4

In cloudformation, AWS::ApiGateway::Method has a boolean property ApiKeyRequired . How can i achieve the same in SAM ?

I know that we can enable using explicit swagger Configuration. which is like this

    {
    "swagger": "2.0",
    "info": {
        "version": "1.0",
        "title": {
              "Ref": "AWS::StackName"
            }
    },
    "x-amazon-apigateway-api-key-source": "HEADER",
    "paths": {
        "/": {
            "get": {
                "x-amazon-apigateway-integration": {
                    "httpMethod": "POST",
                    "type": "aws_proxy",
                    "uri": {
                    "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${GetHelloWorld.Arn}/invocations"
                  }
                },
                "responses": {},
                "security": [
                    {
                        "api_key": []
                    }
                ]
            }
        }
    },
    "securityDefinitions": {
        "api_key": {
            "type": "apiKey",
            "name": "x-api-key",
            "in": "header"
        }
    }
}

Cant it possible with implicit API call in SAM rather than explicitly passing the AWS::Serverless::Api ? Because the swagger code is okay for less endpoints and becomes complex once endpoints got increased. Is there any flag like APIkeyRequired like we have in Cloudformation ?

Any help is appreciated Thanks

Private
  • 1,661
  • 1
  • 20
  • 51
  • I haven't tried this but have you looked at https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-apikeysourcetype. My guess is that if you specify it, it will look for an API key. Then the question would be where do you specify the key? Maybe you still might need to add it to the swagger. – asr9 Oct 24 '18 at 16:13
  • Thanks @ASR for responding. The above code is just a swagger definition , i am including this in my SAM template in which i am defining API keys and usage plans. I tested it and it worked perfectly. For achieving this i had created my own `Swagger Definition` and passed explicitly. But usually SAM has implicit API which will create a Swagger definition for us. So, in that i am trying to find out equivalent parameter of `APIkeyRequired` like we have in CFN . – Private Oct 24 '18 at 16:55
  • 1
    Ah. ok. Actually I am did the same thing. I don't think an equivalent exists, as there's no mention of it here - https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md. However, if you find a solution, please do post. – asr9 Oct 24 '18 at 20:18

1 Answers1

0

Now ApiKeyRequired is supported at both the AWS::Serverless::Api and AWS::Serverless::Function level in SAM.

Here is an example from the AWS Documentation:

Resources:
  MyApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      Auth:
        ApiKeyRequired: true # sets for all methods

  MyFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: .
      Handler: index.handler
      Runtime: nodejs8.10
      Events:
        ApiKey:
          Type: Api
          Properties:
            RestApiId: !Ref MyApi
            Path: /
            Method: get
            Auth:
              ApiKeyRequired: true

You can also learn about this from the following resources:

  • AWS Official Documentation here.
  • This walkthrough blog post by Sarthak Jain.
mostafazh
  • 4,144
  • 1
  • 20
  • 26