AWSTemplateFormatVersion: "2010-09-09" Description: Creates an API Gateway that the EC2 instances with Locust will send requests to. Parameters: VpcCidrBlock: Type: String VpcID: Type: AWS::EC2::VPC::Id PrivateSubnet1: Type: AWS::EC2::Subnet::Id PrivateSubnet2: Type: AWS::EC2::Subnet::Id ProxyAccessLambda: Type: String NoProxyAccessLambda: Type: String ApiEndpointType: Type: String Resources: VPCEndpointSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: The Security Group attached to the VPC Endpoint in the Load Test VPC that restricts traffic entering from the Load Test VPC into the Proxy and No Proxy VPCs. SecurityGroupIngress: - CidrIp: !Ref VpcCidrBlock Description: !Join - "" - - 'from ' - !Ref VpcCidrBlock - :443 FromPort: 443 IpProtocol: tcp ToPort: 443 SecurityGroupEgress: - CidrIp: 127.0.0.1/32 Description: Limits security group egress traffic to localhost IpProtocol: "-1" Tags: - Key: Name Value: loadtest/load_test_vpc VpcId: !Ref VpcID VPCEndpoint: Type: AWS::EC2::VPCEndpoint Properties: ServiceName: !Sub com.amazonaws.${AWS::Region}.execute-api VpcId: !Ref VpcID PrivateDnsEnabled: true SecurityGroupIds: - !GetAtt VPCEndpointSecurityGroup.GroupId SubnetIds: - !Ref PrivateSubnet1 - !Ref PrivateSubnet2 VpcEndpointType: Interface LoadTestApi: Type: AWS::ApiGateway::RestApi Properties: EndpointConfiguration: Types: - !Ref ApiEndpointType VpcEndpointIds: - !Ref VPCEndpoint Name: !Sub LoadTestApi-${AWS::StackName} Policy: Statement: - Action: execute-api:Invoke Condition: StringEquals: aws:sourceVpce: !Ref VPCEndpoint Effect: Allow Principal: '*' Resource: execute-api:/* Version: "2012-10-17" CloudWatchRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: apigateway.amazonaws.com Version: "2012-10-17" ManagedPolicyArns: - !Join - "" - - 'arn:' - !Ref 'AWS::Partition' - :iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs LoadTestApiAccount: Type: AWS::ApiGateway::Account DependsOn: - LoadTestApi Properties: CloudWatchRoleArn: !GetAtt CloudWatchRole.Arn LoadTestApiGET: Type: AWS::ApiGateway::Method Properties: HttpMethod: GET ResourceId: !GetAtt LoadTestApi.RootResourceId RestApiId: !Ref LoadTestApi AuthorizationType: NONE Integration: IntegrationHttpMethod: POST Type: AWS_PROXY Uri: !Join - "" - - !Sub arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/ - !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId} - :function:${stageVariables.lbfunc}/invocations RequestParameters: method.request.querystring.tenant: true NoProxyApiDeployment: Type: AWS::ApiGateway::Deployment DependsOn: - LoadTestApiGET Properties: RestApiId: !Ref LoadTestApi LoadTestApiLogGroup: Type: AWS::Logs::LogGroup Properties: LogGroupName: /aws/apigateway/rdsproxyloadtestapi RetentionInDays: 90 NoProxyApiStage: Type: AWS::ApiGateway::Stage Properties: AccessLogSetting: DestinationArn: !GetAtt LoadTestApiLogGroup.Arn Format: '{ "stage": "$context.stage" "request_id": "$context.requestId", "resource": "$context.resourcePath", "http_method": "$context.httpMethod", "status": "$context.status", "response_error": "$context.error.messageString", "request_time": "$context.requestTimeEpoch", "integration_latency": "$context.integration.latency", "source_ip": "$context.identity.sourceIp" }' RestApiId: !Ref LoadTestApi DeploymentId: !Ref NoProxyApiDeployment StageName: no_proxy_stage TracingEnabled: true Variables: lbfunc: !Ref NoProxyAccessLambda ProxyApiDeployment: Type: AWS::ApiGateway::Deployment DependsOn: - LoadTestApiGET Properties: RestApiId: !Ref LoadTestApi ProxyApiStage: Type: AWS::ApiGateway::Stage Properties: AccessLogSetting: DestinationArn: !GetAtt LoadTestApiLogGroup.Arn Format: '{ "stage": "$context.stage" "request_id": "$context.requestId", "resource": "$context.resourcePath", "http_method": "$context.httpMethod", "status": "$context.status", "response_error": "$context.error.messageString", "request_time": "$context.requestTimeEpoch", "integration_latency": "$context.integration.latency", "source_ip": "$context.identity.sourceIp" }' RestApiId: !Ref LoadTestApi DeploymentId: !Ref ProxyApiDeployment StageName: proxy_stage TracingEnabled: true Variables: lbfunc: !Ref ProxyAccessLambda ProxyLambdaAccessPermission: Type: AWS::Lambda::Permission Properties: FunctionName: !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${ProxyAccessLambda} Action: lambda:InvokeFunction Principal: apigateway.amazonaws.com SourceArn: !Sub arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${LoadTestApi}/*/GET/ NoProxyLambdaAccessPermission: Type: AWS::Lambda::Permission Properties: FunctionName: !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${NoProxyAccessLambda} Action: lambda:InvokeFunction Principal: apigateway.amazonaws.com SourceArn: !Sub arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${LoadTestApi}/*/GET/ Outputs: ApiGatewayURL: Value: !Sub https://${LoadTestApi}.execute-api.${AWS::Region}.amazonaws.com VPCEndpointSecurityGroup: Value: !Ref VPCEndpointSecurityGroup APIGatewayLogGroupName: Value: !Ref LoadTestApiLogGroup ApiGatewayName: Value: !Sub LoadTestApi-${AWS::StackName}