Mandatory Querystring parameter for AWS Lambda using SAM

Question

I have an API endpoint calling a lambda function. In its simplest form, here is the template file section for it:

Resources:
  GetS3ObjectsFunction:
    Type: AWS::Serverless::Function
    Properties:
      FunctionName: GetS3Objects
      Description: SAM Kata for S3 Access
      CodeUri: get_s3_objects/
      Handler: main.lambda_handler
      Runtime: python3.8
      Events:
        GetS3ObjectsAPI:
          Type: Api
          Properties:
            Path: /GetS3Objects
            Method: get
            RequestParameters:
              - method.request.querystring.bucket:
                  Required: true

This is the best I can find from the documentation. however, neither local and nor stack deployment put any restriction on the endpoint, ie the lambda will be called no matter a query string is supplied or not, or it has a bucket or not.

Is this the expected behavior? can I do something so that the API gateway will reject the request if bucket is not specified in the query string?

Answer 1

It seems to me that you should be able to get the result with a WAF rule

API GW Documentation https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-aws-waf.html

WAF Rules - A string match or an regex pattern match on the https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statements-list.html

You should be able to match the query string or a single parameter: https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields.html#waf-rule-statement-request-component