serverless-application-model icon indicating copy to clipboard operation
serverless-application-model copied to clipboard

Published 20 hours ago verified publisher icon aws

Create apigateway permissions from openapi definitions

Open iRoachie opened this issue 2 years ago • 14 comments

Describe your idea/feature/enhancement

Hey team, recently tried building out a rest API using AWS::Serverless::Api and openapi via DefinitionBody. It's great having my OpenAPI schemas converted to API gateway models and validation 💯 .

The only thing that's missing would be to have apigw permissions automatically created.

For example, the Events property on AWS::Serverless::Function automatically creates permissions for apigw to invoke the lambda.

The OpenAPI schema already defines the lambda handler via x-amazon-apigateway-integration, so it should be possible to create this permission in the background.

x-amazon-apigateway-integration:
        uri:
          Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations

Proposal

Parse the DefinitionBody of AWS::Serverless::Api and create a AWS::Lambda::Permission resource for the attached lambda function.

Things to consider:

  1. This requires no changes to the SAM Spec

iRoachie avatar Nov 05 '21 15:11 iRoachie