From 34e3c4d49fe7a8fd491b2307d7c47b94041647f8 Mon Sep 17 00:00:00 2001 From: Stefano Vozza Date: Mon, 11 Jan 2021 19:30:24 +0000 Subject: [PATCH] move authorizer to base api gateway template --- .../base/_template.yaml | 10 +++++---- .../base/apigateway.yaml | 22 ++++++++++++++++++- .../services/_template.yaml | 4 ++-- .../serverless-service/_template.yaml | 13 +---------- aws/cloudformation-templates/template.yaml | 2 +- src/aws-lambda/recipes/bundle.sh | 2 +- src/aws-lambda/recipes/recipes.py | 2 +- 7 files changed, 33 insertions(+), 22 deletions(-) diff --git a/aws/cloudformation-templates/base/_template.yaml b/aws/cloudformation-templates/base/_template.yaml index eed3bcbf7..7c112bbd7 100644 --- a/aws/cloudformation-templates/base/_template.yaml +++ b/aws/cloudformation-templates/base/_template.yaml @@ -120,6 +120,8 @@ Resources: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub https://s3.amazonaws.com/${ResourceBucket}/${ResourceBucketRelativePath}cloudformation-templates/base/apigateway.yaml + Parameters: + UserPoolArn: !GetAtt Authentication.Outputs.UserPoolArn # VPC VPC: @@ -209,10 +211,6 @@ Outputs: Description: Authentication Cognito User Pool Id. Value: !GetAtt Authentication.Outputs.UserPoolId - UserPoolArn: - Description: Authentication Cognito User Pool Arn. - Value: !GetAtt Authentication.Outputs.UserPoolArn - UserPoolClientId: Description: Authentication Cognito User Pool Client Id. Value: !GetAtt Authentication.Outputs.UserPoolClientId @@ -257,6 +255,10 @@ Outputs: Description: API Gateway Root Resource Id Value: !GetAtt ApiGateway.Outputs.ApiRootResourceId + ApiGatewayAuthorizer: + Description: API Gateway Root Resource Id + Value: !GetAtt ApiGateway.Outputs.ApiGatewayAuthorizer + ServiceDiscoveryNamespace: Description: Service Discovery Namespace. Value: !GetAtt ServiceDiscovery.Outputs.ServiceDiscoveryNamespace diff --git a/aws/cloudformation-templates/base/apigateway.yaml b/aws/cloudformation-templates/base/apigateway.yaml index 9691624d5..1d4029231 100644 --- a/aws/cloudformation-templates/base/apigateway.yaml +++ b/aws/cloudformation-templates/base/apigateway.yaml @@ -4,6 +4,11 @@ Transform: AWS::Serverless-2016-10-31 Description: Retail Store API Gateway +Parameters: + + UserPoolArn: + Type: String + Resources: RestApi: @@ -53,6 +58,17 @@ Resources: Empty: type: object + ApiGatewayAuthorizer: + Type: AWS::ApiGateway::Authorizer + Properties: + Name: RetailStoreAuthorizer + RestApiId: !Ref RestApi + AuthorizerResultTtlInSeconds: 300 + IdentitySource: method.request.header.Authorization + ProviderARNs: + - !Ref UserPoolArn + Type: COGNITO_USER_POOLS + Outputs: RestApiId: @@ -61,4 +77,8 @@ Outputs: ApiRootResourceId: Description: Retail Store Root Resource Id API Gateway - Value: !GetAtt RestApi.RootResourceId \ No newline at end of file + Value: !GetAtt RestApi.RootResourceId + + ApiGatewayAuthorizer: + Description: Retail Store Authorizer for Lambda microservices + Value: !Ref ApiGatewayAuthorizer diff --git a/aws/cloudformation-templates/services/_template.yaml b/aws/cloudformation-templates/services/_template.yaml index bfcd634f9..038cee14d 100644 --- a/aws/cloudformation-templates/services/_template.yaml +++ b/aws/cloudformation-templates/services/_template.yaml @@ -56,7 +56,7 @@ Parameters: UserPoolId: Type: String - UserPoolArn: + ApiGatewayAuthorizer: Type: String UserPoolClientId: @@ -315,7 +315,7 @@ Resources: ResourceBucket: !Ref ResourceBucket ResourceBucketKey: !Sub ${ResourceBucketRelativePath}aws-lambda/recipes.zip Path: recipes - UserPoolArn: !Ref UserPoolArn + ApiGatewayAuthorizer: !Ref ApiGatewayAuthorizer Handler: recipes.handler RestApiId: !Ref RestApiId ApiRootResourceId: !Ref ApiRootResourceId diff --git a/aws/cloudformation-templates/services/serverless-service/_template.yaml b/aws/cloudformation-templates/services/serverless-service/_template.yaml index 0a0f948fb..24dbfb19b 100644 --- a/aws/cloudformation-templates/services/serverless-service/_template.yaml +++ b/aws/cloudformation-templates/services/serverless-service/_template.yaml @@ -31,7 +31,7 @@ Parameters: ApiRootResourceId: Type: String - UserPoolArn: + ApiGatewayAuthorizer: Type: String Resources: @@ -56,17 +56,6 @@ Resources: ParentId: !Ref ApiRootResourceId PathPart: !Ref Path - ApiGatewayAuthorizer: - Type: AWS::ApiGateway::Authorizer - Properties: - Name: PerspectiveAuthorizer - RestApiId: !Ref RestApiId - AuthorizerResultTtlInSeconds: 300 - IdentitySource: method.request.header.Authorization - ProviderARNs: - - !Ref UserPoolArn - Type: COGNITO_USER_POOLS - Method: Type: AWS::ApiGateway::Method Properties: diff --git a/aws/cloudformation-templates/template.yaml b/aws/cloudformation-templates/template.yaml index 99c593dfd..4133b886d 100644 --- a/aws/cloudformation-templates/template.yaml +++ b/aws/cloudformation-templates/template.yaml @@ -245,7 +245,7 @@ Resources: GitHubToken: !Ref GitHubToken GitHubUser: !Ref GitHubUser UserPoolId: !GetAtt Base.Outputs.UserPoolId - UserPoolArn: !GetAtt Base.Outputs.UserPoolArn + ApiGatewayAuthorizer: !GetAtt Base.Outputs.ApiGatewayAuthorizer UserPoolClientId: !GetAtt Base.Outputs.UserPoolClientId IdentityPoolId: !GetAtt Base.Outputs.IdentityPoolId StackBucketName: !GetAtt Base.Outputs.StackBucketName diff --git a/src/aws-lambda/recipes/bundle.sh b/src/aws-lambda/recipes/bundle.sh index 2ee76ac52..2e7cfdeb7 100755 --- a/src/aws-lambda/recipes/bundle.sh +++ b/src/aws-lambda/recipes/bundle.sh @@ -19,4 +19,4 @@ cd ${OLDPWD} echo "Adding Lambda function source code to package" zip -g ${PACKAGE_FILE} ${LAMBDA_SOURCE} -echo "Done!" \ No newline at end of file +echo "Done!" diff --git a/src/aws-lambda/recipes/recipes.py b/src/aws-lambda/recipes/recipes.py index 48eb5e9b8..c47a77a3b 100644 --- a/src/aws-lambda/recipes/recipes.py +++ b/src/aws-lambda/recipes/recipes.py @@ -11,4 +11,4 @@ def handler(event, _): else: return { "statusCode": 405 - } \ No newline at end of file + }