AWSTemplateFormatVersion: "2010-09-09"
Description: (AWS Heidi) EventDetailUrl stack for REST API Gateway to DynamoDB
Parameters:
DynamoDBArn:
Type: String
Description: DDB arn
AllowedIpRange:
Type: String
Description: AllowedIpRange who can access EventDetailUrls
DynamoDBName:
Type: String
Description: DDB Name
Resources:
EventDetailAPIGWRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub "EventDetailAPIGW-${AWS::AccountId}-${AWS::Region}-Role"
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Sid: AllowApiGatewayServiceToAssumeRole
Effect: Allow
Action:
- 'sts:AssumeRole'
Principal:
Service:
- apigateway.amazonaws.com
Policies:
- PolicyName: dynamoDBAccess
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- dynamodb:GetItem
Resource: !Ref DynamoDBArn
apiGateway:
Type: AWS::ApiGateway::RestApi
Properties:
EndpointConfiguration:
Types:
- REGIONAL
Name: !Sub eventDetails-${AWS::AccountId}-${AWS::Region}-api
Description: (AWSHEIDI) for eventdetail Urls
Policy: {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:*/*",
"Condition": {
"NotIpAddress": {
"aws:SourceIp": !Ref AllowedIpRange
}
}
},
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:*/*"
}
]
}
apiGatewayMethodResource:
Type: AWS::ApiGateway::Resource
Properties:
RestApiId: !Ref apiGateway
ParentId: !GetAtt apiGateway.RootResourceId
PathPart: awsheidi
apiGatewayMethod:
Type: AWS::ApiGateway::Method
Properties:
AuthorizationType: NONE
HttpMethod: GET
MethodResponses:
- StatusCode: 200
ResponseModels:
text/html: Empty
RequestParameters:
method.request.querystring.eventArn: False
Integration:
IntegrationHttpMethod: POST
Type: AWS
Credentials: !GetAtt EventDetailAPIGWRole.Arn
Uri: !Sub arn:aws:apigateway:${AWS::Region}:dynamodb:action/GetItem
PassthroughBehavior: WHEN_NO_TEMPLATES
RequestTemplates:
application/json: !Sub
|-
{
"TableName": "${DynamoDBName}",
"Key":{
"eventArn": {"S": "$util.escapeJavaScript($input.params().querystring.get("eventArn"))"}
}
}
IntegrationResponses:
- StatusCode: 200
ResponseTemplates:
application/json: !Sub
|-
Event Detail
Service: $input.path('$.Item.service.S')
Account: $input.path('$.Item.account.S')
Region: $input.path('$.Item.eventRegion.S')
Affected Entities: $input.path('$.Item.affectedEntities.S')
Description: $input.json('$.Item.eventDescription.S').replaceAll("\\n","
")
ResourceId: !Ref apiGatewayMethodResource
RestApiId: !Ref apiGateway
apiGatewayDeployment:
Type: AWS::ApiGateway::Deployment
DependsOn:
- apiGatewayMethod
Properties:
RestApiId: !Ref apiGateway
StageName: 'v1'
Outputs:
EventDetailApiEndpoint:
Description: "API Gateway endpoint URL for Prod stage for Product api"
Value: !Sub "https://${apiGateway}.execute-api.${AWS::Region}.amazonaws.com/v1/awsheidi?eventArn="