如何使用cloudformation创建私有AWS Api网关? [英] How to create a private AWS Api Gateway using cloudformation?

查看:121
本文介绍了如何使用cloudformation创建私有AWS Api网关?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试创建PRIVATE类型的AWS API网关,

这需要资源策略,因为我能够从AWS控制台创建网关,所以我具有该策略。

我想知道如何通过CF模板添加资源策略-

I am trying to create an AWS API Gateway of PRIVATE type,
This requires a resource policy, which I have as I'm able to create the gateway from the AWS Console,
I wanted to know how I could add the resource policy via the CF template -

以下是对资源策略的粗俗定义- 

x-amazon-apigateway-policy:
  Version: "2012-10-17"
  Statement:
  - Effect: "Deny"
    Principal: "*"
    Action: "execute-api:Invoke"
    Resource: "arn:aws:execute-api:us-east-1:awsAccountId:xxxx/*/*/*"
    Condition:
      StringNotEquals:
        aws:sourceVpc: "vpc-xxxxx"
  - Effect: "Allow"
    Principal: "*"
    Action: "execute-api:Invoke"
    Resource: "arn:aws:execute-api:us-east-1:xxxx:xxxx/*/*/*"

如何在CF模板中进行配置- 

AWSTemplateFormatVersion: 2010-09-09
Transform: 'AWS::Serverless-2016-10-31'
Description: G2G Api Template Stack

Resources:
   g2gPrivate:
    Type: 'AWS::ApiGateway::RestApi'
    Properties:
      Name: 'private-gw'
      EndpointConfiguration:
        Types:
          - PRIVATE

参考-

https://docs.aws.amazon.com/AWSCloudFormation/最新/UserGuide/aws-resource-apigateway-restapi.html

https://medium.com/@cathmgarcia/conditional-resource-policy-on-aws-sam -with-inline-swagger-816ce946dbb

推荐答案

您需要根据密钥(称为 Poli cy Name 处于同一级别。

You need to supply the policy under a key (called Policy at the same level as Name.

https://docs.aws.amazon .com / AWSCloudFormation / latest / UserGuide / aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-policy

需要提供

类似... 

AWSTemplateFormatVersion: 2010-09-09
Transform: 'AWS::Serverless-2016-10-31'
Description: G2G Api Template Stack

Resources:
   g2gPrivate:
    Type: 'AWS::ApiGateway::RestApi'
    Properties:
      Name: 'private-gw'
      EndpointConfiguration:
        Types:
          - PRIVATE
      Policy: !Sub |
        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Deny",
              "Principal": "*",
              "Action": "execute-api:Invoke",
              "Resource": "arn:aws:execute-api:us-east-1:${AWS::AccountId}:*/*/*/*",
              "Condition": {
                "StringNotEquals": {
                  "aws:sourceVpc": "vpc-xxxxx"
                }
              }
            },
            {
              "Effect": "Allow",
              "Principal": "*",
              "Action": "execute-api:Invoke",
              "Resource": "arn:aws:execute-api:us-east-1:${AWS::AccountId}:*/*/*/*"
            }
          ]
        }

这篇关于如何使用cloudformation创建私有AWS Api网关?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆