Using IAM Role for AWS API Gateway in Cloudformation Template
Question
I have been trying to use an IAM role while creating a API in API Gateway using a cloudformation template so that API Gateway can invoke the Lambda function which is set as an endpoint for a specific GET / POST call.
I came across this while searching :- How can I grant permission to API Gateway to invoke lambda functions through CloudFormation?
This is helpful if there's one lambda function to be invoked. But if the API is being deployed using a JSON / Swagger definition and there are multiple lambda functions as endpoints then all those need to be added to the cloud formation template.
Is there any other Template Resource that can be used to associate an IAM role to the API Gateway instead of using AWS::Lambda::Permission ?
1 answers
solution1
1 ACCPTED 2017-03-07 01:56:22
I would recommend adding each Lambda function individually to your CloudFormation template using the AWS::Lambda::Permission. This gives you the best runtime performance and also manages your permissions explicitly.
If you are opposed to doing this, then an alternative is to have API Gateway invoke your Lambda functions via a role. Create a role in your account, either manually or through CloudFormation. Grant this role permissions to call your Lambda functions, either individually or en-mass using an asterisk (*). Specify this role when defining your API Gateway integrations. API Gateway will assume this role before calling your Lambda function.
Note that this does add some latency at runtime since API Gateway has to do an additional assume-role call before every invoke to your Lambda functions.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.