![](/img/trans.png)
[英]How to add an AWS::ApiGateway::Resource to an AWS::Serverless::Api in CloudFormation template
[英]Add resource policy for API in CloudFormation template?
我們在 CodeStar 中有一個 NodeJS lambda 項目。 我們已經讓它工作了,我們已經用 API 密鑰保護了 API。
是否可以在 CloudFormation 模板中為 API 添加資源策略? 這樣我們就不用每次新建項目/API時都在web控制台添加Resource Policy了。
我們已經嘗試過但還沒有讓它工作,而且我們找不到任何文檔。
謝謝!
Doc在這里https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html
它應該看起來像這樣
Type: AWS::ApiGateway::RestApi Properties: ApiKeySourceType: String BinaryMediaTypes: - String Body: JSON object BodyS3Location: S3Location CloneFrom: String Description: String EndpointConfiguration: EndpointConfiguration FailOnWarnings: Boolean MinimumCompressionSize: Integer Name: String Parameters: String: String Policy: JSON object
包含資源策略的私有 API 網關的完整示例(在這種情況下,只允許從先前定義的 VPC 端點進行訪問)可以在下面找到。
InterfaceEndpoint:
Type: 'AWS::EC2::VPCEndpoint'
Properties:
VpcEndpointType: Interface
ServiceName: !Sub 'com.amazonaws.${AWS::Region}.execute-api'
PrivateDnsEnabled: true
VpcId: !Ref VPC
SubnetIds:
- !Ref PrivateSubnet1
- !Ref PrivateSubnet2
SecurityGroupIds:
- !Ref InterfaceSecurityGroup
privateApiGateway:
Type: AWS::ApiGateway::RestApi
Properties:
Description: Private API Gateway
EndpointConfiguration:
Types:
- PRIVATE
VpcEndpointIds:
- !Ref InterfaceEndpoint
Name: privateApi
Policy:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal: "*"
Action: execute-api:Invoke
Resource:
- execute-api:/*
- Effect: Deny
Principal: "*"
Action: execute-api:Invoke
Resource:
- execute-api:/*
Condition:
StringNotEquals:
aws:SourceVpce: !Ref InterfaceEndpoint
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.