AWSTemplateFormatVersion: "2010-09-09" Description: "API Gateway and Lambda function" Resources: ApiGatewayExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Sid: '' Effect: 'Allow' Principal: Service: - 'apigateway.amazonaws.com' Action: - 'sts:AssumeRole' Path: '/' Policies: - PolicyName: LambdaAccess PolicyDocument: Version: '2012-10-17' Statement: - Effect: 'Allow' Action: - 'logs:CreateLogGroup' - 'logs:CreateLogStream' - 'logs:PutLogEvents' - 'apigateway:*' - 'lambda:*' - 'cognito:*' Resource: '*' MakeShiftApiGateway: Type: "AWS::ApiGateway::RestApi" Properties: Name: "StartAnalyticsJob" Description: "StartAnalyticsJob" StartAnalyticsJobResource: Type: AWS::ApiGateway::Resource DependsOn: MakeShiftApiGateway Properties: RestApiId: !Ref MakeShiftApiGateway ParentId: !GetAtt MakeShiftApiGateway.RootResourceId PathPart: startAnalyticsJob StartAnalyticsJobApiMethod: Type: "AWS::ApiGateway::Method" DependsOn: StartAnalyticsJobResource Properties: ApiKeyRequired: false AuthorizationType: COGNITO_USER_POOLS AuthorizationScopes: - Fn::ImportValue: "Cognito-resouce-identifier-scope" AuthorizerId: Ref: StartAnalyticsApiAuthorizer HttpMethod: "POST" MethodResponses: - StatusCode: 200 Integration: IntegrationResponses: - StatusCode: 200 IntegrationHttpMethod: "POST" PassthroughBehavior: WHEN_NO_TEMPLATES RequestTemplates: application/json: "#set($allParams = $input.params())\n{\n\"body-json\"\ \ : $input.json('$'),\n\"params\" : {\n#foreach($type in $allParams.keySet())\n\ \ #set($params = $allParams.get($type))\n\"$type\" : {\n #foreach($paramName\ \ in $params.keySet())\n \"$paramName\" : \"$util.escapeJavaScript($params.get($paramName))\"\ \n #if($foreach.hasNext),#end\n #end\n}\n #if($foreach.hasNext),#end\n\ #end\n},\n\"stage-variables\" : {\n#foreach($key in $stageVariables.keySet())\n\ \"$key\" : \"$util.escapeJavaScript($stageVariables.get($key))\"\n \ \ #if($foreach.hasNext),#end\n#end\n},\n\"context\" : {\n \"api-id\"\ \ : \"$context.apiId\",\n \"cognito-identity-id\" : \"$context.authorizer.claims.sub\"\ ,\n \"http-method\" : \"$context.httpMethod\",\n \"stage\" : \"\ $context.stage\",\n \"source-ip\" : \"$context.identity.sourceIp\"\ ,\n \"user-agent\" : \"$context.identity.userAgent\",\n \"user-arn\"\ \ : \"$context.identity.userArn\",\n \"request-id\" : \"$context.requestId\"\ ,\n \"resource-id\" : \"$context.resourceId\",\n \"resource-path\"\ \ : \"$context.resourcePath\",\n \"cognito-app-client-id\": \"$context.authorizer.claims.sub\"\ ,\n \"cognito-pool-id\": \"$context.authorizer.claims.iss\"\n }\n\ }" Type: "AWS" #Credentials: !GetAtt ApiGatewayExecutionRole.Arn Uri: Fn::Join: - '' - - 'arn:aws:apigateway:' - Ref: AWS::Region - ':lambda:path/2015-03-31/functions/' - Fn::ImportValue: "StartAnalyticsJobLambdaArn" - '/invocations' ResourceId: !Ref StartAnalyticsJobResource RestApiId: !Ref MakeShiftApiGateway StartAnalyticsJobApiDeployment: Type: AWS::ApiGateway::Deployment DependsOn: StartAnalyticsJobApiMethod Properties: Description: Lambda API Deployment RestApiId: !Ref MakeShiftApiGateway StartAnalyticsJobApiStage: Type: AWS::ApiGateway::Stage Properties: DeploymentId: !Ref StartAnalyticsJobApiDeployment Description: Lambda API Stage V0 RestApiId: !Ref MakeShiftApiGateway StageName: "invoke" StartAnalyticsApiAuthorizer: Type: AWS::ApiGateway::Authorizer DependsOn: ApiGatewayExecutionRole Properties: Name: StartAnalyticsJobApiAuthorizer Type: COGNITO_USER_POOLS ProviderARNs: - Fn::ImportValue: "EnterpriseCognitoUserPoolArn" RestApiId: !Ref MakeShiftApiGateway IdentitySource: 'method.request.header.Authorization' AuthorizerCredentials: !GetAtt ApiGatewayExecutionRole.Arn AuthorizerResultTtlInSeconds: 0 LambdaApiGatewayInvoke: Type: "AWS::Lambda::Permission" Description: "Lambda test" Properties: Action: "lambda:InvokeFunction" FunctionName: Fn::Join: - '' - - Fn::ImportValue: "StartAnalyticsJobLambdaArn" Principal: "apigateway.amazonaws.com" SourceArn: Fn::Join: - '' - - !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${MakeShiftApiGateway}/*/POST/" - "startAnalyticsJob" # API gateway for get status lambda GetJobStatusResource: Type: AWS::ApiGateway::Resource DependsOn: MakeShiftApiGateway Properties: RestApiId: !Ref MakeShiftApiGateway ParentId: !GetAtt MakeShiftApiGateway.RootResourceId PathPart: getJobStatus GetJobStatusApiMethod: Type: "AWS::ApiGateway::Method" DependsOn: GetJobStatusResource Properties: ApiKeyRequired: false AuthorizationType: COGNITO_USER_POOLS AuthorizationScopes: - Fn::ImportValue: "Cognito-resouce-identifier-scope" AuthorizerId: Ref: GetJobStatusApiAuthorizer HttpMethod: "POST" MethodResponses: - StatusCode: 200 Integration: IntegrationResponses: - StatusCode: 200 IntegrationHttpMethod: "POST" PassthroughBehavior: WHEN_NO_TEMPLATES RequestTemplates: application/json: "#set($allParams = $input.params())\n{\n\"body-json\"\ \ : $input.json('$'),\n\"params\" : {\n#foreach($type in $allParams.keySet())\n\ \ #set($params = $allParams.get($type))\n\"$type\" : {\n #foreach($paramName\ \ in $params.keySet())\n \"$paramName\" : \"$util.escapeJavaScript($params.get($paramName))\"\ \n #if($foreach.hasNext),#end\n #end\n}\n #if($foreach.hasNext),#end\n\ #end\n},\n\"stage-variables\" : {\n#foreach($key in $stageVariables.keySet())\n\ \"$key\" : \"$util.escapeJavaScript($stageVariables.get($key))\"\n \ \ #if($foreach.hasNext),#end\n#end\n},\n\"context\" : {\n \"api-id\"\ \ : \"$context.apiId\",\n \"cognito-identity-id\" : \"$context.authorizer.claims.sub\"\ ,\n \"http-method\" : \"$context.httpMethod\",\n \"stage\" : \"\ $context.stage\",\n \"source-ip\" : \"$context.identity.sourceIp\"\ ,\n \"user-agent\" : \"$context.identity.userAgent\",\n \"user-arn\"\ \ : \"$context.identity.userArn\",\n \"request-id\" : \"$context.requestId\"\ ,\n \"resource-id\" : \"$context.resourceId\",\n \"resource-path\"\ \ : \"$context.resourcePath\",\n \"cognito-app-client-id\": \"$context.authorizer.claims.sub\"\ ,\n \"cognito-pool-id\": \"$context.authorizer.claims.iss\"\n }\n\ }" Type: "AWS" Uri: Fn::Join: - '' - - 'arn:aws:apigateway:' - Ref: AWS::Region - ':lambda:path/2015-03-31/functions/' - Fn::ImportValue: "GetJobStatusLambdaArn" - '/invocations' ResourceId: !Ref GetJobStatusResource RestApiId: !Ref MakeShiftApiGateway GetJobStatusApiDeployment: Type: AWS::ApiGateway::Deployment DependsOn: GetJobStatusApiMethod Properties: Description: Lambda API Deployment RestApiId: !Ref MakeShiftApiGateway GetJobStatusApiStage: Type: AWS::ApiGateway::Stage Properties: DeploymentId: !Ref GetJobStatusApiDeployment Description: Lambda API Stage V0 RestApiId: !Ref MakeShiftApiGateway StageName: "status" GetJobStatusApiAuthorizer: Type: AWS::ApiGateway::Authorizer DependsOn: ApiGatewayExecutionRole Properties: Name: GetJobStatusApiAuthorizer Type: COGNITO_USER_POOLS ProviderARNs: - Fn::ImportValue: "EnterpriseCognitoUserPoolArn" RestApiId: !Ref MakeShiftApiGateway IdentitySource: 'method.request.header.Authorization' AuthorizerCredentials: !GetAtt ApiGatewayExecutionRole.Arn AuthorizerResultTtlInSeconds: 0 LambdaApiGatewayGetJobStatus: Type: "AWS::Lambda::Permission" Description: "Lambda test" Properties: Action: "lambda:InvokeFunction" FunctionName: Fn::Join: - '' - - Fn::ImportValue: "GetJobStatusLambdaArn" Principal: "apigateway.amazonaws.com" SourceArn: Fn::Join: - '' - - !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${MakeShiftApiGateway}/*/POST/" - "getJobStatus" Outputs: StartAnalyticsJobInvokeURL: Value: !Sub "https://${MakeShiftApiGateway}.execute-api.${AWS::Region}.amazonaws.com/${StartAnalyticsJobApiStage}" Export: Name: "StartAnalyticsJobInvokeURL" GetJobStatusInvokeURL: Value: !Sub "https://${MakeShiftApiGateway}.execute-api.${AWS::Region}.amazonaws.com/${GetJobStatusApiStage}" Export: Name: "GetJobStatusInvokeURL"