Module classic/apigateway
Pulumi API Gateway Components
Pulumi’s API for simplifying working with API Gateway. The API currently provides ways to define routes that accepts and forwards traffic to a specified destination. A route is a publicly accessible URI that supports the defined HTTP methods and responds according to the route definition.
Defining an Endpoint
To define an endpoint you will need to specify a route. You can also define the stage name (else it will default to “stage”). A stage
is an addressable instance of the Rest API.
Routes
The destination is determined by the route, which can be an Event Handler Route, a Static Route, an Integration Route or a Raw Data Route.
Event Handler Route
An Event Handler Route is a route that will map to a Lambda. You will need to specify the path, method and the Lambda. Pulumi allows you to define the Lambda inline with your application code and provisions the appropriate permissions on your behalf so that API Gateway can communicate with your Lambda.
import * as awsx from "@pulumi/awsx";
let endpoint = new awsx.apigateway.API("example", {
routes: [{
path: "/",
method: "GET",
eventHandler: async (event) => {
// This code runs in an AWS Lambda and will be invoked any time `/` is hit.
return {
statusCode: 200,
body: "hello",
};
},
}],
})
A complete example can be found here.
You can also link a route to an existing Lambda using aws.lambda.Function.get
.
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
let endpoint = new awsx.apigateway.API("example", {
routes: [{
path: "/",
method: "GET",
eventHandler: aws.lambda.Function.get("example", "your_lambda_id"),
}],
})
Additionally, you can control the Lambda that is created by calling new aws.lambda.CallbackFunction
.
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
let endpoint = new awsx.apigateway.API("example", {
routes: [{
path: "/",
method: "GET",
eventHandler: new aws.lambda.CallbackFunction("test", {
memorySize: 256,
callback: async (event) => {
return {
statusCode: 200,
body: "<h1>Hello world!</h1>",
};
},
}),
}],
})
Static Route
A Static Route is a route that will map to static content in files/directories. You will need to define the local path and then the files (and subdirectories) will be uploaded into S3 objects. If the local path points to a file, you can specify the content-type. Else, the content types for all files in a directory are inferred.
By default, any request on directory will serve index.html. This behavior can be disabled by setting the index
field to false.
import * as awsx from "@pulumi/awsx";
let endpoint = new awsx.apigateway.API("example", {
routes: [{
path: "/www",
localPath: "www",
index: false,
}],
})
A complete example can be found here.
Integration Route
An Integration Route is a route that will map an endpoint to a specified backend. The supported types are:
* `http` or `http_proxy`: integration with an HTTP backend
* `aws_proxy`: integration with AWS Lambda functions
* `aws`: integration with AWS Lambda functions or other AWS services, such as Amazon DynamoDB, Amazon Simple Notification Service or Amazon Simple Queue Service
* `mock`: integration with API Gateway without invoking any backend
import * as awsx from "@pulumi/awsx";
let endpoint = new awsx.apigateway.API("example", {
routes: [{
path: "/integration",
target: {
uri: "https://www.google.com",
type: "http_proxy",
},
}],
})
For more information API Integrations, visit the AWS documentation.
Raw Data Route
A Raw Data Route is a fallback route for when raw swagger control is desired. The data
field should be an object that will be then included in the final swagger specification. For more information on the x-amazon-apigateway-integration
swagger object, visit the AWS documentation.
import * as awsx from "@pulumi/awsx";
let endpoint = new awsx.apigateway.API("example", {
routes: [{
path: "/rawdata",
method: "GET",
data: {
"x-amazon-apigateway-integration": {
"uri": "https://www.google.com/",
"responses": {
"default": {
"statusCode": "200",
},
},
"passthroughBehavior": "when_no_match",
"httpMethod": "GET",
"type": "http_proxy",
},
},
}],
})
Request Validation
API Gateway can perform basic validations against request parameters, a request payload or both. When a validation fails, a 400 error is returned immediately.
Validators
Validators can be assigned at the API level or at the method level. The validators defined at a method level override any validator set at the API level.
You must specify one of the following validators:
- “ALL” - validate both the request body and request parameters
- “BODY_ONLY” - validate only the request body
- “PARAMS_ONLY” - validate only the request parameters
import * as awsx from "@pulumi/awsx";
let endpoint = new awsx.apigateway.API("example", {
routes: [{
path: "/www",
localPath: "www",
index: false,
requestValidator: "PARAMS_ONLY",
}],
requestValidator: "ALL",
})
Request Parameters
For each required request parameter, you must define the name and where the parameter is expected (i.e. “path”, “query”, or “header”).
import * as awsx from "@pulumi/awsx";
let endpoint = new awsx.apigateway.API("example", {
routes: [{
path: "/www",
localPath: "www",
index: false,
requestValidator: "PARAMS_ONLY",
requiredParams: [{
name: "key",
in: "query",
}]
}],
})
Request Body
Request body validation is currently not supported. If you have a strong use case, please comment on this open issue.
API Keys
To require an API Key for an API Gateway route you set the apiKeyRequired
property equal to true
. At the API level, you can choose if you want the API Key source to be HEADER
(i.e. client includes a x-api-key
header with the API Key) or AUTHORIZER
(i.e. a Lambda authorizer sends the API Key as part of the authorization response). If the API Key source is not set, then the source will default to HEADER
.
import * as awsx from "@pulumi/awsx";
const api = new awsx.apigateway.API("myapi", {
routes: [{
path: "/a",
method: "GET",
eventHandler: async () => {
return {
statusCode: 200,
body: "<h1>Hello world!</h1>",
};
},
apiKeyRequired: true,
}],
apiKeySource: "AUTHORIZER",
});
You will also need to create a usage plan (new aws.apigateway.UsagePlan
) and an API key (new aws.apigateway.ApiKey
) and then associate the key with the usage plan (new aws.apigateway.UsagePlanKey
). To simplify the creation of API Keys associated with your API you can use awsx.apigateway.createAssociatedAPIKeys
, which create a Usage Plan, API Keys and associates the API Keys by creating a UsagePlanKey. Below is an example of using this helper function:
import * as awsx from "@pulumi/awsx";
const apikeys = awsx.apigateway.createAssociatedAPIKeys("my-api-keys", {
apis: [api],
apiKeys: [{
name: "test-key",
}],
});
// Export the API Key if desired
export const apiKeyValue = apikeys.keys[0].apikey.value;
awsx.apigateway.createAssociatedAPIKeys
will return an object that contains the Usage Plan, API Keys and Usage Plan Keys. Instead of providing the APIs, you can also specify the api stages for the Usage Plan as follows:
import * as awsx from "@pulumi/awsx";
const apikeys = awsx.apigateway.createAssociatedAPIKeys("my-api-keys", {
usagePlan: {
apiStages: [{
apiId: api.restAPI.id,
stage: api.stage.stageName,
}],
},
apiKeys: [{
name: "test-key",
}],
});
Lambda Authorizers
Lambda Authorizers are AWS Lambda functions that provide control access to an API. You can define a Lambda Authorizer for an Event Handler Route or a Static Route. API Gateway supports request
or token
type Lambda authorizers. A token
Lambda Authorizer uses an authorization token (i.e. a header in the form Authorization: Token <token>
) to authorize the user, whereas a request
Lambda Authorizer uses the request parameters (i.e. headers, path parameter or query parameters).
To define an Authorizer, you provide a Lambda that fulfills aws.lambda.EventHandler<AuthorizerEvent, AuthorizerResponse>
or you provide information on a pre-existing Lambda authorizer. The example below shows defining the Authorizer Lambda directly inline. See the Event Handler Route section for other ways you can define a Lambda for the Authorizer.
Request Authorizer
Below is an example of a custom request
Lambda Authorizer that uses awsx.apigateway.getRequestLambdaAuthorizer
to simplify defining the authorizer.
import * as awsx from "@pulumi/awsx";
const api = new awsx.apigateway.API("myapi", {
routes: [{
path: "/b",
method: "GET",
eventHandler: async () => {
return {
statusCode: 200,
body: "<h1>Hello world!</h1>",
};
},
authorizers: [awsx.apigateway.getRequestLambdaAuthorizer({
queryParameters: ["auth"],
handler: async (event: awsx.apigateway.AuthorizerEvent) => {
// Add your own custom authorization logic here.
// Access the headers using event.headers, the query parameters using
// event.queryStringParameters or path parameters using event.pathParameters
return awsx.apigateway.authorizerResponse("user", "Allow", event.methodArn);
},
})],
}],
});
You may also define the authorizer by specifying all the values. As seen below:
import * as awsx from "@pulumi/awsx";
const api = new awsx.apigateway.API("myapi", {
routes: [{
...
authorizers: [{
authorizerName: "prettyAuthorizer",
parameterName: "auth",
parameterLocation: "query",
authType: "custom",
type: "request",
handler: async (event: awsx.apigateway.AuthorizerEvent) => {
// Add your own custom authorization logic here.
return awsx.apigateway.authorizerResponse(
"user",
"Allow",
event.methodArn);
},
identitySource: ["method.request.querystring.auth"],
}],
}],
});
Token Authorizer
Below is an example of a custom token
Lambda Authorizer that uses awsx.apigateway.
to simplify the creation of the authorizer.
import * as awsx from "@pulumi/awsx";
const api = new awsx.apigateway.API("myapi", {
routes: [{
path: "/b",
method: "GET",
eventHandler: async () => {
return {
statusCode: 200,
body: "<h1>Hello world!</h1>",
};
},
authorizers: [awsx.apigateway.getTokenLambdaAuthorizer({
handler: async (event: awsx.apigateway.AuthorizerEvent) => {
// Add your own custom authorization logic here.
const token = event.authorizationToken;
if (token === "Allow") {
return awsx.apigateway.authorizerResponse("user","Allow", event.methodArn);
}
return awsx.apigateway.authorizerResponse("user", "Deny", event.methodArn);
},
})],
}],
});
You may also define the authorizer by specifying all the values. As seen below:
import * as awsx from "@pulumi/awsx";
const api = new awsx.apigateway.API("myapi", {
routes: [{
path: "/b",
method: "GET",
eventHandler: async () => {
return {
statusCode: 200,
body: "<h1>Hello world!</h1>",
};
},
authorizers: [{
parameterName: "Authorization",
parameterLocation: "header",
authType: "oauth2",
type: "request",
handler: async (event: awsx.apigateway.AuthorizerEvent) => {
// Add your own custom authorization logic here.
return awsx.apigateway.authorizerResponse("user", "Allow", event.methodArn);
},
}],
}],
});
Specifying the Role
If your Authorizer requires access to other AWS resources, you will need to provision the appropriate role. You can do so by using new aws.lambda.CallbackFunction
.
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
const callbackFxn = new aws.lambda.CallbackFunction("callbackFxn", {
callback: async (event: awsx.apigateway.AuthorizerEvent) => {
// Add custom authorization logic here
return awsx.apigateway.authorizerResponse("user", "Allow", event.methodArn);
},
role: role, // Specify role with appropriate AWS permissions.
});
const api = new awsx.apigateway.API("myapi", {
routes: [{
path: "/b",
method: "GET",
eventHandler: async () => {
return {
statusCode: 200,
body: "<h1>Hello world!</h1>",
};
},
authorizers: [{
parameterName: "Authorization",
parameterLocation: "header",
authType: "oauth2",
type: "request",
handler: callbackFxn,
}],
}],
});
Using a Pre-existing AWS Lambda
You can also define the Lambda Authorizer elsewhere and then reference the required values.
import * as awsx from "@pulumi/awsx";
const apiWithAuthorizer = new awsx.apigateway.API("authorizer-api", {
routes: [{
...
authorizers: [{
authorizerName: "testing",
parameterName: "auth",
parameterLocation: "query",
authType: "custom",
type: "request",
handler: {
// Either specify the aws.lambda.Function or provide the invoke URI
uri: authorizerLambda,
credentials: gatewayRole.arn,
},
identitySource: ["method.request.querystring.auth"],
}],
}],
});
A complete example of defining the Lambda Authorizer elsewhere can be found here.
Authorizer Response
A helper function awsx.apigateway.authorizerResponse
has been created to simplify generating the authorizer response. This can be used when defining the authorizer handler as follows:
import * as awsx from "@pulumi/awsx";
const api = new awsx.apigateway.API("myapi", {
routes: [{
...
authorizers: [{
header: "Authorization",
handler: async (event: awsx.apigateway.AuthorizerEvent) => {
// Add your own custom authorization logic here.
const token = event.authorizationToken;
if (token === "Allow") {
return awsx.apigateway.authorizerResponse("user", "Allow", event.methodArn);
}
return awsx.apigateway.authorizerResponse("user", "Deny", event.methodArn);
},
}],
}],
});
Cognito Authorizers
Cognito Authorizers allow you to use Amazon Cognito User Pools as an Authorizer for API Gateway. This will require users to sign in to the user pool, obtain an identity/access token and then call your API with said token.
import * as awsx from "@pulumi/awsx";
// Create an AWS Cognito User Pool
const cognitoUserPool = new aws.cognito.UserPool("pool", {});
// Create an API that requires authorizes against the User Pool
const apiWithCognitoAuthorizer = new awsx.apigateway.API("cognito-protected-api", {
routes: [{
path: "/www_old",
localPath: "www",
authorizers: [awsx.apigateway.getCognitoAuthorizer({
providerARNs: [cognitoUserPool],
})],
}],
});
Swagger String
You can use a OpenAPI specification that is in string form to initialize the API Gateway. This in a way is an escape hatch for implementing featured not yet supported by Pulumi. You must manually provide permission for any route targets to be invoked by API Gateway when using this option.
import * as awsx from "@pulumi/awsx";
const swaggerSpec = {
swagger: "2.0",
info: { title: "api", version: "1.0" },
...
};
let endpoint = new awsx.apigateway.API("example", {
swaggerString: JSON.stringify(swaggerSpec),
stageName: "dev",
})
Resources
Others
- AdditionalRoute
- APIArgs
- ApigatewayAuth
- ApigatewayIntegration
- APIKeyArgs
- apiKeySecurityDefinition
- APIKeySource
- AssociatedAPIKeys
- AuthorizerEvent
- authorizerResponse
- AuthorizerResponse
- AuthResponseContext
- BaseRoute
- CognitoAuthorizer
- CognitoAuthorizerArgs
- createAPI
- createAssociatedAPIKeys
- DeploymentArgs
- Effect
- Endpoint
- EventHandlerRoute
- getCognitoAuthorizer
- getRequestLambdaAuthorizer
- getTokenLambdaAuthorizer
- IntegrationConnectionType
- IntegrationPassthroughBehavior
- IntegrationRoute
- IntegrationRouteTargetProvider
- IntegrationTarget
- IntegrationType
- Key
- LambdaAuthorizer
- LambdaAuthorizerInfo
- Method
- metrics
- Parameter
- RawDataRoute
- Request
- RequestAuthorizerArgs
- RequestContext
- RequestValidator
- Response
- RestApiArgs
- Route
- SecurityDefinition
- StageArgs
- StaticRoute
- SwaggerAPIGatewayIntegrationResponse
- SwaggerCognitoAuthorizer
- SwaggerGatewayResponse
- SwaggerHeader
- SwaggerInfo
- SwaggerItems
- SwaggerLambdaAuthorizer
- SwaggerOperation
- SwaggerParameter
- SwaggerResponse
- SwaggerSchema
- SwaggerSpec
- TokenAuthorizerArgs
Resources
Resource API
class API extends ComponentResource
constructor
new API(name: string, args: APIArgs, opts: ComponentResourceOptions)
method getData
protected getData(): Promise<TData>
Retrieves the data produces by [initialize]. The data is immediately available in a
derived class’s constructor after the super(...)
call to ComponentResource
.
method getFunction
public getFunction(route?: undefined | string, method?: Method): Function
Returns the [aws.lambda.Function] an [EventHandlerRoute] points to. This will either be for the aws.lambda.Function created on your behalf if the route was passed a normal JavaScript/Typescript function, or it will be the [aws.lambda.Function] that was explicitly passed in.
[route] and [method] can both be elided if this API only has a single [EventHandlerRoute] assigned to it.
[method] can be elided if [route] only has a single [EventHandlerRoute] assigned to it.
This method will throw if the provided [route] and [method] do not resolve to a single [aws.lambda.Function]
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method initialize
protected initialize(args: Inputs): Promise<TData>
Can be overridden by a subclass to asynchronously initialize data for this Component
automatically when constructed. The data will be available immediately for subclass
constructors to use. To access the data use .getData
.
method isInstance
static isInstance(obj: any): obj is ComponentResource
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
method registerOutputs
protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void
registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.
ComponentResources can call this at the end of their constructor to indicate that they are
done creating child resources. This is not strictly necessary as this will automatically be
called after the initialize
method completes.
property apiPolicy
public apiPolicy?: aws.apigateway.RestApiPolicy;
property deployment
public deployment: Deployment;
property restAPI
public restAPI: RestApi;
property stage
public stage: Stage;
property staticRoutesBucket
public staticRoutesBucket?: aws.s3.Bucket;
Bucket where static resources were placed. Only set if a Bucket was provided to the API at construction time, or if there were any [StaticRoute]s passed to the API.
property url
public url: pulumi.Output<string>;
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Others
type AdditionalRoute
type AdditionalRoute = IntegrationRoute | RawDataRoute;
Subset of Route
types that can be passed in as an Output
to the API. These Route types will
not themselves cause other Resources to be created.
Unlike routes
, these can be provided as an Output
of an array
instead of having to just be
an array
. However, because they can be Output
s, they are restricted to a subset of Route
types that will not cause resources to be created.
This can be useful, for example, when creating an API that needs to create an indeterminate
number of integration-routes based on the Output
of some other resource. For example:
const additionalRoutes = elasticBeanstalkEnvironment.loadBalancers.apply(lbs =>
lbs.map(arn => <awsx.apigateway.IntegrationRoute>{
path: "/greeting",
method: "GET",
target: {
type: "http_proxy",
uri: `http://${aws.lb.getLoadBalancer({ arn }).dnsName}`,
}
}));
const api = new awsx.apigateway.API("apiName", { additionalRoutes });
In this example computing all of the individual additionalRoutes
depends on the individual
array values in elasticBeanstalkEnvironment.loadBalancers
(which is itself an Output
). These
could not normally be converted into the reified Route[]
array since computing a value off of
an Output
produces yet another Output
. routes
itself cannot be an Output
because it will
often create additional AWS resources, and creating those resources dependent on some other
resource value would mean not being able to create and present a preview plan because the actual
resources created would depend on previous resources.
So additionalRoutes
serves as a way to bridge both approaches. Routes
is used when the
values are known up-front (or when it would cause Resources to be created). additionalRoutes
is used when values are not a-priori known, and when they will not create additional Resources
themselves.
interface APIArgs
interface APIArgs
property additionalRoutes
additionalRoutes?: pulumi.Input<pulumi.Input<AdditionalRoute>[]>;
Routes to use to initialize the APIGateway. These will be used to create the Swagger specification for the API.
Either [swaggerString] or [routes] or [additionalRoutes] must be specified. [routes] can be provided along with [additionalRoutes].
property apiKeySource
apiKeySource?: APIKeySource;
The source for the apikey. This can either be a HEADER or AUTHORIZER. If [apiKeyRequired] is set to true on a route, and this is not defined the value will default to HEADER.
property deploymentArgs
deploymentArgs?: DeploymentArgs;
Additional optional args that can be passed along to the aws.apigateway.Deployment created by the awsx.apigateway.API.
property gatewayResponses
gatewayResponses?: Record<string, SwaggerGatewayResponse>;
Define custom gateway responses for the API. This can be used to properly enable CORS for Lambda Authorizers.
property requestValidator
requestValidator?: RequestValidator;
Request Validator specifies the validator to use at the API level. Note method level validators override this.
property restApiArgs
restApiArgs?: RestApiArgs;
Additional optional args that can be passed along to the aws.apigateway.RestApi created by the awsx.apigateway.API.
property routes
routes?: Route[];
Routes to use to initialize the APIGateway. These will be used to create the Swagger specification for the API.
Either [swaggerString] or [routes] or [additionalRoutes] must be specified. [routes] can be provided along with [additionalRoutes].
property stageArgs
stageArgs?: StageArgs;
Additional optional args that can be passed along to the aws.apigateway.Stage created by the awsx.apigateway.API.
property stageName
stageName?: pulumi.Input<string>;
The stage name for your API. This will get added as a base path to your API url.
property staticRoutesBucket
staticRoutesBucket?: Bucket | BucketArgs;
Bucket to use for placing resources for static resources. If not provided a default one will be created on your behalf if any [StaticRoute]s are provided.
property swaggerString
swaggerString?: pulumi.Input<string>;
A Swagger specification already in string form to use to initialize the APIGateway. Note that you must manually provide permission for any route targets to be invoked by API Gateway when using [swaggerString].
Either [swaggerString] or [routes] must be specified.
interface ApigatewayAuth
interface ApigatewayAuth
property type
type: string;
interface ApigatewayIntegration
interface ApigatewayIntegration
property connectionId
connectionId?: pulumi.Input<string | undefined>;
property connectionType
connectionType?: pulumi.Input<IntegrationConnectionType | undefined>;
property credentials
credentials?: pulumi.Output<string>;
property httpMethod
httpMethod: pulumi.Input<Method>;
property passthroughBehavior
passthroughBehavior?: pulumi.Input<IntegrationPassthroughBehavior>;
property requestParameters
requestParameters?: any;
property responses
responses?: undefined | {[pattern: string]: SwaggerAPIGatewayIntegrationResponse};
property type
type: pulumi.Input<IntegrationType>;
property uri
uri: pulumi.Input<string>;
interface APIKeyArgs
interface APIKeyArgs
Input properties for creating a UsagePlan and associated API Keys.
property apiKeys
apiKeys?: Array<ApiKey | ApiKeyArgs>;
The API keys you would like to create & associate with the usage plan. You can pass an array that has a combination of:
- an existing APIKey
- ApiKeyArgs for a new APIKey
property apis
apis?: API[];
Define the apis you would like to associate the usage plan with. This can be used in place of defining the apiStages defined in the [usagePlan]. You cannot define both [apis] and [usagePlan.apiStages].
property usagePlan
usagePlan?: UsagePlan | UsagePlanArgs;
Define the usage plan to create. You can either define:
- an existing Usage Plan - the API Keys will be associated with the usage plan
- UsagePlanArgs with [usagePlan.apiStages] defined to define a new Usage Plan
- UsagePlanArgs with [apis] defined and [usagePlan.apiStages] NOT defined to define a new Usage Plan
- Nothing - if you do not specify [apis] and pass in an empty object, a new usage plan will be created on your behalf with the all the default values.
const apiKeySecurityDefinition
let in
let in: "header" = "header";
let name
let name: string = "x-api-key";
let type
let type: "apiKey" = "apiKey";
type APIKeySource
type APIKeySource = "HEADER" | "AUTHORIZER";
interface AssociatedAPIKeys
interface AssociatedAPIKeys
The associate api keys and the usage plan as created by the createAssociatedAPIKeys
function.
property keys
keys: Key[];
The keys that were associated with the usage plan.
property usagePlan
usagePlan: UsagePlan;
Either the aws.apigateway.UsagePlan
created for you, or the usage plan passed to as part of
the APIKeyArgs
.
type AuthorizerEvent
type AuthorizerEvent = CustomAuthorizerEvent;
function authorizerResponse
authorizerResponse(principalId: string, effect: Effect, resource: string, context?: AuthResponseContext, apiKey?: undefined | string): AuthorizerResponse
Simplifies creating an AuthorizerResponse.
type AuthorizerResponse
type AuthorizerResponse = awslambda.CustomAuthorizerResult;
type AuthResponseContext
type AuthResponseContext = awslambda.AuthResponseContext;
interface BaseRoute
interface BaseRoute
property apiKeyRequired
apiKeyRequired?: undefined | false | true;
If true, an API key will be required for this route. The source for the API Key can be set at the API level and by default, the source will be the HEADER.
property authorizers
authorizers?: Authorizer[] | Authorizer;
Authorizers allows you to define Lambda authorizers be applied for authorization when the the route is called.
property iamAuthEnabled
iamAuthEnabled?: undefined | false | true;
By default, the route method auth type is set to NONE
. If true, the auth type will be
set to AWS_IAM
.
property requestValidator
requestValidator?: RequestValidator;
Request Validator specifies the validator to use at the method level. This will override anything defined at the API level.
property requiredParameters
requiredParameters?: Parameter[];
Required Parameters to validate. If the request validator is set to ALL or PARAMS_ONLY, api gateway will validate these before sending traffic to the event handler.
interface CognitoAuthorizer
interface CognitoAuthorizer
CognitoAuthorizer provides the definition for a Cognito User Pools Authorizer for API Gateway.
property authorizerName
authorizerName?: undefined | string;
The name for the Authorizer to be referenced as. This must be unique for each unique authorizer within the API. If no name if specified, a name will be generated for you.
property authorizerResultTtlInSeconds
authorizerResultTtlInSeconds?: undefined | number;
The number of seconds during which the resulting IAM policy is cached. Default is 300s. You can set this value to 0 to disable caching. Max value is 3600s. Note - if you are sharing an authorizer across more than one route you will want to disable the cache or else it will cause problems for you.
property identitySource
identitySource: string[];
List containing the request header that holds the authorization token. Example: if the token
header is Auth
the identity source would be [“method.request.header.Auth”]
property identityValidationExpression
identityValidationExpression?: undefined | string;
A regular expression for validating the token as the incoming identity. It only invokes the authorizer if there is a match, else it will return a 401. Example: “^x-[a-z]+”
property methodsToAuthorize
methodsToAuthorize?: string[];
For method authorization, you can define resource servers and custom scopes by specifying the “resource-server/scope”. e.g. [“com.hamuta.movies/drama.view”, “http://my.resource.com/file.read”] For more information on resource servers and custom scopes visit the AWS documentation - https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html
property parameterName
parameterName: string;
parameterName is the name of the header containing the authorization token.
property providerARNs
providerARNs: string | Promise<string> | OutputInstance<string> | UserPool[];
The ARNs of the Cognito User Pools to use.
interface CognitoAuthorizerArgs
interface CognitoAuthorizerArgs
The set of arguments for constructing a CognitoAuthorizer resource.
property authorizerName
authorizerName?: undefined | string;
The name for the Authorizer to be referenced as. This must be unique for each unique authorizer within the API. If no name if specified, a name will be generated for you.
property authorizerResultTtlInSeconds
authorizerResultTtlInSeconds?: undefined | number;
The number of seconds during which the resulting IAM policy is cached. Default is 300s. You can set this value to 0 to disable caching. Max value is 3600s. Note - if you are sharing an authorizer across more than one route you will want to disable the cache or else it will cause problems for you.
property header
header?: undefined | string;
The request header for the authorization token. If not set, this defaults to “Authorization”.
property identityValidationExpression
identityValidationExpression?: undefined | string;
A regular expression for validating the token as the incoming identity. It only invokes the authorizer if there is a match, else it will return a 401. Example: “^x-[a-z]+”
property methodsToAuthorize
methodsToAuthorize?: string[];
For method authorization, you can define resource servers and custom scopes by specifying the “resource-server/scope”. e.g. [“com.hamuta.movies/drama.view”, “http://my.resource.com/file.read”] For more information on resource servers and custom scopes visit the AWS documentation - https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html
property providerARNs
providerARNs: string | Promise<string> | OutputInstance<string> | UserPool[];
The ARNs of the Cognito User Pools to use.
function createAPI
createAPI(parent: Resource, name: string, args: APIArgs, optsParent?: pulumi.Resource): APIResources
function createAssociatedAPIKeys
createAssociatedAPIKeys(name: string, args: APIKeyArgs, opts: CustomResourceOptions): AssociatedAPIKeys
Helper function that allows you to quickly create API Keys and associate them with an API.
interface DeploymentArgs
interface DeploymentArgs
Additional optional args that can be passed along to the Deployment created by the awsx.apigateway.API.
property description
description?: pulumi.Input<string>;
The description of the deployment
property stageDescription
stageDescription?: pulumi.Input<string>;
The description of the stage
type Effect
type Effect = "Allow" | "Deny";
interface Endpoint
interface Endpoint
property hostname
hostname: string;
property loadBalancer
loadBalancer: LoadBalancer;
property port
port: number;
interface EventHandlerRoute
interface EventHandlerRoute extends BaseRoute
property apiKeyRequired
apiKeyRequired?: undefined | false | true;
If true, an API key will be required for this route. The source for the API Key can be set at the API level and by default, the source will be the HEADER.
property authorizers
authorizers?: Authorizer[] | Authorizer;
Authorizers allows you to define Lambda authorizers be applied for authorization when the the route is called.
property eventHandler
eventHandler: aws.lambda.EventHandler<Request, Response>;
property iamAuthEnabled
iamAuthEnabled?: undefined | false | true;
By default, the route method auth type is set to NONE
. If true, the auth type will be
set to AWS_IAM
.
property method
method: Method;
property path
path: string;
The path on the API that will invoke the provided [eventHandler]. If not prefixed with /
,
then a /
will be added automatically to the beginning.
property requestValidator
requestValidator?: RequestValidator;
Request Validator specifies the validator to use at the method level. This will override anything defined at the API level.
property requiredParameters
requiredParameters?: Parameter[];
Required Parameters to validate. If the request validator is set to ALL or PARAMS_ONLY, api gateway will validate these before sending traffic to the event handler.
function getCognitoAuthorizer
getCognitoAuthorizer(args: CognitoAuthorizerArgs): CognitoAuthorizer
getCognitoAuthorizer is a helper function to generate a CognitoAuthorizer.
function getRequestLambdaAuthorizer
getRequestLambdaAuthorizer(args: RequestAuthorizerArgs): LambdaAuthorizer
getRequestLambdaAuthorizer is a helper function to generate a request LambdaAuthorizer.
function getTokenLambdaAuthorizer
getTokenLambdaAuthorizer(args: TokenAuthorizerArgs): LambdaAuthorizer
getTokenLambdaAuthorizer is a helper function to generate a token LambdaAuthorizer.
type IntegrationConnectionType
type IntegrationConnectionType = "INTERNET" | "VPC_LINK";
type IntegrationPassthroughBehavior
type IntegrationPassthroughBehavior = "when_no_match" | "when_no_templates" | "never";
interface IntegrationRoute
interface IntegrationRoute extends BaseRoute
An apigateway route for an integration. https://docs.aws.amazon.com/apigateway/api-reference/resource/integration/ for more details.
property apiKeyRequired
apiKeyRequired?: undefined | false | true;
If true, an API key will be required for this route. The source for the API Key can be set at the API level and by default, the source will be the HEADER.
property authorizers
authorizers?: Authorizer[] | Authorizer;
Authorizers allows you to define Lambda authorizers be applied for authorization when the the route is called.
property iamAuthEnabled
iamAuthEnabled?: undefined | false | true;
By default, the route method auth type is set to NONE
. If true, the auth type will be
set to AWS_IAM
.
property path
path: string;
The path on the API that will invoke the provided [target]. If not prefixed with /
, then a
/
will be added automatically to the beginning.
property requestValidator
requestValidator?: RequestValidator;
Request Validator specifies the validator to use at the method level. This will override anything defined at the API level.
property requiredParameters
requiredParameters?: Parameter[];
Required Parameters to validate. If the request validator is set to ALL or PARAMS_ONLY, api gateway will validate these before sending traffic to the event handler.
property target
target: pulumi.Input<IntegrationTarget> | IntegrationRouteTargetProvider;
interface IntegrationRouteTargetProvider
interface IntegrationRouteTargetProvider
method target
target(name: string, parent: Resource): pulumi.Input<IntegrationTarget>
interface IntegrationTarget
interface IntegrationTarget
See https://docs.aws.amazon.com/apigateway/api-reference/resource/integration/ for more details.
property connectionId
connectionId?: pulumi.Input<string>;
The (id) of the VpcLink used for the integration when connectionType=VPC_LINK and undefined, otherwise.
property connectionType
connectionType?: pulumi.Input<IntegrationConnectionType>;
The type of the network connection to the integration endpoint. The valid value is INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and a network load balancer in a VPC. The default value is INTERNET.
property httpMethod
httpMethod?: undefined | "ANY";
Specifies the integration’s HTTP method type. Currently, the only supported type is ‘ANY’.
property passthroughBehavior
passthroughBehavior?: pulumi.Input<IntegrationPassthroughBehavior>;
Specifies how the method request body of an unmapped content type will be passed through the integration request to the back end without transformation.
The valid value is one of the following:
WHEN_NO_MATCH: passes the method request body through the integration request to the back end without transformation when the method request content type does not match any content type associated with the mapping templates defined in the integration request.
WHEN_NO_TEMPLATES: passes the method request body through the integration request to the back end without transformation when no mapping template is defined in the integration request. If a template is defined when this option is selected, the method request of an unmapped content-type will be rejected with an HTTP 415 Unsupported Media Type response.
NEVER: rejects the method request with an HTTP 415 Unsupported Media Type response when either the method request content type does not match any content type associated with the mapping templates defined in the integration request or no mapping template is defined in the integration request.
Defaults to ‘WHEN_NO_MATCH’ if unspecified.
property type
type: pulumi.Input<IntegrationType>;
Specifies an API method integration type. The valid value is one of the following:
aws: for integrating the API method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration.
aws_proxy: for integrating the API method request with the Lambda function-invoking action with the client request passed through as-is. This integration is also referred to as the Lambda proxy integration.
http: for integrating the API method request with an HTTP endpoint, including a private HTTP endpoint within a VPC. This integration is also referred to as the HTTP custom integration.
http_proxy: for integrating the API method request with an HTTP endpoint, including a private HTTP endpoint within a VPC, with the client request passed through as-is. This is also referred to as the HTTP proxy integration.
mock: for integrating the API method request with API Gateway as a “loop-back” endpoint without invoking any backend.
property uri
uri: pulumi.Input<string>;
Specifies Uniform Resource Identifier (URI) of the integration endpoint.
For HTTP or HTTP_PROXY integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification, for either standard integration, where connectionType is not VPC_LINK, or private integration, where connectionType is VPC_LINK. For a private HTTP integration, the URI is not used for routing.
For AWS or AWS_PROXY integrations, the URI is of the form arn:aws:apigateway:{region}:{subdomain.service|service}:path|action/{service_api}. Here, {Region} is the API Gateway region (e.g., us-east-1); {service} is the name of the integrated AWS service (e.g., s3); and {subdomain} is a designated subdomain supported by certain AWS service for fast host-name lookup. action can be used for an AWS service action-based API, using an Action={name}&{p1}={v1}&p2={v2}… query string. The ensuing {service_api} refers to a supported action {name} plus any required input parameters. Alternatively, path can be used for an AWS service path-based API. The ensuing service_api refers to the path to an AWS service resource, including the region of the integrated AWS service, if applicable. For example, for integration with the S3 API of GetObject, the uri can be either arn:aws:apigateway:us-west-2:s3:action/GetObject&Bucket={bucket}&Key={key} or arn:aws:apigateway:us-west-2:s3:path/{bucket}/{key}
type IntegrationType
type IntegrationType = "aws" | "aws_proxy" | "http" | "http_proxy" | "mock";
interface Key
interface Key
A key represents an aws.apigateway.ApiKey
and the aws.apigateway.UsagePlanKey
that ties it to
a usage plan.
property apikey
apikey: ApiKey;
apikey is either a aws.apigateway.ApiKey
passed in or the aws.apigateway.ApiKey
created
on your behalf using the ApiKeyArgs
property usagePlanKey
usagePlanKey: UsagePlanKey;
usagePlanKey is created on your behalf to associate the apikey with the usage plan.
interface LambdaAuthorizer
interface LambdaAuthorizer
LambdaAuthorizer provides the definition for a custom Authorizer for API Gateway.
property authType
authType: string;
Specifies the authorization mechanism for the client. Typical values are “oauth2” or “custom”.
property authorizerName
authorizerName?: undefined | string;
The name for the Authorizer to be referenced as. This must be unique for each unique authorizer within the API. If no name if specified, a name will be generated for you.
property authorizerResultTtlInSeconds
authorizerResultTtlInSeconds?: undefined | number;
The number of seconds during which the resulting IAM policy is cached. Default is 300s. You can set this value to 0 to disable caching. Max value is 3600s. Note - if you are sharing an authorizer across more than one route you will want to disable the cache or else it will cause problems for you.
property handler
handler: LambdaAuthorizerInfo | aws.lambda.EventHandler<AuthorizerEvent, AuthorizerResponse>;
The authorizerHandler specifies information about the authorizing Lambda. You can either set up the Lambda separately and just provide the required information or you can define the Lambda inline using a JavaScript function.
property identitySource
identitySource?: string[];
List of mapping expressions of the request parameters as the identity source. This indicates where in the request identity information is expected. Applicable for the authorizer of the “request” type only. Example: [“method.request.header.HeaderAuth1”, “method.request.querystring.QueryString1”]
property identityValidationExpression
identityValidationExpression?: undefined | string;
A regular expression for validating the token as the incoming identity. It only invokes the authorizer’s lambda if there is a match, else it will return a 401. This does not apply to REQUEST Lambda Authorizers. Example: “^x-[a-z]+”
property parameterLocation
parameterLocation: "header" | "query";
Defines where in the request API Gateway should look for identity information. The value must be “header” or “query”. If there are multiple identity sources, the value must be “header”.
property parameterName
parameterName: string;
parameterName is the name of the header or query parameter containing the authorization token. Must be “Unused” for multiple identity sources.
property type
type: "token" | "request";
The type of the authorizer. This value must be one of the following: - “token”, for an authorizer with the caller identity embedded in an authorization token - “request”, for an authorizer with the caller identity contained in request parameters
interface LambdaAuthorizerInfo
interface LambdaAuthorizerInfo
property credentials
credentials: pulumi.Input<string> | Role;
Credentials required for invoking the authorizer in the form of an ARN of an IAM execution role. For example, “arn:aws:iam::account-id:IAM_role”.
property uri
uri: pulumi.Input<string> | Function;
The Uniform Resource Identifier (URI) of the authorizer Lambda function. The Lambda may also be passed directly, in which cases the URI will be obtained for you.
type Method
type Method = "ANY" | "GET" | "PUT" | "POST" | "DELETE" | "PATCH" | "OPTIONS" | "HEAD";
namespace metrics
interface ApigatewayMetricChange
interface ApigatewayMetricChange extends MetricChange
property api
api?: API;
Optional [API] this metric should be filtered down to. Only one of [RestApi] or [api] can be provided.
property color
color?: pulumi.Input<string>;
The six-digit HTML hex color code to be used for this metric.
Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].
property dimensions
dimensions?: pulumi.Input<Record<string, pulumi.Input<string>>>;
The new dimension for this metric. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be cleared.
property extendedStatistic
extendedStatistic?: pulumi.Input<number>;
The new percentile statistic for the metric associated with the alarm. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default.
property label
label?: pulumi.Input<string>;
The label to display for this metric in the graph legend. If this is not specified, the metric is given an autogenerated label that distinguishes it from the other metrics in the widget.
Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].
property method
method?: undefined | string;
Filters API Gateway metrics for an API method of the specified API, stage, resource, and method.
API Gateway will not send such metrics unless you have explicitly enabled detailed CloudWatch metrics. You can do this in the console by selecting Enable CloudWatch Metrics under a stage Settings tab. Alternatively, you can call the stage:update action of the API Gateway REST API to update the metricsEnabled property to true.
Enabling such metrics will incur additional charges to your account. For pricing information, see Amazon CloudWatch Pricing.
property period
period?: pulumi.Input<number>;
The new period in seconds over which the specified stat
is applied. If this object is
missing this property, then no change will be made. However, if the property is there by set
to [undefined] then the value will be set to the default (300s).
property resource
resource?: undefined | string;
Filters API Gateway metrics for an API method of the specified API, stage, resource, and method.
API Gateway will not send such metrics unless you have explicitly enabled detailed CloudWatch metrics. You can do this in the console by selecting Enable CloudWatch Metrics under a stage Settings tab. Alternatively, you can call the stage:update action of the API Gateway REST API to update the metricsEnabled property to true.
Enabling such metrics will incur additional charges to your account. For pricing information, see Amazon CloudWatch Pricing.
property restApi
restApi?: aws.apigateway.RestApi;
Optional [RestApi] this metric should be filtered down to. Only one of [RestApi] or [api] can be provided.
property stage
stage?: undefined | string;
Filters API Gateway metrics for an API stage of the specified API and stage. Either [restApi] or [api] must be provided with this.
property statistic
statistic?: pulumi.Input<MetricStatistic>;
The new statistic to apply to the alarm’s associated metric. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default.
property unit
unit?: pulumi.Input<MetricUnit>;
The new unit for this metric. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default.
property visible
visible?: pulumi.Input<boolean>;
Set this to true to have the metric appear in the graph, or false to have it be hidden. The default is true.
Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].
property yAxis
yAxis?: pulumi.Input<"left" | "right">;
Where on the graph to display the y-axis for this metric. The default is left.
Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].
type ApigatewayMetricName
type ApigatewayMetricName = "4XXError" | "5XXError" | "CacheHitCount" | "CacheMissCount" | "Count" | "IntegrationLatency" | "Latency";
function cacheHitCount
cacheHitCount(change?: ApigatewayMetricChange): Metric
The number of requests served from the API cache in a given period.
The Sum statistic represents this metric, namely, the total count of the cache hits in the specified period. The Average statistic represents the cache hit rate, namely, the total count of the cache hits divided by the total number of requests during the period. The denominator corresponds to the Count metric (below).
function cacheMissCount
cacheMissCount(change?: ApigatewayMetricChange): Metric
The number of requests served from the back end in a given period, when API caching is enabled.
The Sum statistic represents this metric, namely, the total count of the cache misses in the specified period. The Average statistic represents the cache miss rate, namely, the total count of the cache hits divided by the total number of requests during the period. The denominator corresponds to the Count metric (below).
Unit: Count
function count
count(change?: ApigatewayMetricChange): Metric
The total number API requests in a given period.
The SampleCount statistic represents this metric.
Unit: Count
function error4XX
error4XX(change?: ApigatewayMetricChange): Metric
The number of client-side errors captured in a specified period.
The Sum statistic represents this metric, namely, the total count of the 4XXError errors in the given period. The Average statistic represents the 4XXError error rate, namely, the total count of the 4XXError errors divided by the total number of requests during the period. The denominator corresponds to the Count metric (below).
Unit: Count
function error5XX
error5XX(change?: ApigatewayMetricChange): Metric
The number of server-side errors captured in a given period.
The Sum statistic represents this metric, namely, the total count of the 5XXError errors in the given period. The Average statistic represents the 5XXError error rate, namely, the total count of the 5XXError errors divided by the total number of requests during the period. The denominator corresponds to the Count metric (below).
Unit: Count
function integrationLatency
integrationLatency(change?: ApigatewayMetricChange): Metric
The time between when API Gateway relays a request to the back end and when it receives a response from the back end.
Unit: Milliseconds
function latency
latency(change?: ApigatewayMetricChange): Metric
The time between when API Gateway receives a request from a client and when it returns a response to the client. The latency includes the integration latency and other API Gateway overhead.
Unit: Milliseconds
function metric
metric(metricName: ApigatewayMetricName, change: ApigatewayMetricChange): Metric
Creates an AWS/ApiGateway metric with the requested [metricName]. See https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-metrics-and-dimensions.html for list of all metric-names.
Note, individual metrics can easily be obtained without supplying the name using the other [metricXXX] functions.
You can use the dimensions in the following table to filter API Gateway metrics.
“ApiName”: Filters API Gateway metrics for an API of the specified API name.
“ApiName, Method, Resource, Stage”: Filters API Gateway metrics for an API method of the specified API, stage, resource, and method.
API Gateway will not send such metrics unless you have explicitly enabled detailed CloudWatch metrics. You can do this in the console by selecting Enable CloudWatch Metrics under a stage Settings tab. Alternatively, you can call the stage:update action of the API Gateway REST API to update the metricsEnabled property to true.
Enabling such metrics will incur additional charges to your account. For pricing information, see Amazon CloudWatch Pricing.
“ApiName, Stage”: Filters API Gateway metrics for an API stage of the specified API and stage.
interface Parameter
interface Parameter
Parameter is used to define required path, query or header parameters for API Gateway. If “ALL” or “PARAMS_ONLY” validator is set then, api gateway will validate the parameter is included and non-blank for incoming requests.
property in
in: "path" | "query" | "header";
in is where the parameter is expected to appear. API Gateway can validate parameters expected in the path, query or header.
property name
name: string;
type RawDataRoute
type RawDataRoute = {
data: any;
method: Method;
path: string;
};
Fallback route for when raw swagger control is desired. The [data] field should be a javascript object that will be then included in the final swagger specification like so:
"paths": { [path]: { [method]: data } }
This value will be JSON.stringify’d as part of normal processing. It should not be passed as string here.
type Request
type Request = awslambda.APIGatewayProxyEvent;
interface RequestAuthorizerArgs
interface RequestAuthorizerArgs
The set of arguments for constructing a request LambdaAuthorizer resource.
property authorizerName
authorizerName?: undefined | string;
The name for the Authorizer to be referenced as. This must be unique for each unique authorizer within the API. If no name if specified, a name will be generated for you.
property authorizerResultTtlInSeconds
authorizerResultTtlInSeconds?: undefined | number;
The number of seconds during which the resulting IAM policy is cached. Default is 300s. You can set this value to 0 to disable caching. Max value is 3600s. Note - if you are sharing an authorizer across more than one route you will want to disable the cache or else it will cause problems for you.
property handler
handler: LambdaAuthorizerInfo | aws.lambda.EventHandler<AuthorizerEvent, AuthorizerResponse>;
The authorizerHandler specifies information about the authorizing Lambda. You can either set up the Lambda separately and just provide the required information or you can define the Lambda inline using a JavaScript function.
property headers
headers?: string[];
headers is an array of the expected header keys used to authorize a request. While this argument is optional, at least one queryParameter or one header must be defined.
property queryParameters
queryParameters?: string[];
queryParameters is an array of the expected query parameter keys used to authorize a request. While this argument is optional, at least one queryParameter or one header must be defined.
type RequestContext
type RequestContext = awslambda.APIGatewayEventRequestContext;
type RequestValidator
type RequestValidator = "ALL" | "PARAMS_ONLY" | "BODY_ONLY";
type Response
type Response = APIGatewayProxyResult;
type RestApiArgs
type RestApiArgs = RestApiArgs;
Additional optional args that can be passed along to the RestApi created by the awsx.apigateway.API.
type Route
type Route = EventHandlerRoute | StaticRoute | IntegrationRoute | RawDataRoute;
A route that that APIGateway should accept and forward to some type of destination. All routes have an incoming path that they match against. However, destinations are determined by the kind of the route. See [EventHandlerRoute], [StaticRoute], [IntegrationRoute] and [RawJsonRoute] for additional details.
interface SecurityDefinition
interface SecurityDefinition
property in
in: "header" | "query";
property name
name: string;
property type
type: "apiKey";
property x-amazon-apigateway-authorizer
x-amazon-apigateway-authorizer?: SwaggerLambdaAuthorizer | SwaggerCognitoAuthorizer;
property x-amazon-apigateway-authtype
x-amazon-apigateway-authtype?: undefined | string;
interface StageArgs
interface StageArgs
Additional optional args that can be passed along to the Stage created by the awsx.apigateway.API.
property accessLogSettings
accessLogSettings?: pulumi.Input<StageAccessLogSettings>;
Enables access logs for the API stage. Detailed below.
property cacheClusterEnabled
cacheClusterEnabled?: pulumi.Input<boolean>;
Specifies whether a cache cluster is enabled for the stage
property cacheClusterSize
cacheClusterSize?: pulumi.Input<string>;
The size of the cache cluster for the stage, if enabled.
Allowed values include 0.5
, 1.6
, 6.1
, 13.5
, 28.4
, 58.2
, 118
and 237
.
property clientCertificateId
clientCertificateId?: pulumi.Input<string>;
The identifier of a client certificate for the stage.
property description
description?: pulumi.Input<string>;
The description of the stage
property documentationVersion
documentationVersion?: pulumi.Input<string>;
The version of the associated API documentation
property tags
tags?: pulumi.Input<{[key: string]: any}>;
A mapping of tags to assign to the resource.
property variables
variables?: pulumi.Input<{[key: string]: any}>;
A map that defines the stage variables
property xrayTracingEnabled
xrayTracingEnabled?: pulumi.Input<boolean>;
Whether active tracing with X-ray is enabled. Defaults to false
.
interface StaticRoute
interface StaticRoute extends BaseRoute
StaticRoute is a route that will map from an incoming path to the files/directories specified by [localPath].
property apiKeyRequired
apiKeyRequired?: undefined | false | true;
If true, an API key will be required for this route. The source for the API Key can be set at the API level and by default, the source will be the HEADER.
property authorizers
authorizers?: Authorizer[] | Authorizer;
Authorizers allows you to define Lambda authorizers be applied for authorization when the the route is called.
property contentType
contentType?: undefined | string;
The content-type
to serve the file as. Only valid when localPath points to a file. If
localPath points to a directory, the content types for all files will be inferred.
property iamAuthEnabled
iamAuthEnabled?: undefined | false | true;
By default, the route method auth type is set to NONE
. If true, the auth type will be
set to AWS_IAM
.
property index
index?: boolean | string;
By default API.static will also serve ‘index.html’ in response to a request on a directory. To disable this set false or to supply a new index pass an appropriate name.
property localPath
localPath: string;
The local path on disk to create static S3 resources for. Files will be uploaded into S3 objects, and directories will be recursively walked into.
property path
path: string;
The path on the API that will map to files in [localPath]. If not prefixed with /
, then a
/
will be added automatically to the beginning.
property requestValidator
requestValidator?: RequestValidator;
Request Validator specifies the validator to use at the method level. This will override anything defined at the API level.
property requiredParameters
requiredParameters?: Parameter[];
Required Parameters to validate. If the request validator is set to ALL or PARAMS_ONLY, api gateway will validate these before sending traffic to the event handler.
interface SwaggerAPIGatewayIntegrationResponse
interface SwaggerAPIGatewayIntegrationResponse
property responseParameters
responseParameters?: undefined | {[key: string]: string};
property statusCode
statusCode: string;
interface SwaggerCognitoAuthorizer
interface SwaggerCognitoAuthorizer
property authorizerResultTtlInSeconds
authorizerResultTtlInSeconds?: undefined | number;
property identitySource
identitySource: string;
property providerARNs
providerARNs: pulumi.Input<string>[];
property type
type: "cognito_user_pools";
interface SwaggerGatewayResponse
interface SwaggerGatewayResponse
property responseParameters
responseParameters?: undefined | {[parameter: string]: string};
property responseTemplates
responseTemplates: {
application/json: string;
};
property statusCode
statusCode: number;
interface SwaggerHeader
interface SwaggerHeader
property items
items?: SwaggerItems;
property type
type: "string" | "number" | "integer" | "boolean" | "array";
interface SwaggerInfo
interface SwaggerInfo
property title
title: string;
property version
version: string;
interface SwaggerItems
interface SwaggerItems
property items
items?: SwaggerItems;
property type
type: "string" | "number" | "integer" | "boolean" | "array";
interface SwaggerLambdaAuthorizer
interface SwaggerLambdaAuthorizer
property authorizerCredentials
authorizerCredentials: pulumi.Input<string>;
property authorizerResultTtlInSeconds
authorizerResultTtlInSeconds?: undefined | number;
property authorizerUri
authorizerUri: pulumi.Input<string>;
property identitySource
identitySource?: undefined | string;
property identityValidationExpression
identityValidationExpression?: undefined | string;
property type
type: "token" | "request";
interface SwaggerOperation
interface SwaggerOperation
property parameters
parameters?: SwaggerParameter[];
property responses
responses?: undefined | {[code: string]: SwaggerResponse};
property security
security?: Record<string, string[]>[];
security a list of objects whose keys are the names of the authorizer. Each authorizer name refers to a SecurityDefinition, defined at the top level of the swagger definition, by matching a Security Definition’s name property. For Cognito User Pool Authorizers, the value of these object can be left as an empty array or used to define the resource servers and custom scopes (e.g. “resource-server/scope”). For lambda authorizers, the value of the objects is an empty array.
property x-amazon-apigateway-auth
x-amazon-apigateway-auth?: ApigatewayAuth;
property x-amazon-apigateway-integration
x-amazon-apigateway-integration: ApigatewayIntegration;
property x-amazon-apigateway-request-validator
x-amazon-apigateway-request-validator?: RequestValidator;
interface SwaggerParameter
interface SwaggerParameter
property in
in: string;
property name
name: string;
property required
required: boolean;
property type
type?: undefined | string;
interface SwaggerResponse
interface SwaggerResponse
property description
description: string;
property headers
headers?: undefined | {[header: string]: SwaggerHeader};
property schema
schema?: SwaggerSchema;
interface SwaggerSchema
interface SwaggerSchema
property type
type: string;
interface SwaggerSpec
interface SwaggerSpec
property info
info: SwaggerInfo;
property paths
paths: {[path: string]: {[method: string]: SwaggerOperation}};
property securityDefinitions
securityDefinitions?: undefined | {[securityDefinitionName: string]: SecurityDefinition};
property swagger
swagger: string;
property x-amazon-apigateway-api-key-source
x-amazon-apigateway-api-key-source?: APIKeySource;
property x-amazon-apigateway-binary-media-types
x-amazon-apigateway-binary-media-types?: string[];
property x-amazon-apigateway-gateway-responses
x-amazon-apigateway-gateway-responses: Record<string, SwaggerGatewayResponse>;
property x-amazon-apigateway-request-validator
x-amazon-apigateway-request-validator?: RequestValidator;
property x-amazon-apigateway-request-validators
x-amazon-apigateway-request-validators?: undefined | {[validatorName: string]: {
validateRequestBody: boolean;
validateRequestParameters: boolean;
}};
interface TokenAuthorizerArgs
interface TokenAuthorizerArgs
The set of arguments for constructing a token LambdaAuthorizer resource.
property authorizerName
authorizerName?: undefined | string;
The name for the Authorizer to be referenced as. This must be unique for each unique authorizer within the API. If no name if specified, a name will be generated for you.
property authorizerResultTtlInSeconds
authorizerResultTtlInSeconds?: undefined | number;
The number of seconds during which the resulting IAM policy is cached. Default is 300s. You can set this value to 0 to disable caching. Max value is 3600s. Note - if you are sharing an authorizer across more than one route you will want to disable the cache or else it will cause problems for you.
property handler
handler: LambdaAuthorizerInfo | aws.lambda.EventHandler<AuthorizerEvent, AuthorizerResponse>;
The authorizerHandler specifies information about the authorizing Lambda. You can either set up the Lambda separately and just provide the required information or you can define the Lambda inline using a JavaScript function.
property header
header?: undefined | string;
The request header for the authorization token. If not set, this defaults to Authorization.
property identityValidationExpression
identityValidationExpression?: undefined | string;
A regular expression for validating the token as the incoming identity. Example: “^x-[a-z]+”
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.