move authorizer to base api gateway template

svozza · Jan 12, 2021 · 34e3c4d · 34e3c4d
1 parent 18f1ff4
commit 34e3c4d
Show file tree

Hide file tree

Showing 7 changed files with 33 additions and 22 deletions.
diff --git a/aws/cloudformation-templates/base/_template.yaml b/aws/cloudformation-templates/base/_template.yaml
@@ -120,6 +120,8 @@ Resources:
     Type: AWS::CloudFormation::Stack
     Properties:
       TemplateURL: !Sub https://s3.amazonaws.com/${ResourceBucket}/${ResourceBucketRelativePath}cloudformation-templates/base/apigateway.yaml
+      Parameters:
+        UserPoolArn: !GetAtt Authentication.Outputs.UserPoolArn
 
   # VPC
   VPC:
@@ -209,10 +211,6 @@ Outputs:
     Description: Authentication Cognito User Pool Id.
     Value: !GetAtt Authentication.Outputs.UserPoolId
 
-  UserPoolArn:
-    Description: Authentication Cognito User Pool Arn.
-    Value: !GetAtt Authentication.Outputs.UserPoolArn
-
   UserPoolClientId:
     Description: Authentication Cognito User Pool Client Id.
     Value: !GetAtt Authentication.Outputs.UserPoolClientId
@@ -257,6 +255,10 @@ Outputs:
     Description: API Gateway Root Resource Id
     Value: !GetAtt ApiGateway.Outputs.ApiRootResourceId
 
+  ApiGatewayAuthorizer:
+    Description: API Gateway Root Resource Id
+    Value: !GetAtt ApiGateway.Outputs.ApiGatewayAuthorizer
+
   ServiceDiscoveryNamespace:
     Description: Service Discovery Namespace.
     Value: !GetAtt ServiceDiscovery.Outputs.ServiceDiscoveryNamespace

diff --git a/aws/cloudformation-templates/base/apigateway.yaml b/aws/cloudformation-templates/base/apigateway.yaml
@@ -4,6 +4,11 @@ Transform: AWS::Serverless-2016-10-31
 
 Description: Retail Store API Gateway
 
+Parameters:
+
+  UserPoolArn:
+    Type: String
+
 Resources:
 
   RestApi:
@@ -53,6 +58,17 @@ Resources:
             Empty:
               type: object
 
+  ApiGatewayAuthorizer:
+    Type: AWS::ApiGateway::Authorizer
+    Properties:
+      Name: RetailStoreAuthorizer
+      RestApiId: !Ref RestApi
+      AuthorizerResultTtlInSeconds: 300
+      IdentitySource: method.request.header.Authorization
+      ProviderARNs:
+        - !Ref UserPoolArn
+      Type: COGNITO_USER_POOLS
+
 Outputs:
 
   RestApiId:
@@ -61,4 +77,8 @@ Outputs:
 
   ApiRootResourceId:
     Description: Retail Store Root Resource Id API Gateway
-    Value: !GetAtt RestApi.RootResourceId
+    Value: !GetAtt RestApi.RootResourceId
+
+  ApiGatewayAuthorizer:
+    Description: Retail Store Authorizer for Lambda microservices
+    Value: !Ref ApiGatewayAuthorizer
diff --git a/aws/cloudformation-templates/services/_template.yaml b/aws/cloudformation-templates/services/_template.yaml
@@ -56,7 +56,7 @@ Parameters:
   UserPoolId:
     Type: String
 
-  UserPoolArn:
+  ApiGatewayAuthorizer:
     Type: String
 
   UserPoolClientId:
@@ -315,7 +315,7 @@ Resources:
         ResourceBucket: !Ref ResourceBucket
         ResourceBucketKey: !Sub ${ResourceBucketRelativePath}aws-lambda/recipes.zip
         Path: recipes
-        UserPoolArn: !Ref UserPoolArn
+        ApiGatewayAuthorizer: !Ref ApiGatewayAuthorizer
         Handler: recipes.handler
         RestApiId: !Ref RestApiId
         ApiRootResourceId: !Ref ApiRootResourceId

diff --git a/aws/cloudformation-templates/services/serverless-service/_template.yaml b/aws/cloudformation-templates/services/serverless-service/_template.yaml
@@ -31,7 +31,7 @@ Parameters:
   ApiRootResourceId:
     Type: String
 
-  UserPoolArn:
+  ApiGatewayAuthorizer:
     Type: String
 
 Resources:
@@ -56,17 +56,6 @@ Resources:
       ParentId: !Ref ApiRootResourceId
       PathPart: !Ref Path
 
-  ApiGatewayAuthorizer:
-    Type: AWS::ApiGateway::Authorizer
-    Properties:
-      Name: PerspectiveAuthorizer
-      RestApiId: !Ref RestApiId
-      AuthorizerResultTtlInSeconds: 300
-      IdentitySource: method.request.header.Authorization
-      ProviderARNs:
-        - !Ref UserPoolArn
-      Type: COGNITO_USER_POOLS
-
   Method:
     Type: AWS::ApiGateway::Method
     Properties:

diff --git a/aws/cloudformation-templates/template.yaml b/aws/cloudformation-templates/template.yaml
@@ -245,7 +245,7 @@ Resources:
         GitHubToken: !Ref GitHubToken
         GitHubUser: !Ref GitHubUser
         UserPoolId: !GetAtt Base.Outputs.UserPoolId
-        UserPoolArn: !GetAtt Base.Outputs.UserPoolArn
+        ApiGatewayAuthorizer: !GetAtt Base.Outputs.ApiGatewayAuthorizer
         UserPoolClientId: !GetAtt Base.Outputs.UserPoolClientId
         IdentityPoolId: !GetAtt Base.Outputs.IdentityPoolId
         StackBucketName: !GetAtt Base.Outputs.StackBucketName

diff --git a/src/aws-lambda/recipes/bundle.sh b/src/aws-lambda/recipes/bundle.sh
@@ -19,4 +19,4 @@ cd ${OLDPWD}
 echo "Adding Lambda function source code to package"
 zip -g ${PACKAGE_FILE} ${LAMBDA_SOURCE}
 
-echo "Done!"
+echo "Done!"
diff --git a/src/aws-lambda/recipes/recipes.py b/src/aws-lambda/recipes/recipes.py
@@ -11,4 +11,4 @@ def handler(event, _):
     else:
         return {
             "statusCode": 405
-        }
+        }
-Original file line number
+Diff line change
@@ Expand Up / @@ -11,4 +11,4 @@ def handler(event, _): @@
         else:
             return {
                 "statusCode": 405
-            }
+            }