当我将其直接传递到控制台时,资源策略运行良好。 下面是资源策略示例:-
{ "Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:us-west-2:339159142535:ooxmwl6q4e/*",
"Condition": {
"IpAddress":
{ "aws:SourceIp": [""14.98.8.190/32""] }
}
}]}
现在如何创建一个cloudformation模板以使其创建并附着到apigateway
我尝试创建一个策略,但是根据新策略,“主体”被删除。
我也创建了一个角色,但没有帮助。以下是角色片段:-
{ "AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"Apifirewall": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal":{ "Service": ["apigateway.amazonaws.com"] },
"Action": ["sts:AssumeRole"]
}]
},
"Policies": [{
"PolicyName": "Apifirewall",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "*",
"Resource": ["arn:aws:execute-api:us-west-2:339159142535:ooxmwl6q4e/*"],
"Condition" : {
"IpAddress": {
"aws:SourceIp": ["14.98.8.190/32"]
}
}
}]
}
}]
}
}
},
"Outputs": {
"Apifirewall": { "Value": { "Fn::GetAtt": ["Apifirewall", "Arn"]}}
}
}
答案 0 :(得分:0)
APIGateway资源策略未绑定到IAM策略,它是另一种资源。
因此要在RestApi上实现它,应使用
上ClassicEditor.create(editor, {
extraPlugins: [InsertDropDown],
toolbar: [
"bold",
"italic",
"heading",
"bulletedList",
"numberedList",
"link",
"undo",
"redo",
"InsertDropDown" // <--- add this
]
} );
资源上的 Policy 参数
AWS::ApiGateway::RestApi答案 1 :(得分:0)
下面是具有lambda集成的api部署的整个CFT
{ "AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"AppEnv": {
"Type": "String",
"Description": "Application environment, for this deployment"
},
"DeployTag": {
"Type": "String",
"Description": "Distinct deployment tag ex: BLUE, GREEN"
}
},
"Resources":
{
"LambdaExecutionRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": { "Service": ["lambda.amazonaws.com"] },
"Action": ["sts:AssumeRole"]
}]
},
"ManagedPolicyArns": ["arn:aws:iam::aws:policy/AWSLambdaFullAccess"]
}
},
"RecommenderLambda": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Handler": "recommender_field_validation_lambda.lambda_handler",
"FunctionName" : "recommenderlambda2",
"Role": { "Fn::GetAtt" : ["LambdaExecutionRole", "Arn"] },
"Environment": {
"Variables": {
"S3_BUCKET": "belcorp.recommender.test",
"REGION_NAME": "us-west-2",
"TOPIC_ARN": { "Fn::ImportValue" : "RecommenderTopicARN"},
"TABLE_NAME":{"Fn::ImportValue" : "recommederrequestinfo"}
}
},
"Code": {
"S3Bucket": "belcorp.recommender.lambdas",
"S3Key": "recommender_field_validation_lambda.zip"
},
"Runtime": "python3.6",
"Timeout": 25
}
},
"LambdaPermission": {
"DependsOn": "RecommenderLambda",
"Type": "AWS::Lambda::Permission",
"Properties": {
"Action": "lambda:invokeFunction",
"FunctionName": "recommenderlambda2",
"Principal": "apigateway.amazonaws.com",
"SourceArn": {"Fn::Join": ["", ["arn:aws:execute-api:", {"Ref": "AWS::Region"}, ":", {"Ref": "AWS::AccountId"}, ":", {"Ref": "RecommenderApi"}, "/*"]]}
}
},
"RecommenderApi": {
"Type": "AWS::ApiGateway::RestApi",
"Properties": {
"EndpointConfiguration" :{"Types":["EDGE"]},
"Description": "RecommenderAPI",
"Name": {"Fn::Sub": "RecommenderApi-${AppEnv}-${DeployTag}"},
"Policy":{ "Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": { "Fn::Sub":"arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:*/*"},
"Condition": {"IpAddress":{ "aws:SourceIp": ["14.98.8.190/32"] }}}]}
}
},
"ApiGatewayAccount": {
"Type": "AWS::ApiGateway::Account",
"Properties": {
"CloudWatchRoleArn": {"Fn::ImportValue" : "cloudwatchRole"}
}
},
"ApiDeployment": {
"Type": "AWS::ApiGateway::Deployment",
"DependsOn": ["OfferPostMethod", "OrderPostMethod"],
"Properties": {
"RestApiId": {"Ref": "RecommenderApi"},
"StageName": "dev"
}
},
"ProcessInput": {
"Type": "AWS::ApiGateway::Resource",
"Properties": {
"RestApiId": {"Ref": "RecommenderApi"},
"ParentId": {"Fn::GetAtt": ["RecommenderApi", "RootResourceId"]},
"PathPart": "process-input"
}
},
"OfferLevel": {
"Type": "AWS::ApiGateway::Resource",
"Properties": {
"RestApiId": {"Ref": "RecommenderApi"},
"ParentId": {"Ref":"ProcessInput"},
"PathPart": "offer-level"
}
},
"OrderLevel": {
"Type": "AWS::ApiGateway::Resource",
"Properties": {
"RestApiId": {"Ref": "RecommenderApi"},
"ParentId": {"Ref":"ProcessInput"},
"PathPart": "order-level"
}
},
"OfferPostMethod": {
"DependsOn": "RecommenderLambda",
"Type": "AWS::ApiGateway::Method",
"Properties": {
"RestApiId": { "Ref": "RecommenderApi" },
"ResourceId": { "Ref":"OfferLevel" },
"HttpMethod": "POST",
"AuthorizationType": "NONE",
"Integration": {
"Type": "AWS_PROXY",
"IntegrationHttpMethod": "POST",
"Uri": {"Fn::Join": ["",["arn:aws:apigateway:", {"Ref": "AWS::Region"}, ":lambda:path/2015-03-31/functions/",{"Fn::GetAtt": ["RecommenderLambda", "Arn"]}, "/invocations"]]},
"IntegrationResponses": [{
"StatusCode": 200,
"ResponseTemplates": {
"application/json": "$input.json('$.body')"
}
}]
}
}
} ,
"OrderPostMethod": {
"DependsOn": "RecommenderLambda",
"Type": "AWS::ApiGateway::Method",
"Properties": {
"RestApiId": { "Ref": "RecommenderApi" },
"ResourceId": { "Ref":"OrderLevel" },
"HttpMethod": "POST",
"AuthorizationType": "NONE",
"Integration": {
"Type": "AWS_PROXY",
"IntegrationHttpMethod": "POST",
"Uri": {"Fn::Join": ["",["arn:aws:apigateway:", {"Ref": "AWS::Region"}, ":lambda:path/2015-03-31/functions/",{"Fn::GetAtt": ["RecommenderLambda", "Arn"]}, "/invocations"]]},
"IntegrationResponses": [{
"StatusCode": 200,
"ResponseTemplates": {
"application/json": "$input.json('$.body')"
}
}]
}
}
}
},
"Outputs": {
"RootUrl": {
"Description": "Root URL of the API gateway",
"Value": {"Fn::Join": ["", ["https://", {"Ref": "RecommenderApi"}, ".execute-api.", {"Ref": "AWS::Region"}, ".amazonaws.com"]]}
},
"OfferUrl": {
"Description": "Root URL of the API gateway",
"Value": {"Fn::Join": ["", ["https://", {"Ref": "RecommenderApi"}, ".execute-api.", {"Ref": "AWS::Region"}, ".amazonaws.com","/dev/process-input/offer-level"]]}
},
"OrderUrl": {
"Description": "Root URL of the API gateway",
"Value": {"Fn::Join": ["", ["https://", {"Ref": "RecommenderApi"}, ".execute-api.", {"Ref": "AWS::Region"}, ".amazonaws.com","/dev/process-input/order-level"]]}
}
}
}