My stack is referencing a resource that has been deleted (long story short it's been deleted because we use Serverless for API GW and async routes at the same time).
When I look at CloudFormation I see the resource and its ID. However the resource does not exist anymore. Is there a way to remove this reference or update it? Note that the new resource was created separately using AWS CLI, not through CloudFormation updates.
Here's an image to the resource I am talking about
This command aws apigateway get-authorizers --rest-api-id however does show the correct ID for the authorizer. It's the cloudformation console Resources tab that shows it outdated.
I solved this by using the handy DefinitionBody property under Properties. You can define your API Gateway methods, authorizer and other things using OpenAPI specification. Just include the correct syntax under that property DefinitionBody.
The way I found out my DefinitionBody was by exporting an existing API gateway from the API Gateway console (API GW -> Stages -> choose stage and click on Export tab, choose Export as Swagger + API Gateway Extensions) and modifying it according to my needs. You can see the screenshot of this tab in my answer here: Defining authorizer and using it in API Gateway using Open API
OpenAPI docs can be found here: https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md
Related
I'm new to api gateway stuff and have created an api gateway using terraform on aws. Now I want to expose more apis on the same api gateway. I have used the body argument on Terraform which takes a definition file. If I use a new open api definition, my existing ones are replaced by Terraform. What is the best way in this situation. Appending new apis to openapi file or?
please advise.
Currently, my API gateway execution logs are getting logged in cloud-watch in some random path of a particular format. Is there a way for me to customize that log path in SAM Template while deploying the API gateway ??
No, as of April 2021, execution logs are fully managed by AWS API Gateway and the log group name will be in form of API-Gateway-Execution-Logs_{rest-api-id}/{stage_name} and the format is pre-defined.
On a different note: You can define the CloudWatch target ARN and format of access logs though if you have this enabled but this is a different set of logs.
If you are using SAM, you can explicitly define your API using the AWS::Serverless::Api resource type. This type as a property called AccessLogSetting that allows you to provide the ARN of a CloudWatch group to send the the access logs to.
Also check out this guide which doesn't go into SAM automation but explains API Gateway logging configurations and what is possible, a good read.
https://www.alexdebrie.com/posts/api-gateway-access-logs/
I am new to this whole serverless framework. I created my first serverless function as documented here https://www.npmjs.com/package/serverless#quick-start. Next when I do a "serverless invoke" it works. I am confused how this works, the questions I have around this are
There does not seem to be an API gateway created so how can it invoke?
There are also stages mentioned in the serverless.yml file, I'm not sure what these translate to
Any help on this is highly appreciated.
First of all the default code comes with the AWS template, is only having a Lambda function declared. Let me try to answer your questions inline.
There does not seem to be an API gateway created so how can it invoke?
Yes, since there is no API Gateway created, its not possible to invoke the Lambda through URLs. However, it is possible to invoke the Lambda using AWS CLI or SDKs which is what Serverless Framework is providing with "serverless invoke". To create a API Gateway, you need to add an event object to the function code as shown below.
functions:
hello:
handler: handler.hello
events:
- http:
method: get
path: hello
There are also stages mentioned in the serverless.yml file, I'm not
sure what these translate to
When you define a stage in serverless.yml file, after the deployment, it creates a stage in API Gateway including it in the API Gateway URL path as shown below.
https://your-api/<stage-you-defined>/resurce-methods
Note: that if you setup a custom certificate for API Gateway, then you have option to setup your own custom paths.
Also its important to note that, although API Gateway supported this feature to have different stages(e.g test, staging, production) of a Single API Gateway deployment, latest Serverless Framework doesn't use this feature. Instead when you define a new stages, it will deploy a whole new API Gateway with the new stage. Serverless Framework has the argument for separating the API Gateway and having a single stage to self-contain each stage for isolation.
You can attach an API gateway for invoking your lambda
Or
You can get event driven. Where your lambda gets invoked in response to some events like a new message in AWS SNS or when a new object gets created in S3
Or
You can have scheduled invocations using cloudwatch trigger events
For a comprehensive list of events that can invoke lambda see Invoking Lambda Functions
As documented in AWS Regions and Endpoints there are HTTPS endpoints for Lambda. For example, in the us-east-1 region the endpoint is https://lambda.us-east-1.amazonaws.com. This is how you're able to call a Lambda directly without the API gateway. API gateway can add additional functionality and puts a full HTTP protocol on top of a Lambda.
I'm building an API using AWS API Gateway and AWS Lambda. I would like to achieve continuous delivery for this API. The path I've chosen to do it is to use CloudFormation through AWS CodePipeline. I've managed to to it for another project using Lambdas (without API Gateway), it works perfectly and it is really pleasant to use.
The issue I'm facing when deploying is that the Lambdas are properly updated but not the API definition. From what I understand, the AWS::ApiGateway::Deployment are immutable resources which means that for each deployment of the API I need to create a new AWS::ApiGateway::Deployment resource. This is not practical at all because for each of this AWS::ApiGateway::Deployment I have a new Invoke URL. This is not acceptable since I would have to either change my DNS record to the newly deployed API invoke URL or ask our API users to change the URL in their applications.
What I would like is to be able to change the API definition and the Lambdas implementations without my API users having to change anything in their applications.
How can I achieve this behavior?
I created a tutorial to highlight my issue. You can find it at: https://github.com/JonathanGailliez/aws-api-gateway-lambda-example
As per: https://forums.aws.amazon.com/thread.jspa?messageID=789869󀵭
joey-aws says:
We are currently in the process of rolling out a solution which
addresses this exact problem. In the meantime, a common workaround
would be to update something small, such as a "description" field
which could then be used to "trigger" an API Gateway deployment when
updating the CloudFormation stack.
I'll update this answer and the example repo once it's rolled out.
You could run a Cloudformation update from the command line or in the AWS console. This would change the API definitions and any lambda code without changing the unique id to access your gateway.
The other option is to put your API behind a custom domain name and then you could keep deploy a new API or stage and switch over the custom domain mapping when you are ready. The users wouldn't recognize any change.
A way to achieve that is by leveraging existing frameworks like
AWS SAM
Serverless
Claudia
I was able to achieve this by using CloudFormation template generated by troposphere and boto3 api in Python as follows:
Split the template into two parts
API definition, Method(s), IAM roles, ApiKey and Lambda (a)
Deployment, UsagePlan and UsagePlanKey (b)
Once changed Lambda code is zipped up and uploaded to S3 using boto3 api
Stack (b) is deleted
Stack (a) is updated with new resource id for the GET method connected to lambda
Stack (b) is created anew
Steps 3, 4, 5 are performed using CloudFormation boto3 api with blocking until completed.
Most importantly after all steps are done ApiKey value and stage Invoke URL remain the same, running updated Lambda code as tested with curl.
Note: it may take additional 30-60s for API to become fully functional after CloudFormation update is completed.
We are using Amazon Gateway API and currently we describe API endpoints manually through the web console.
Is it possible to create definition of API in some file(s) and import it?
Why do we need this:
We want every change in the API be reviewed (it's our development process) by other people.
In case if API is deleted or broken accidently, we want to be able to restore it easily.
By now the only solution I see is to write script, based on aws apigateway command line command that creates all resources and methods.
But probably there is a better way to do it?
Thanks!
P.S. It may partially overlaps with this question: exporting api definition from AWS api gateway.
I think the Swagger Importer feature of AWS API Gateway is what you are looking for: https://aws.amazon.com/about-aws/whats-new/2015/07/introducing-swagger-importer-easily-import-swagger-api-definitions-into-amazon-api-gateway/
You can export your API definition with API Gateway extensions into swagger format. Then you use the API Gateway API importer to import/update your API.
If you are backing your API Gateway endpoints with Lambda functions you may want to check out the serverless project https://github.com/serverless/serverless
Using this framework you have a JSON file that describes your endpoints and binds them to your Lambda code in the same project structure. The tool lets you deploy the endpoints or code from the command line. It also allows you to manage other AWS resources in a CloudFormation template in the same project structure and deploy it from the command line.