# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: >
Template to setup api gateway and apis as part of bootstrap
Parameters:
RegisterTenantLambdaExecutionRoleArn:
Type: String
TenantManagementLambdaExecutionRoleArn:
Type: String
RegisterTenantFunctionArn:
Type: String
ProvisionTenantFunctionArn:
Type: String
DeProvisionTenantFunctionArn:
Type: String
ActivateTenantFunctionArn:
Type: String
GetTenantsFunctionArn:
Type: String
CreateTenantFunctionArn:
Type: String
GetTenantFunctionArn:
Type: String
DeactivateTenantFunctionArn:
Type: String
UpdateTenantFunctionArn:
Type: String
GetTenantConfigFunctionArn:
Type: String
GetUsersFunctionArn:
Type: String
GetUserFunctionArn:
Type: String
UpdateUserFunctionArn:
Type: String
DisableUserFunctionArn:
Type: String
CreateTenantAdminUserFunctionArn:
Type: String
CreateUserFunctionArn:
Type: String
DisableUsersByTenantFunctionArn:
Type: String
EnableUsersByTenantFunctionArn:
Type: String
AuthorizerFunctionArn:
Type: String
AdminApiGatewayApi:
Type: String
Resources:
#provide api gateway permissions to call lambda functions
RegisterTenantLambdaApiGatewayExecutionPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref RegisterTenantFunctionArn
Principal: apigateway.amazonaws.com
SourceArn: !Join ["", ["arn:aws:execute-api:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":", !Ref AdminApiGatewayApi, "/*/*/*" ]]
CreateTenantAdminUserLambdaApiGatewayExecutionPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref CreateTenantAdminUserFunctionArn
Principal: apigateway.amazonaws.com
SourceArn: !Join ["", ["arn:aws:execute-api:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":", !Ref AdminApiGatewayApi, "/*/*/*" ]]
ProvisionTenantLambdaApiGatewayExecutionPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref ProvisionTenantFunctionArn
Principal: apigateway.amazonaws.com
SourceArn: !Join ["", ["arn:aws:execute-api:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":", !Ref AdminApiGatewayApi, "/*/*/*" ]]
DeProvisionTenantLambdaApiGatewayExecutionPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref DeProvisionTenantFunctionArn
Principal: apigateway.amazonaws.com
SourceArn: !Join ["", ["arn:aws:execute-api:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":", !Ref AdminApiGatewayApi, "/*/*/*" ]]
CreateUserLambdaApiGatewayExecutionPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref CreateUserFunctionArn
Principal: apigateway.amazonaws.com
SourceArn: !Join ["", ["arn:aws:execute-api:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":", !Ref AdminApiGatewayApi, "/*/*/*" ]]
UpdateUserLambdaApiGatewayExecutionPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref UpdateUserFunctionArn
Principal: apigateway.amazonaws.com
SourceArn: !Join ["", ["arn:aws:execute-api:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":", !Ref AdminApiGatewayApi, "/*/*/*" ]]
DisableUserLambdaApiGatewayExecutionPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref DisableUserFunctionArn
Principal: apigateway.amazonaws.com
SourceArn: !Join ["", ["arn:aws:execute-api:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":", !Ref AdminApiGatewayApi, "/*/*/*" ]]
DisableUsersByTenantLambdaApiGatewayExecutionPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref DisableUsersByTenantFunctionArn
Principal: apigateway.amazonaws.com
SourceArn: !Join ["", ["arn:aws:execute-api:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":", !Ref AdminApiGatewayApi, "/*/*/*" ]]
EnableUsersByTenantLambdaApiGatewayExecutionPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref EnableUsersByTenantFunctionArn
Principal: apigateway.amazonaws.com
SourceArn: !Join ["", ["arn:aws:execute-api:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":", !Ref AdminApiGatewayApi, "/*/*/*" ]]
GetUsersLambdaApiGatewayExecutionPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref GetUsersFunctionArn
Principal: apigateway.amazonaws.com
SourceArn: !Join ["", ["arn:aws:execute-api:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":", !Ref AdminApiGatewayApi, "/*/*/*" ]]
GetUserLambdaApiGatewayExecutionPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref GetUserFunctionArn
Principal: apigateway.amazonaws.com
SourceArn: !Join ["", ["arn:aws:execute-api:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":", !Ref AdminApiGatewayApi, "/*/*/*" ]]
AuthorizerLambdaApiGatewayExecutionPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref AuthorizerFunctionArn
Principal: apigateway.amazonaws.com
SourceArn: !Join ["", ["arn:aws:execute-api:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":", !Ref AdminApiGatewayApi, "/*/*" ]]
CreateTenantLambdaApiGatewayExecutionPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref CreateTenantFunctionArn
Principal: apigateway.amazonaws.com
SourceArn: !Join ["", ["arn:aws:execute-api:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":", !Ref AdminApiGatewayApi, "/*/*/*" ]]
UpdateTenantLambdaApiGatewayExecutionPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref UpdateTenantFunctionArn
Principal: apigateway.amazonaws.com
SourceArn: !Join ["", ["arn:aws:execute-api:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":", !Ref AdminApiGatewayApi, "/*/*/*" ]]
GetTenantLambdaApiGatewayExecutionPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref GetTenantFunctionArn
Principal: apigateway.amazonaws.com
SourceArn: !Join ["", ["arn:aws:execute-api:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":", !Ref AdminApiGatewayApi, "/*/*/*" ]]
GetTenantsLambdaApiGatewayExecutionPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref GetTenantsFunctionArn
Principal: apigateway.amazonaws.com
SourceArn: !Join ["", ["arn:aws:execute-api:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":", !Ref AdminApiGatewayApi, "/*/*/*" ]]
DeactivateTenantLambdaApiGatewayExecutionPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref DeactivateTenantFunctionArn
Principal: apigateway.amazonaws.com
SourceArn: !Join ["", ["arn:aws:execute-api:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":", !Ref AdminApiGatewayApi, "/*/*/*" ]]
ActivateTenantLambdaApiGatewayExecutionPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref ActivateTenantFunctionArn
Principal: apigateway.amazonaws.com
SourceArn: !Join ["", ["arn:aws:execute-api:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":", !Ref AdminApiGatewayApi, "/*/*/*" ]]
GetTenantConfigLambdaApiGatewayExecutionPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !Ref GetTenantConfigFunctionArn
Principal: apigateway.amazonaws.com
SourceArn: !Join ["", ["arn:aws:execute-api:", !Ref "AWS::Region", ":", !Ref "AWS::AccountId", ":", !Ref AdminApiGatewayApi, "/*/*/*" ]]