如何使用cloudformation创建私有AWS Api网关? [英] How to create a private AWS Api Gateway using cloudformation?
本文介绍了如何使用cloudformation创建私有AWS Api网关?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试创建PRIVATE类型的AWS API网关,
这需要资源策略,因为我能够从AWS控制台创建网关,所以我具有该策略。
我想知道如何通过CF模板添加资源策略-
I am trying to create an AWS API Gateway of PRIVATE type,
This requires a resource policy, which I have as I'm able to create the gateway from the AWS Console,
I wanted to know how I could add the resource policy via the CF template -
以下是对资源策略的粗俗定义-
x-amazon-apigateway-policy:
Version: "2012-10-17"
Statement:
- Effect: "Deny"
Principal: "*"
Action: "execute-api:Invoke"
Resource: "arn:aws:execute-api:us-east-1:awsAccountId:xxxx/*/*/*"
Condition:
StringNotEquals:
aws:sourceVpc: "vpc-xxxxx"
- Effect: "Allow"
Principal: "*"
Action: "execute-api:Invoke"
Resource: "arn:aws:execute-api:us-east-1:xxxx:xxxx/*/*/*"
如何在CF模板中进行配置-
AWSTemplateFormatVersion: 2010-09-09
Transform: 'AWS::Serverless-2016-10-31'
Description: G2G Api Template Stack
Resources:
g2gPrivate:
Type: 'AWS::ApiGateway::RestApi'
Properties:
Name: 'private-gw'
EndpointConfiguration:
Types:
- PRIVATE
参考-
https://docs.aws.amazon.com/AWSCloudFormation/最新/UserGuide/aws-resource-apigateway-restapi.html
推荐答案
您需要根据密钥(称为 Poli cy
与 Name
处于同一级别。
You need to supply the policy under a key (called Policy
at the same level as Name
.
需要提供
类似...
AWSTemplateFormatVersion: 2010-09-09
Transform: 'AWS::Serverless-2016-10-31'
Description: G2G Api Template Stack
Resources:
g2gPrivate:
Type: 'AWS::ApiGateway::RestApi'
Properties:
Name: 'private-gw'
EndpointConfiguration:
Types:
- PRIVATE
Policy: !Sub |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:us-east-1:${AWS::AccountId}:*/*/*/*",
"Condition": {
"StringNotEquals": {
"aws:sourceVpc": "vpc-xxxxx"
}
}
},
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:us-east-1:${AWS::AccountId}:*/*/*/*"
}
]
}
这篇关于如何使用cloudformation创建私有AWS Api网关?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文