers allows you to define Lambda authorizers be applied for authorization when the the route is called.

    property eventHandler

    eventHandler: aws.lambda.EventHandler<Request, Response>;

    property iamAuthEnabled

    iamAuthEnabled?: undefined | false | true;

    By default, the route method auth type is set to NONE. If true, the auth type will be set to AWS_IAM.

    property method

    method: Method;

    property path

    path: string;

    The path on the API that will invoke the provided [eventHandler]. If not prefixed with /, then a / will be added automatically to the beginning.

    property requestValidator

    requestValidator?: RequestValidator;

    Request Validator specifies the validator to use at the method level. This will override anything defined at the API level.

    property requiredParameters

    requiredParameters?: Parameter[];

    Required Parameters to validate. If the request validator is set to ALL or PARAMS_ONLY, api gateway will validate these before sending traffic to the event handler.

    function getCognitoAuthorizer

    getCognitoAuthorizer(args: CognitoAuthorizerArgs): CognitoAuthorizer

    getCognitoAuthorizer is a helper function to generate a CognitoAuthorizer.

    function getRequestLambdaAuthorizer

    getRequestLambdaAuthorizer(args: RequestAuthorizerArgs): LambdaAuthorizer

    getRequestLambdaAuthorizer is a helper function to generate a request LambdaAuthorizer.

    function getTokenLambdaAuthorizer

    getTokenLambdaAuthorizer(args: TokenAuthorizerArgs): LambdaAuthorizer

    getTokenLambdaAuthorizer is a helper function to generate a token LambdaAuthorizer.

    type IntegrationConnectionType

    type IntegrationConnectionType = "INTERNET" | "VPC_LINK";

    type IntegrationPassthroughBehavior

    type IntegrationPassthroughBehavior = "when_no_match" | "when_no_templates" | "never";

    interface IntegrationRoute

    interface IntegrationRoute extends BaseRoute

    An apigateway route for an integration. https://docs.aws.amazon.com/apigateway/api-reference/resource/integration/ for more details.

    property apiKeyRequired

    apiKeyRequired?: undefined | false | true;

    If true, an API key will be required for this route. The source for the API Key can be set at the API level and by default, the source will be the HEADER.

    property authorizers

    authorizers?: Authorizer[] | Authorizer;

    Authorizers allows you to define Lambda authorizers be applied for authorization when the the route is called.

    property iamAuthEnabled

    iamAuthEnabled?: undefined | false | true;

    By default, the route method auth type is set to NONE. If true, the auth type will be set to AWS_IAM.

    property path

    path: string;

    The path on the API that will invoke the provided [target]. If not prefixed with /, then a / will be added automatically to the beginning.

    property requestValidator

    requestValidator?: RequestValidator;

    Request Validator specifies the validator to use at the method level. This will override anything defined at the API level.

    property requiredParameters

    requiredParameters?: Parameter[];

    Required Parameters to validate. If the request validator is set to ALL or PARAMS_ONLY, api gateway will validate these before sending traffic to the event handler.

    property target

    target: pulumi.Input<IntegrationTarget> | IntegrationRouteTargetProvider;

    interface IntegrationRouteTargetProvider

    interface IntegrationRouteTargetProvider

    method target

    target(name: string, parent: Resource): pulumi.Input<IntegrationTarget>

    interface IntegrationTarget

    interface IntegrationTarget

    See https://docs.aws.amazon.com/apigateway/api-reference/resource/integration/ for more details.

    property connectionId

    connectionId?: pulumi.Input<string>;

    The (id) of the VpcLink used for the integration when connectionType=VPC_LINK and undefined, otherwise.

    property connectionType

    connectionType?: pulumi.Input<IntegrationConnectionType>;

    The type of the network connection to the integration endpoint. The valid value is INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and a network load balancer in a VPC. The default value is INTERNET.

    property httpMethod

    httpMethod?: undefined | "ANY";

    Specifies the integration’s HTTP method type. Currently, the only supported type is ‘ANY’.

    property passthroughBehavior

    passthroughBehavior?: pulumi.Input<IntegrationPassthroughBehavior>;

    Specifies how the method request body of an unmapped content type will be passed through the integration request to the back end without transformation.

    The valid value is one of the following:

    WHEN_NO_MATCH: passes the method request body through the integration request to the back end without transformation when the method request content type does not match any content type associated with the mapping templates defined in the integration request.

    WHEN_NO_TEMPLATES: passes the method request body through the integration request to the back end without transformation when no mapping template is defined in the integration request. If a template is defined when this option is selected, the method request of an unmapped content-type will be rejected with an HTTP 415 Unsupported Media Type response.

    NEVER: rejects the method request with an HTTP 415 Unsupported Media Type response when either the method request content type does not match any content type associated with the mapping templates defined in the integration request or no mapping template is defined in the integration request.

    Defaults to ‘WHEN_NO_MATCH’ if unspecified.

    property type

    type: pulumi.Input<IntegrationType>;

    Specifies an API method integration type. The valid value is one of the following:

    aws: for integrating the API method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration.

    aws_proxy: for integrating the API method request with the Lambda function-invoking action with the client request passed through as-is. This integration is also referred to as the Lambda proxy integration.

    http: for integrating the API method request with an HTTP endpoint, including a private HTTP endpoint within a VPC. This integration is also referred to as the HTTP custom integration.

    http_proxy: for integrating the API method request with an HTTP endpoint, including a private HTTP endpoint within a VPC, with the client request passed through as-is. This is also referred to as the HTTP proxy integration.

    mock: for integrating the API method request with API Gateway as a “loop-back” endpoint without invoking any backend.

    property uri

    uri: pulumi.Input<string>;

    Specifies Uniform Resource Identifier (URI) of the integration endpoint.

    For HTTP or HTTP_PROXY integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification, for either standard integration, where connectionType is not VPC_LINK, or private integration, where connectionType is VPC_LINK. For a private HTTP integration, the URI is not used for routing.

    For AWS or AWS_PROXY integrations, the URI is of the form arn:aws:apigateway:{region}:{subdomain.service|service}:path|action/{service_api}. Here, {Region} is the API Gateway region (e.g., us-east-1); {service} is the name of the integrated AWS service (e.g., s3); and {subdomain} is a designated subdomain supported by certain AWS service for fast host-name lookup. action can be used for an AWS service action-based API, using an Action={name}&{p1}={v1}&p2={v2}… query string. The ensuing {service_api} refers to a supported action {name} plus any required input parameters. Alternatively, path can be used for an AWS service path-based API. The ensuing service_api refers to the path to an AWS service resource, including the region of the integrated AWS service, if applicable. For example, for integration with the S3 API of GetObject, the uri can be either arn:aws:apigateway:us-west-2:s3:action/GetObject&Bucket={bucket}&Key={key} or arn:aws:apigateway:us-west-2:s3:path/{bucket}/{key}

    type IntegrationType

    type IntegrationType = "aws" | "aws_proxy" | "http" | "http_proxy" | "mock";

    interface Key

    interface Key

    A key represents an aws.apigateway.ApiKey and the aws.apigateway.UsagePlanKey that ties it to a usage plan.

    property apikey

    apikey: ApiKey;

    apikey is either a aws.apigateway.ApiKey passed in or the aws.apigateway.ApiKey created on your behalf using the ApiKeyArgs

    property usagePlanKey

    usagePlanKey: UsagePlanKey;

    usagePlanKey is created on your behalf to associate the apikey with the usage plan.

    interface LambdaAuthorizer

    interface LambdaAuthorizer

    LambdaAuthorizer provides the definition for a custom Authorizer for API Gateway.

    property authType

    authType: string;

    Specifies the authorization mechanism for the client. Typical values are “oauth2” or “custom”.

    property authorizerName

    authorizerName?: undefined | string;

    The name for the Authorizer to be referenced as. This must be unique for each unique authorizer within the API. If no name if specified, a name will be generated for you.

    property authorizerResultTtlInSeconds

    authorizerResultTtlInSeconds?: undefined | number;

    The number of seconds during which the resulting IAM policy is cached. Default is 300s. You can set this value to 0 to disable caching. Max value is 3600s. Note - if you are sharing an authorizer across more than one route you will want to disable the cache or else it will cause problems for you.

    property handler

    handler: LambdaAuthorizerInfo | aws.lambda.EventHandler<AuthorizerEvent, AuthorizerResponse>;

    The authorizerHandler specifies information about the authorizing Lambda. You can either set up the Lambda separately and just provide the required information or you can define the Lambda inline using a JavaScript function.

    property identitySource

    identitySource?: string[];

    List of mapping expressions of the request parameters as the identity source. This indicates where in the request identity information is expected. Applicable for the authorizer of the “request” type only. Example: [“method.request.header.HeaderAuth1”, “method.request.querystring.QueryString1”]

    property identityValidationExpression

    identityValidationExpression?: undefined | string;

    A regular expression for validating the token as the incoming identity. It only invokes the authorizer’s lambda if there is a match, else it will return a 401. This does not apply to REQUEST Lambda Authorizers. Example: “^x-[a-z]+”

    property parameterLocation

    parameterLocation: "header" | "query";

    Defines where in the request API Gateway should look for identity information. The value must be “header” or “query”. If there are multiple identity sources, the value must be “header”.

    property parameterName

    parameterName: string;

    parameterName is the name of the header or query parameter containing the authorization token. Must be “Unused” for multiple identity sources.

    property type

    type: "token" | "request";

    The type of the authorizer. This value must be one of the following: - “token”, for an authorizer with the caller identity embedded in an authorization token - “request”, for an authorizer with the caller identity contained in request parameters

    interface LambdaAuthorizerInfo

    interface LambdaAuthorizerInfo

    property credentials

    credentials: pulumi.Input<string> | Role;

    Credentials required for invoking the authorizer in the form of an ARN of an IAM execution role. For example, “arn:aws:iam::account-id:IAM_role”.

    property uri

    uri: pulumi.Input<string> | Function;

    The Uniform Resource Identifier (URI) of the authorizer Lambda function. The Lambda may also be passed directly, in which cases the URI will be obtained for you.

    type Method

    type Method = "ANY" | "GET" | "PUT" | "POST" | "DELETE" | "PATCH" | "OPTIONS" | "HEAD";

    namespace metrics

    interface ApigatewayMetricChange

    interface ApigatewayMetricChange extends MetricChange

    property api

    api?: API;

    Optional [API] this metric should be filtered down to. Only one of [RestApi] or [api] can be provided.

    property color

    color?: pulumi.Input<string>;

    The six-digit HTML hex color code to be used for this metric.

    Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].

    property dimensions

    dimensions?: pulumi.Input<Record<string, pulumi.Input<string>>>;

    The new dimension for this metric. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be cleared.

    property extendedStatistic

    extendedStatistic?: pulumi.Input<number>;

    The new percentile statistic for the metric associated with the alarm. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default.

    property label

    label?: pulumi.Input<string>;

    The label to display for this metric in the graph legend. If this is not specified, the metric is given an autogenerated label that distinguishes it from the other metrics in the widget.

    Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].

    property method

    method?: undefined | string;

    Filters API Gateway metrics for an API method of the specified API, stage, resource, and method.

    API Gateway will not send such metrics unless you have explicitly enabled detailed CloudWatch metrics. You can do this in the console by selecting Enable CloudWatch Metrics under a stage Settings tab. Alternatively, you can call the stage:update action of the API Gateway REST API to update the metricsEnabled property to true.

    Enabling such metrics will incur additional charges to your account. For pricing information, see Amazon CloudWatch Pricing.

    property period

    period?: pulumi.Input<number>;

    The new period in seconds over which the specified stat is applied. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default (300s).

    property resource

    resource?: undefined | string;

    Filters API Gateway metrics for an API method of the specified API, stage, resource, and method.

    API Gateway will not send such metrics unless you have explicitly enabled detailed CloudWatch metrics. You can do this in the console by selecting Enable CloudWatch Metrics under a stage Settings tab. Alternatively, you can call the stage:update action of the API Gateway REST API to update the metricsEnabled property to true.

    Enabling such metrics will incur additional charges to your account. For pricing information, see Amazon CloudWatch Pricing.

    property restApi

    restApi?: aws.apigateway.RestApi;

    Optional [RestApi] this metric should be filtered down to. Only one of [RestApi] or [api] can be provided.

    property stage

    stage?: undefined | string;

    Filters API Gateway metrics for an API stage of the specified API and stage. Either [restApi] or [api] must be provided with this.

    property statistic

    statistic?: pulumi.Input<MetricStatistic>;

    The new statistic to apply to the alarm’s associated metric. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default.

    property unit

    unit?: pulumi.Input<MetricUnit>;

    The new unit for this metric. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default.

    property visible

    visible?: pulumi.Input<boolean>;

    Set this to true to have the metric appear in the graph, or false to have it be hidden. The default is true.

    Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].

    property yAxis

    yAxis?: pulumi.Input<"left" | "right">;

    Where on the graph to display the y-axis for this metric. The default is left.

    Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].

    type ApigatewayMetricName

    type ApigatewayMetricName = "4XXError" | "5XXError" | "CacheHitCount" | "CacheMissCount" | "Count" | "IntegrationLatency" | "Latency";

    function cacheHitCount

    cacheHitCount(change?: ApigatewayMetricChange): Metric

    The number of requests served from the API cache in a given period.

    The Sum statistic represents this metric, namely, the total count of the cache hits in the specified period. The Average statistic represents the cache hit rate, namely, the total count of the cache hits divided by the total number of requests during the period. The denominator corresponds to the Count metric (below).

    function cacheMissCount

    cacheMissCount(change?: ApigatewayMetricChange): Metric

    The number of requests served from the back end in a given period, when API caching is enabled.

    The Sum statistic represents this metric, namely, the total count of the cache misses in the specified period. The Average statistic represents the cache miss rate, namely, the total count of the cache hits divided by the total number of requests during the period. The denominator corresponds to the Count metric (below).

    Unit: Count

    function count

    count(change?: ApigatewayMetricChange): Metric

    The total number API requests in a given period.

    The SampleCount statistic represents this metric.

    Unit: Count

    function error4XX

    error4XX(change?: ApigatewayMetricChange): Metric

    The number of client-side errors captured in a specified period.

    The Sum statistic represents this metric, namely, the total count of the 4XXError errors in the given period. The Average statistic represents the 4XXError error rate, namely, the total count of the 4XXError errors divided by the total number of requests during the period. The denominator corresponds to the Count metric (below).

    Unit: Count

    function error5XX

    error5XX(change?: ApigatewayMetricChange): Metric

    The number of server-side errors captured in a given period.

    The Sum statistic represents this metric, namely, the total count of the 5XXError errors in the given period. The Average statistic represents the 5XXError error rate, namely, the total count of the 5XXError errors divided by the total number of requests during the period. The denominator corresponds to the Count metric (below).

    Unit: Count

    function integrationLatency

    integrationLatency(change?: ApigatewayMetricChange): Metric

    The time between when API Gateway relays a request to the back end and when it receives a response from the back end.

    Unit: Milliseconds

    function latency

    latency(change?: ApigatewayMetricChange): Metric

    The time between when API Gateway receives a request from a client and when it returns a response to the client. The latency includes the integration latency and other API Gateway overhead.

    Unit: Milliseconds

    function metric

    metric(metricName: ApigatewayMetricName, change: ApigatewayMetricChange): Metric

    Creates an AWS/ApiGateway metric with the requested [metricName]. See https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-metrics-and-dimensions.html for list of all metric-names.

    Note, individual metrics can easily be obtained without supplying the name using the other [metricXXX] functions.

    You can use the dimensions in the following table to filter API Gateway metrics.

    1. “ApiName”: Filters API Gateway metrics for an API of the specified API name.

    2. “ApiName, Method, Resource, Stage”: Filters API Gateway metrics for an API method of the specified API, stage, resource, and method.

      API Gateway will not send such metrics unless you have explicitly enabled detailed CloudWatch metrics. You can do this in the console by selecting Enable CloudWatch Metrics under a stage Settings tab. Alternatively, you can call the stage:update action of the API Gateway REST API to update the metricsEnabled property to true.

      Enabling such metrics will incur additional charges to your account. For pricing information, see Amazon CloudWatch Pricing.

    3. “ApiName, Stage”: Filters API Gateway metrics for an API stage of the specified API and stage.

    interface Parameter

    interface Parameter

    Parameter is used to define required path, query or header parameters for API Gateway. If “ALL” or “PARAMS_ONLY” validator is set then, api gateway will validate the parameter is included and non-blank for incoming requests.

    property in

    in: "path" | "query" | "header";

    in is where the parameter is expected to appear. API Gateway can validate parameters expected in the path, query or header.

    property name

    name: string;

    type RawDataRoute

    type RawDataRoute = {
        data: any;
        method: Method;
        path: string;
    };

    Fallback route for when raw swagger control is desired. The [data] field should be a javascript object that will be then included in the final swagger specification like so:

    "paths": { [path]: { [method]: data } }

    This value will be JSON.stringify’d as part of normal processing. It should not be passed as string here.

    type Request

    type Request = awslambda.APIGatewayProxyEvent;

    interface RequestAuthorizerArgs

    interface RequestAuthorizerArgs

    The set of arguments for constructing a request LambdaAuthorizer resource.

    property authorizerName

    authorizerName?: undefined | string;

    The name for the Authorizer to be referenced as. This must be unique for each unique authorizer within the API. If no name if specified, a name will be generated for you.

    property authorizerResultTtlInSeconds

    authorizerResultTtlInSeconds?: undefined | number;

    The number of seconds during which the resulting IAM policy is cached. Default is 300s. You can set this value to 0 to disable caching. Max value is 3600s. Note - if you are sharing an authorizer across more than one route you will want to disable the cache or else it will cause problems for you.

    property handler

    handler: LambdaAuthorizerInfo | aws.lambda.EventHandler<AuthorizerEvent, AuthorizerResponse>;

    The authorizerHandler specifies information about the authorizing Lambda. You can either set up the Lambda separately and just provide the required information or you can define the Lambda inline using a JavaScript function.

    property headers

    headers?: string[];

    headers is an array of the expected header keys used to authorize a request. While this argument is optional, at least one queryParameter or one header must be defined.

    property queryParameters

    queryParameters?: string[];

    queryParameters is an array of the expected query parameter keys used to authorize a request. While this argument is optional, at least one queryParameter or one header must be defined.

    type RequestContext

    type RequestContext = awslambda.APIGatewayEventRequestContext;

    type RequestValidator

    type RequestValidator = "ALL" | "PARAMS_ONLY" | "BODY_ONLY";

    type Response

    type Response = APIGatewayProxyResult;

    type RestApiArgs

    type RestApiArgs = RestApiArgs;

    Additional optional args that can be passed along to the RestApi created by the awsx.apigateway.API.

    type Route

    type Route = EventHandlerRoute | StaticRoute | IntegrationRoute | RawDataRoute;

    A route that that APIGateway should accept and forward to some type of destination. All routes have an incoming path that they match against. However, destinations are determined by the kind of the route. See [EventHandlerRoute], [StaticRoute], [IntegrationRoute] and [RawJsonRoute] for additional details.

    interface SecurityDefinition

    interface SecurityDefinition

    property in

    in: "header" | "query";

    property name

    name: string;

    property type

    type: "apiKey";

    property x-amazon-apigateway-authorizer

    x-amazon-apigateway-authorizer?: SwaggerLambdaAuthorizer | SwaggerCognitoAuthorizer;

    property x-amazon-apigateway-authtype

    x-amazon-apigateway-authtype?: undefined | string;

    interface StageArgs

    interface StageArgs

    Additional optional args that can be passed along to the Stage created by the awsx.apigateway.API.

    property accessLogSettings

    accessLogSettings?: pulumi.Input<StageAccessLogSettings>;

    Enables access logs for the API stage. Detailed below.

    property cacheClusterEnabled

    cacheClusterEnabled?: pulumi.Input<boolean>;

    Specifies whether a cache cluster is enabled for the stage

    property cacheClusterSize

    cacheClusterSize?: pulumi.Input<string>;

    The size of the cache cluster for the stage, if enabled. Allowed values include 0.5, 1.6, 6.1, 13.5, 28.4, 58.2, 118 and 237.

    property clientCertificateId

    clientCertificateId?: pulumi.Input<string>;

    The identifier of a client certificate for the stage.

    property description

    description?: pulumi.Input<string>;

    The description of the stage

    property documentationVersion

    documentationVersion?: pulumi.Input<string>;

    The version of the associated API documentation

    property tags

    tags?: pulumi.Input<{[key: string]: any}>;

    A mapping of tags to assign to the resource.

    property variables

    variables?: pulumi.Input<{[key: string]: any}>;

    A map that defines the stage variables

    property xrayTracingEnabled

    xrayTracingEnabled?: pulumi.Input<boolean>;

    Whether active tracing with X-ray is enabled. Defaults to false.

    interface StaticRoute

    interface StaticRoute extends BaseRoute

    StaticRoute is a route that will map from an incoming path to the files/directories specified by [localPath].

    property apiKeyRequired

    apiKeyRequired?: undefined | false | true;

    If true, an API key will be required for this route. The source for the API Key can be set at the API level and by default, the source will be the HEADER.

    property authorizers

    authorizers?: Authorizer[] | Authorizer;

    Authorizers allows you to define Lambda authorizers be applied for authorization when the the route is called.

    property contentType

    contentType?: undefined | string;

    The content-type to serve the file as. Only valid when localPath points to a file. If localPath points to a directory, the content types for all files will be inferred.

    property iamAuthEnabled

    iamAuthEnabled?: undefined | false | true;

    By default, the route method auth type is set to NONE. If true, the auth type will be set to AWS_IAM.

    property index

    index?: boolean | string;

    By default API.static will also serve ‘index.html’ in response to a request on a directory. To disable this set false or to supply a new index pass an appropriate name.

    property localPath

    localPath: string;

    The local path on disk to create static S3 resources for. Files will be uploaded into S3 objects, and directories will be recursively walked into.

    property path

    path: string;

    The path on the API that will map to files in [localPath]. If not prefixed with /, then a / will be added automatically to the beginning.

    property requestValidator

    requestValidator?: RequestValidator;

    Request Validator specifies the validator to use at the method level. This will override anything defined at the API level.

    property requiredParameters

    requiredParameters?: Parameter[];

    Required Parameters to validate. If the request validator is set to ALL or PARAMS_ONLY, api gateway will validate these before sending traffic to the event handler.

    interface SwaggerAPIGatewayIntegrationResponse

    interface SwaggerAPIGatewayIntegrationResponse

    property responseParameters

    responseParameters?: undefined | {[key: string]: string};

    property statusCode

    statusCode: string;

    interface SwaggerCognitoAuthorizer

    interface SwaggerCognitoAuthorizer

    property authorizerResultTtlInSeconds

    authorizerResultTtlInSeconds?: undefined | number;

    property identitySource

    identitySource: string;

    property providerARNs

    providerARNs: pulumi.Input<string>[];

    property type

    type: "cognito_user_pools";

    interface SwaggerGatewayResponse

    interface SwaggerGatewayResponse

    property responseParameters

    responseParameters?: undefined | {[parameter: string]: string};

    property responseTemplates

    responseTemplates: {
        application/json: string;
    };

    property statusCode

    statusCode: number;

    interface SwaggerHeader

    interface SwaggerHeader

    property items

    items?: SwaggerItems;

    property type

    type: "string" | "number" | "integer" | "boolean" | "array";

    interface SwaggerInfo

    interface SwaggerInfo

    property title

    title: string;

    property version

    version: string;

    interface SwaggerItems

    interface SwaggerItems

    property items

    items?: SwaggerItems;

    property type

    type: "string" | "number" | "integer" | "boolean" | "array";

    interface SwaggerLambdaAuthorizer

    interface SwaggerLambdaAuthorizer

    property authorizerCredentials

    authorizerCredentials: pulumi.Input<string>;

    property authorizerResultTtlInSeconds

    authorizerResultTtlInSeconds?: undefined | number;

    property authorizerUri

    authorizerUri: pulumi.Input<string>;

    property identitySource

    identitySource?: undefined | string;

    property identityValidationExpression

    identityValidationExpression?: undefined | string;

    property type

    type: "token" | "request";

    interface SwaggerOperation

    interface SwaggerOperation

    property parameters

    parameters?: SwaggerParameter[];

    property responses

    responses?: undefined | {[code: string]: SwaggerResponse};

    property security

    security?: Record<string, string[]>[];

    security a list of objects whose keys are the names of the authorizer. Each authorizer name refers to a SecurityDefinition, defined at the top level of the swagger definition, by matching a Security Definition’s name property. For Cognito User Pool Authorizers, the value of these object can be left as an empty array or used to define the resource servers and custom scopes (e.g. “resource-server/scope”). For lambda authorizers, the value of the objects is an empty array.

    property x-amazon-apigateway-auth

    x-amazon-apigateway-auth?: ApigatewayAuth;

    property x-amazon-apigateway-integration

    x-amazon-apigateway-integration: ApigatewayIntegration;

    property x-amazon-apigateway-request-validator

    x-amazon-apigateway-request-validator?: RequestValidator;

    interface SwaggerParameter

    interface SwaggerParameter

    property in

    in: string;

    property name

    name: string;

    property required

    required: boolean;

    property type

    type?: undefined | string;

    interface SwaggerResponse

    interface SwaggerResponse

    property description

    description: string;

    property headers

    headers?: undefined | {[header: string]: SwaggerHeader};

    property schema

    schema?: SwaggerSchema;

    interface SwaggerSchema

    interface SwaggerSchema

    property type

    type: string;

    interface SwaggerSpec

    interface SwaggerSpec

    property info

    info: SwaggerInfo;

    property paths

    paths: {[path: string]: {[method: string]: SwaggerOperation}};

    property securityDefinitions

    securityDefinitions?: undefined | {[securityDefinitionName: string]: SecurityDefinition};

    property swagger

    swagger: string;

    property x-amazon-apigateway-api-key-source

    x-amazon-apigateway-api-key-source?: APIKeySource;

    property x-amazon-apigateway-binary-media-types

    x-amazon-apigateway-binary-media-types?: string[];

    property x-amazon-apigateway-gateway-responses

    x-amazon-apigateway-gateway-responses: Record<string, SwaggerGatewayResponse>;

    property x-amazon-apigateway-request-validator

    x-amazon-apigateway-request-validator?: RequestValidator;

    property x-amazon-apigateway-request-validators

    x-amazon-apigateway-request-validators?: undefined | {[validatorName: string]: {
        validateRequestBody: boolean;
        validateRequestParameters: boolean;
    }};

    interface TokenAuthorizerArgs

    interface TokenAuthorizerArgs

    The set of arguments for constructing a token LambdaAuthorizer resource.

    property authorizerName

    authorizerName?: undefined | string;

    The name for the Authorizer to be referenced as. This must be unique for each unique authorizer within the API. If no name if specified, a name will be generated for you.

    property authorizerResultTtlInSeconds

    authorizerResultTtlInSeconds?: undefined | number;

    The number of seconds during which the resulting IAM policy is cached. Default is 300s. You can set this value to 0 to disable caching. Max value is 3600s. Note - if you are sharing an authorizer across more than one route you will want to disable the cache or else it will cause problems for you.

    property handler

    handler: LambdaAuthorizerInfo | aws.lambda.EventHandler<AuthorizerEvent, AuthorizerResponse>;

    The authorizerHandler specifies information about the authorizing Lambda. You can either set up the Lambda separately and just provide the required information or you can define the Lambda inline using a JavaScript function.

    property header

    header?: undefined | string;

    The request header for the authorization token. If not set, this defaults to Authorization.

    property identityValidationExpression

    identityValidationExpression?: undefined | string;

    A regular expression for validating the token as the incoming identity. Example: “^x-[a-z]+”

      Pulumi AI - What cloud infrastructure would you like to build? Generate Program