how to get arn of AWS::ApiGateway::Method - amazon-web-services

here i want to get arn of AWS::ApiGateway::Method in AWS::Lambda::Permission "SourceArn" property
here how i am how to get arn
when i am using Fn::GetAtt in SourceArn to get lambdaAPOSTMethod or lambdaBPOSTMethod arn its showing error saying Fn::GetAtt is not for AWS::ApiGateway::Method part
i saw we can do something like SourceArn: !Join [ ":", ["arn:aws:execute-api", !Ref AWS::Region, !Ref AWS::AccountId, !Ref ApiGatewayRestApi, "/*/POST/" ] ]
but i want something simple solution something like ref apigatewmethod
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": { "Environment": { "Type": "String" } },
"Resources":
{
"APIGatewayRestAPI":
{
"Type": "AWS::ApiGateway::RestApi",
"Properties": { "Name": { "Fn::Sub": "avllano-${Environment}" } },
},
"lambdaBResource":
{
"Type": "AWS::ApiGateway::Resource",
"Properties":
{
"RestApiId": { "Ref": "APIGatewayRestAPI" },
"ParentId":
{ "Fn::GetAtt": ["APIGatewayRestAPI", "RootResourceId"] },
"PathPart": { "Fn::Sub": "lambdaB-${Environment}" },
},
"DependsOn": ["APIGatewayRestAPI"],
},
"lambdaBPOSTMethod":
{
"Type": "AWS::ApiGateway::Method",
"Properties":
{
"RestApiId": { "Ref": "APIGatewayRestAPI" },
"ResourceId": { "Ref": "lambdaBResource" },
"HttpMethod": "POST",
"AuthorizationType": "AWS_IAM",
"MethodResponses": [{ "StatusCode": 200 }],
"Integration":
{
"Type": "AWS_PROXY",
"IntegrationResponses": [{ "StatusCode": 200 }],
"IntegrationHttpMethod": "POST",
"Uri":
{
"Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:lambdaB-${Environment}/invocations",
},
},
},
"DependsOn": ["lambdaBResource"],
},
"APIGatewayDeployment":
{
"Type": "AWS::ApiGateway::Deployment",
"Properties":
{
"RestApiId": { "Ref": "APIGatewayRestAPI" },
"StageName": { "Ref": "Environment" },
},
"DependsOn": ["lambdaAPOSTMethod", "lambdaBPOSTMethod"],
},
"lambdaAPermission":
{
"Type": "AWS::Lambda::Permission",
"Properties":
{
"Action": "lambda:InvokeFunction",
"FunctionName":
{
"Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:lambdaA-${Environment}",
},
"Principal": "apigateway.amazonaws.com",
"SourceArn" : ?
},
"DependsOn": ["APIGatewayDeployment"],
},
"lambdaBPermission":
{
"Type": "AWS::Lambda::Permission",
"Properties":
{
"Action": "lambda:InvokeFunction",
"FunctionName":
{
"Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:lambdaB-${Environment}",
},
"Principal": "apigateway.amazonaws.com",
"SourceArn" : ?
},
"DependsOn": ["APIGatewayDeployment"],
},
},
}


Refs and GetAtts are not consistently implemented for CloudFormation resource types. You can find them towards the bottom of each doc page, before the examples. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-method.html
In this case you will have to use Join or Sub to construct the Arn.

Related

How to solve JSON error on AWS Bad String?

Don't know where is the bad string here, someone can help me?
It appears like a bad error message on the AWS Console, but i can't find what am i missing here.
This script is to create VPCs, Routes, IGW and a Palo Alto Firewall, think that the problem is some ] or } that i am missing.
Do we have a tool to analyze it, instead of searching manually?
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "PANW Firewall (sample-cft).",
"Parameters": {
"BootstrapBucketName":{
"Description": "Bucket name for FW bootstrap configuration",
"Type": "String"
},
"ServerKeyName": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the FW (Hint: You MUST have its private key)",
"Type": "AWS::EC2::KeyPair::KeyName"
}
},
"Mappings": {
"PANFWRegionMap" : {
"us-west-2" : { "AMI": "ami-d28992ab"},
"ap-northeast-1" : { "AMI": "ami-ab04e7cd"},
"us-west-1" : { "AMI": "ami-0f88a16f"},
"ap-northeast-2" : { "AMI": "ami-6cbd6402"},
"ap-southeast-1" : { "AMI": "ami-1897057b"},
"ap-southeast-2" : { "AMI": "ami-8ed3cced"},
"eu-central-1" : { "AMI": "ami-6df35f02"},
"eu-west-1" : { "AMI": "ami-86d63eff"},
"eu-west-2" : { "AMI": "ami-3c170658"},
"sa-east-1" : { "AMI": "ami-15651279"},
"us-east-1" : { "AMI": "ami-0d7ef242edccdad95"},
"us-east-2" : { "AMI": "ami-f1200094"},
"ca-central-1" : { "AMI": "ami-0f08b76b"},
"ap-south-1" : { "AMI": "ami-1ffc8470"}
},
"Resources": {
"BootstrapRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
} ]
},
"Path":"/",
"Policies": [ {
"PolicyName" : "BootstrapRolePolicy",
"PolicyDocument": {
"Version" : "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": { "Fn::Join" : ["", [ "arn:aws:s3:::", { "Ref" : "BootstrapBucketName" }]]}
},
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": { "Fn::Join" : ["", [ "arn:aws:s3:::", { "Ref" : "BootstrapBucketName" } , "/*" ]]}
}]
}
}]
}
},
"BootstrapInstanceProfile":{
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [ {
"Ref": "BootstrapRole"
}]
}
},
"NewVPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"InstanceTenancy": "default",
"EnableDnsSupport": "true",
"EnableDnsHostnames": "true",
"Tags": [{ "Key": "Name", "Value": "PAN Sample CFT" }]
}
},
"PublicElasticIP": {
"Type" : "AWS::EC2::EIP",
"Properties" : {
"Domain" : "vpc"
},
"DependsOn": [ "NewVPC" ]
},
"ManagementElasticIP": {
"Type" : "AWS::EC2::EIP",
"Properties" : {
"Domain" : "vpc"
},
"DependsOn": [ "NewVPC" ]
},
"NewDBSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.2.0/24",
"VpcId": {"Ref": "NewVPC"},
"AvailabilityZone": "" ,
"Tags": [{ "Key": "Name", "Value": "PAN Sample CFT" }]
},
"DependsOn": "NewVPC"
},
"NewPublicSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.0.0/24",
"VpcId": {"Ref": "NewVPC"},
"AvailabilityZone": { "Fn::GetAtt" : [ "NewDBSubnet", "AvailabilityZone" ] },
"Tags": [{ "Key": "Name", "Value": "PAN Sample CFT" }]
},
"DependsOn": [ "NewVPC", "NewDBSubnet" ]
},
"NewWebSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.1.0/24",
"AvailabilityZone": { "Fn::GetAtt" : [ "NewDBSubnet", "AvailabilityZone" ] },
"VpcId": {"Ref": "NewVPC"},
"Tags": [{ "Key": "Name", "Value": "PAN Sample CFT" }]
},
"DependsOn":[ "NewVPC", "NewDBSubnet" ]
},
"igweb3def8e": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [{ "Key": "Name", "Value": "PAN Sample CFT" }]
}
},
"dopt21c7d043": {
"Type": "AWS::EC2::DHCPOptions",
"Properties": {
"DomainName": "us-west-2.compute.internal",
"DomainNameServers": [
"AmazonProvidedDNS"
]
}
},
"aclb765d6d2": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {"Ref": "NewVPC"}
}
},
"rtb059a2460": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {"Ref": "NewVPC"}
}
},
"rtb049a2461": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {"Ref": "NewVPC"}
}
},
"FWManagementNetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 MGMT",
"SubnetId": {"Ref": "NewPublicSubnet"},
"SourceDestCheck": "false",
"PrivateIpAddresses": [
{
"PrivateIpAddress": "10.0.0.99",
"Primary": "true"
}
],
"GroupSet": [{"Ref": "sgWideOpen"}],
"Tags": [{"Key": "Name","Value": "WP AWS FW1 MGMT"}]
},
"DependsOn": [ "sgWideOpen" ]
},
"FWPublicNetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/1",
"SubnetId": {"Ref": "NewPublicSubnet"},
"SourceDestCheck": "false",
"PrivateIpAddresses": [
{
"PrivateIpAddress": "10.0.0.100",
"Primary": "true"
}
],
"GroupSet": [{"Ref": "sgWideOpen"}],
"Tags": [{"Key": "Name","Value": "WP AWS FW1 E1/1"}]
},
"DependsOn": [ "sgWideOpen" ]
},
"FWPrivate12NetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/2",
"SubnetId": {"Ref": "NewWebSubnet"},
"SourceDestCheck": "false",
"PrivateIpAddresses": [
{
"PrivateIpAddress": "10.0.1.11",
"Primary": "true"
}
],
"GroupSet": [{"Ref": "sgWideOpen"}],
"Tags": [{"Key": "Name","Value": "WP AWS FW1 E1/2"}]
},
"DependsOn": [ "sgWideOpen" ]
},
"FWPrivate13NetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/3",
"SubnetId": {"Ref": "NewDBSubnet"},
"SourceDestCheck": "false",
"PrivateIpAddresses": [
{
"PrivateIpAddress": "10.0.2.11",
"Primary": "true"
}
],
"GroupSet": [{"Ref": "sgWideOpen"}],
"Tags": [{"Key": "Name", "Value": "WP AWS FW1 E1/3"}]
},
"DependsOn": [ "sgWideOpen" ]
},
"FWEIPMAnagementAssociation": {
"Type": "AWS::EC2::EIPAssociation",
"Properties": {
"AllocationId": { "Fn::GetAtt": [ "ManagementElasticIP", "AllocationId" ] },
"NetworkInterfaceId": { "Ref": "FWManagementNetworkInterface" }
},
"DependsOn": [ "FWManagementNetworkInterface", "ManagementElasticIP" ]
},
"FWEIPPublicAssociation": {
"Type": "AWS::EC2::EIPAssociation",
"Properties": {
"AllocationId": { "Fn::GetAtt": [ "PublicElasticIP", "AllocationId" ] },
"NetworkInterfaceId": { "Ref": "FWPublicNetworkInterface" }
},
"DependsOn": [ "FWPublicNetworkInterface", "PublicElasticIP" ]
},
"sgWideOpen": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Wide open security group",
"VpcId": {"Ref": "NewVPC"},
"Tags": [{"Key": "Name","Value": "Lab External SG"}],
"SecurityGroupIngress" : [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"SecurityGroupEgress" : [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
]
}
},
"acl1": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Egress": "true",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "aclb765d6d2"
}
}
},
"acl2": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "aclb765d6d2"
}
}
},
"subnetacl1": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {"Ref": "aclb765d6d2"},
"SubnetId": {"Ref": "NewDBSubnet"}
}
},
"subnetacl2": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {"Ref": "aclb765d6d2"},
"SubnetId": {"Ref": "NewPublicSubnet"}
}
},
"subnetacl3": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {"Ref": "aclb765d6d2"},
"SubnetId": {"Ref": "NewWebSubnet"}
}
},
"gw1": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {"Ref": "NewVPC"},
"InternetGatewayId": {"Ref": "igweb3def8e"}
}
},
"subnetroute2": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {"Ref": "rtb049a2461"},
"SubnetId": {"Ref": "NewPublicSubnet"}
}
},
"route1": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {"Ref": "rtb059a2460"},
"GatewayId": {"Ref": "igweb3def8e"}
},
"DependsOn": "gw1"
},
"route2": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {"Ref": "rtb049a2461"},
"GatewayId": {"Ref": "igweb3def8e"}
},
"DependsOn": "gw1"
},
"dchpassoc1": {
"Type": "AWS::EC2::VPCDHCPOptionsAssociation",
"Properties": {
"VpcId": {"Ref": "NewVPC"},
"DhcpOptionsId": {"Ref": "dopt21c7d043"}
}
},
"FWInstance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"DisableApiTermination": "false",
"IamInstanceProfile": {"Ref": "BootstrapInstanceProfile"},
"InstanceInitiatedShutdownBehavior": "stop",
"EbsOptimized": "true",
"ImageId": { "Fn::FindInMap" : [ "PANFWRegionMap", { "Ref" : "AWS::Region" }, "AMI" ] },
"InstanceType": "m4.xlarge",
"BlockDeviceMappings" :
[
{
"DeviceName" : "/dev/xvda",
"Ebs" :
{
"VolumeType" : "gp2",
"DeleteOnTermination" : "true",
"VolumeSize" : "60"
}
}
],
"KeyName": { "Ref" : "ServerKeyName" },
"Monitoring": "false",
"Tags": [{ "Key": "Name", "Value": "WP VM-Series Firewall" }],
"NetworkInterfaces": [
{
"NetworkInterfaceId": { "Ref": "FWManagementNetworkInterface"},
"DeviceIndex": 0
},
{
"NetworkInterfaceId": { "Ref": "FWPublicNetworkInterface"},
"DeviceIndex": 1
},
{
"NetworkInterfaceId": { "Ref": "FWPrivate12NetworkInterface"},
"DeviceIndex": 2
},
{
"NetworkInterfaceId": { "Ref": "FWPrivate13NetworkInterface"},
"DeviceIndex": 3
}
],
"UserData": { "Fn::Base64" : { "Fn::Join" : ["", [
"vmseries-bootstrap-aws-s3bucket=", { "Ref" : "BootstrapBucketName" }
]]}}
},
"DependsOn": [ "FWPublicNetworkInterface", "FWPrivate12NetworkInterface", "FWPrivate13NetworkInterface", "NewPublicSubnet" ]
},
"Outputs": {
"FirewallManagementURL": {
"Description": "VM-Series management interface URL",
"Value": { "Fn::Join" : ["", [
"https://",
{ "Ref": "ManagementElasticIP"}
]]}}
},
}]]
}
}
}

Yes, you had missing } and some extra ,. Below is valid json. The template may have other issues, but your current error is about invalid json, so I fixed only that. For new issues, please make new question.
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "PANW Firewall (sample-cft).",
"Parameters": {
"BootstrapBucketName": {
"Description": "Bucket name for FW bootstrap configuration",
"Type": "String"
},
"ServerKeyName": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the FW (Hint: You MUST have its private key)",
"Type": "AWS::EC2::KeyPair::KeyName"
}
},
"Mappings": {
"PANFWRegionMap": {
"us-west-2": {
"AMI": "ami-d28992ab"
},
"ap-northeast-1": {
"AMI": "ami-ab04e7cd"
},
"us-west-1": {
"AMI": "ami-0f88a16f"
},
"ap-northeast-2": {
"AMI": "ami-6cbd6402"
},
"ap-southeast-1": {
"AMI": "ami-1897057b"
},
"ap-southeast-2": {
"AMI": "ami-8ed3cced"
},
"eu-central-1": {
"AMI": "ami-6df35f02"
},
"eu-west-1": {
"AMI": "ami-86d63eff"
},
"eu-west-2": {
"AMI": "ami-3c170658"
},
"sa-east-1": {
"AMI": "ami-15651279"
},
"us-east-1": {
"AMI": "ami-0d7ef242edccdad95"
},
"us-east-2": {
"AMI": "ami-f1200094"
},
"ca-central-1": {
"AMI": "ami-0f08b76b"
},
"ap-south-1": {
"AMI": "ami-1ffc8470"
}
}
},
"Resources": {
"BootstrapRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}]
},
"Path": "/",
"Policies": [{
"PolicyName": "BootstrapRolePolicy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": {
"Fn::Join": ["", ["arn:aws:s3:::", {
"Ref": "BootstrapBucketName"
}]]
}
},
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": {
"Fn::Join": ["", ["arn:aws:s3:::", {
"Ref": "BootstrapBucketName"
}, "/*"]]
}
}
]
}
}]
}
},
"BootstrapInstanceProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [{
"Ref": "BootstrapRole"
}]
}
},
"NewVPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"InstanceTenancy": "default",
"EnableDnsSupport": "true",
"EnableDnsHostnames": "true",
"Tags": [{
"Key": "Name",
"Value": "PAN Sample CFT"
}]
}
},
"PublicElasticIP": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc"
},
"DependsOn": ["NewVPC"]
},
"ManagementElasticIP": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc"
},
"DependsOn": ["NewVPC"]
},
"NewDBSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.2.0/24",
"VpcId": {
"Ref": "NewVPC"
},
"AvailabilityZone": "",
"Tags": [{
"Key": "Name",
"Value": "PAN Sample CFT"
}]
},
"DependsOn": "NewVPC"
},
"NewPublicSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.0.0/24",
"VpcId": {
"Ref": "NewVPC"
},
"AvailabilityZone": {
"Fn::GetAtt": ["NewDBSubnet", "AvailabilityZone"]
},
"Tags": [{
"Key": "Name",
"Value": "PAN Sample CFT"
}]
},
"DependsOn": ["NewVPC", "NewDBSubnet"]
},
"NewWebSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.1.0/24",
"AvailabilityZone": {
"Fn::GetAtt": ["NewDBSubnet", "AvailabilityZone"]
},
"VpcId": {
"Ref": "NewVPC"
},
"Tags": [{
"Key": "Name",
"Value": "PAN Sample CFT"
}]
},
"DependsOn": ["NewVPC", "NewDBSubnet"]
},
"igweb3def8e": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [{
"Key": "Name",
"Value": "PAN Sample CFT"
}]
}
},
"dopt21c7d043": {
"Type": "AWS::EC2::DHCPOptions",
"Properties": {
"DomainName": "us-west-2.compute.internal",
"DomainNameServers": [
"AmazonProvidedDNS"
]
}
},
"aclb765d6d2": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {
"Ref": "NewVPC"
}
}
},
"rtb059a2460": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "NewVPC"
}
}
},
"rtb049a2461": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "NewVPC"
}
}
},
"FWManagementNetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 MGMT",
"SubnetId": {
"Ref": "NewPublicSubnet"
},
"SourceDestCheck": "false",
"PrivateIpAddresses": [{
"PrivateIpAddress": "10.0.0.99",
"Primary": "true"
}],
"GroupSet": [{
"Ref": "sgWideOpen"
}],
"Tags": [{
"Key": "Name",
"Value": "WP AWS FW1 MGMT"
}]
},
"DependsOn": ["sgWideOpen"]
},
"FWPublicNetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/1",
"SubnetId": {
"Ref": "NewPublicSubnet"
},
"SourceDestCheck": "false",
"PrivateIpAddresses": [{
"PrivateIpAddress": "10.0.0.100",
"Primary": "true"
}],
"GroupSet": [{
"Ref": "sgWideOpen"
}],
"Tags": [{
"Key": "Name",
"Value": "WP AWS FW1 E1/1"
}]
},
"DependsOn": ["sgWideOpen"]
},
"FWPrivate12NetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/2",
"SubnetId": {
"Ref": "NewWebSubnet"
},
"SourceDestCheck": "false",
"PrivateIpAddresses": [{
"PrivateIpAddress": "10.0.1.11",
"Primary": "true"
}],
"GroupSet": [{
"Ref": "sgWideOpen"
}],
"Tags": [{
"Key": "Name",
"Value": "WP AWS FW1 E1/2"
}]
},
"DependsOn": ["sgWideOpen"]
},
"FWPrivate13NetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/3",
"SubnetId": {
"Ref": "NewDBSubnet"
},
"SourceDestCheck": "false",
"PrivateIpAddresses": [{
"PrivateIpAddress": "10.0.2.11",
"Primary": "true"
}],
"GroupSet": [{
"Ref": "sgWideOpen"
}],
"Tags": [{
"Key": "Name",
"Value": "WP AWS FW1 E1/3"
}]
},
"DependsOn": ["sgWideOpen"]
},
"FWEIPMAnagementAssociation": {
"Type": "AWS::EC2::EIPAssociation",
"Properties": {
"AllocationId": {
"Fn::GetAtt": ["ManagementElasticIP", "AllocationId"]
},
"NetworkInterfaceId": {
"Ref": "FWManagementNetworkInterface"
}
},
"DependsOn": ["FWManagementNetworkInterface", "ManagementElasticIP"]
},
"FWEIPPublicAssociation": {
"Type": "AWS::EC2::EIPAssociation",
"Properties": {
"AllocationId": {
"Fn::GetAtt": ["PublicElasticIP", "AllocationId"]
},
"NetworkInterfaceId": {
"Ref": "FWPublicNetworkInterface"
}
},
"DependsOn": ["FWPublicNetworkInterface", "PublicElasticIP"]
},
"sgWideOpen": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Wide open security group",
"VpcId": {
"Ref": "NewVPC"
},
"Tags": [{
"Key": "Name",
"Value": "Lab External SG"
}],
"SecurityGroupIngress": [{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}],
"SecurityGroupEgress": [{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}]
}
},
"acl1": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Egress": "true",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "aclb765d6d2"
}
}
},
"acl2": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "aclb765d6d2"
}
}
},
"subnetacl1": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "aclb765d6d2"
},
"SubnetId": {
"Ref": "NewDBSubnet"
}
}
},
"subnetacl2": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "aclb765d6d2"
},
"SubnetId": {
"Ref": "NewPublicSubnet"
}
}
},
"subnetacl3": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "aclb765d6d2"
},
"SubnetId": {
"Ref": "NewWebSubnet"
}
}
},
"gw1": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "NewVPC"
},
"InternetGatewayId": {
"Ref": "igweb3def8e"
}
}
},
"subnetroute2": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "rtb049a2461"
},
"SubnetId": {
"Ref": "NewPublicSubnet"
}
}
},
"route1": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {
"Ref": "rtb059a2460"
},
"GatewayId": {
"Ref": "igweb3def8e"
}
},
"DependsOn": "gw1"
},
"route2": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {
"Ref": "rtb049a2461"
},
"GatewayId": {
"Ref": "igweb3def8e"
}
},
"DependsOn": "gw1"
},
"dchpassoc1": {
"Type": "AWS::EC2::VPCDHCPOptionsAssociation",
"Properties": {
"VpcId": {
"Ref": "NewVPC"
},
"DhcpOptionsId": {
"Ref": "dopt21c7d043"
}
}
},
"FWInstance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"DisableApiTermination": "false",
"IamInstanceProfile": {
"Ref": "BootstrapInstanceProfile"
},
"InstanceInitiatedShutdownBehavior": "stop",
"EbsOptimized": "true",
"ImageId": {
"Fn::FindInMap": ["PANFWRegionMap", {
"Ref": "AWS::Region"
}, "AMI"]
},
"InstanceType": "m4.xlarge",
"BlockDeviceMappings": [{
"DeviceName": "/dev/xvda",
"Ebs": {
"VolumeType": "gp2",
"DeleteOnTermination": "true",
"VolumeSize": "60"
}
}],
"KeyName": {
"Ref": "ServerKeyName"
},
"Monitoring": "false",
"Tags": [{
"Key": "Name",
"Value": "WP VM-Series Firewall"
}],
"NetworkInterfaces": [{
"NetworkInterfaceId": {
"Ref": "FWManagementNetworkInterface"
},
"DeviceIndex": 0
},
{
"NetworkInterfaceId": {
"Ref": "FWPublicNetworkInterface"
},
"DeviceIndex": 1
},
{
"NetworkInterfaceId": {
"Ref": "FWPrivate12NetworkInterface"
},
"DeviceIndex": 2
},
{
"NetworkInterfaceId": {
"Ref": "FWPrivate13NetworkInterface"
},
"DeviceIndex": 3
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": ["", [
"vmseries-bootstrap-aws-s3bucket=", {
"Ref": "BootstrapBucketName"
}
]]
}
}
},
"DependsOn": ["FWPublicNetworkInterface", "FWPrivate12NetworkInterface", "FWPrivate13NetworkInterface", "NewPublicSubnet"]
},
"Outputs": {
"FirewallManagementURL": {
"Description": "VM-Series management interface URL",
"Value": {
"Fn::Join": ["", [
"https://",
{
"Ref": "ManagementElasticIP"
}
]]
}
}
}
}
}

API gateway - message "select an integration response." when creating stack using cloudformation

This is what I am expecting to see in API Gateway after creating the stack.
But this is what's actually happen.
In the method response, it shows message "select an integration response.", but
I did add the model in the method response, and "HTTP status: Proxy" should be shown
What's going on?
resources.json
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"HelloWorldApi": {
"Type": "AWS::ApiGateway::RestApi",
"Properties": {
"Name": "hello-api",
"Description": "API used for practice",
"FailOnWarnings": true
}
},
"getBannerMethod": {
"Type": "AWS::ApiGateway::Method",
"DependsOn": ["HelloWorldApi"],
"Properties": {
"RestApiId": {
"Ref": "HelloWorldApi"
},
"ResourceId": {
"Ref": "BannerResource"
},
"HttpMethod": "GET",
"MethodResponses":[
{
"ResponseModels" : {"application/json" : "Empty"},
"ResponseParameters":{
"method.response.header.Access-Control-Allow-Origin": "'*'"
},
"StatusCode" : "200"
},
{
"StatusCode": "500"
}
],
"AuthorizationType": "NONE",
"Integration": {
"Credentials": {
"Fn::ImportValue": {
"Fn::Sub": "${RolesStack}-ApiGatewayRoleArn"
}
},
"IntegrationHttpMethod": "POST",
"Type": "AWS_PROXY",
"Uri": {
"Fn::Join": ["",
[
"arn:aws:apigateway:",
{
"Ref": "AWS::Region"
},
":lambda:path/2015-03-31/functions/",
{
"Fn::GetAtt": ["getBannerHandler", "Arn"]
},
"/invocations"
]
]
}
}
}
}
}
}

Just add this inside Integration :
"IntegrationResponses": [{
"ResponseParameters":{
"method.response.header.Access-Control-Allow-Origin": "'*'"
},
"StatusCode" : "200"
}]
This below block
"MethodResponses":[
{
"ResponseModels" : {"application/json" : "Empty"},
"ResponseParameters":{
"method.response.header.Access-Control-Allow-Origin": "'*'"
},
"StatusCode" : "200"
},
{
"StatusCode": "500"
}
],
is set for method response level. You are looking at lambda means integration response level. For that you have to set IntegrationResponses.
Full template :
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"HelloWorldApi": {
"Type": "AWS::ApiGateway::RestApi",
"Properties": {
"Name": "hello-api",
"Description": "API used for practice",
"FailOnWarnings": true
}
},
"getBannerMethod": {
"Type": "AWS::ApiGateway::Method",
"DependsOn": ["HelloWorldApi"],
"Properties": {
"RestApiId": {
"Ref": "HelloWorldApi"
},
"ResourceId": {
"Ref": "BannerResource"
},
"HttpMethod": "GET",
"MethodResponses":[
{
"ResponseModels" : {"application/json" : "Empty"},
"ResponseParameters":{
"method.response.header.Access-Control-Allow-Origin": "'*'"
},
"StatusCode" : "200"
},
{
"StatusCode": "500"
}
],
"AuthorizationType": "NONE",
"Integration": {
"Credentials": {
"Fn::ImportValue": {
"Fn::Sub": "${RolesStack}-ApiGatewayRoleArn"
}
},
"IntegrationHttpMethod": "POST",
"IntegrationResponses": [{
"ResponseParameters":{
"method.response.header.Access-Control-Allow-Origin": "'*'"
},
"StatusCode" : "200"
}],
"Type": "AWS_PROXY",
"Uri": {
"Fn::Join": ["",
[
"arn:aws:apigateway:",
{
"Ref": "AWS::Region"
},
":lambda:path/2015-03-31/functions/",
{
"Fn::GetAtt": ["getBannerHandler", "Arn"]
},
"/invocations"
]
]
}
}
}
}
}
}

For those looking for the quick hack workaround to get it working from the console (like me).
I found the answer here: https://github.com/hashicorp/terraform-provider-aws/issues/11561
The only way to fix this issue is to login to the AWS Console and the do the following:
Go to "Integration request" and then uncheck "Use Lambda Proxy integration" and then check it again.
After performing the above steps the Method response correctly shows the mapped model.

aws cloudformation - Encountered unsupported property RequestValidatorId

I was trying to create a requestValidator and use it in my request by
"RequestValidatorId": {
"Ref": "PostRequestValidator"
}
.
It should return the id of the requestValidator according to the doc.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-requestvalidator.html
But below error occurs.
Logical ID: postBannerMethod
Encountered unsupported property RequestValidatorId
resources.json
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"RolesStack": {
"Type": "String",
"Default": "admin-iam-roles"
},
"HandlerCodeS3Bucket": {
"Type": "String",
"Default": "admin-lambda-sourcecode"
},
"HandlerCodeS3BucketLayer": {
"Type": "String",
"Default": "admin-lambda-sourcecode/layers"
},
"HandlerCodeS3Key": {
"Type": "String",
"Default": "helloWorld.zip"
}
},
"Resources": {
"MyLayer": {
"Type": "AWS::Lambda::LayerVersion",
"Properties": {
"CompatibleRuntimes": [
"nodejs12.x"
],
"Content": {
"S3Bucket": {
"Ref": "HandlerCodeS3Bucket"
},
"S3Key": "imageUploadLayer.zip"
},
"Description": "My layer",
"LayerName": "imageLayer",
"LicenseInfo": "MIT"
}
},
"createBannerHandler": {
"Type": "AWS::Lambda::Function",
"Properties": {
"FunctionName": "createBanner",
"Handler": "createBanner.handler",
"Role": {
"Fn::ImportValue": {
"Fn::Sub": "${RolesStack}-LambdaRoleArn"
}
},
"Code": {
"S3Bucket": {
"Ref": "HandlerCodeS3Bucket"
},
"S3Key":"createBanner.zip"
},
"Layers": [
{
"Ref": "MyLayer"
}
],
"Runtime": "nodejs12.x"
}
},
"HelloWorldApi": {
"Type": "AWS::ApiGateway::RestApi",
"Properties": {
"Name": "hello-api",
"Description": "API used for practice",
"FailOnWarnings": true
}
},
"PostRequestValidator": {
"Type" : "AWS::ApiGateway::RequestValidator",
"Properties" : {
"Name" : "PostRequestValidator",
"RestApiId" : {
"Ref": "HelloWorldApi"
},
"ValidateRequestBody" : true,
"ValidateRequestParameters" : false
}
},
"BannerResource": {
"Type": "AWS::ApiGateway::Resource",
"Properties": {
"RestApiId": {
"Ref": "HelloWorldApi"
},
"ParentId": {
"Fn::GetAtt": [
"HelloWorldApi",
"RootResourceId"
]
},
"PathPart": "banner"
}
},
"postBannerMethod": {
"Type": "AWS::ApiGateway::Method",
"DependsOn": ["HelloWorldApi"],
"Properties": {
"RestApiId": {
"Ref": "HelloWorldApi"
},
"ResourceId": {
"Ref": "BannerResource"
},
"HttpMethod": "POST",
"AuthorizationType": "NONE",
"Integration": {
"Credentials": {
"Fn::ImportValue": {
"Fn::Sub": "${RolesStack}-ApiGatewayRoleArn"
}
},
"IntegrationHttpMethod": "POST",
"Type": "AWS_PROXY",
"RequestValidatorId": {
"Ref": "PostRequestValidator"
},
"Uri": {
"Fn::Join": ["",
[
"arn:aws:apigateway:",
{
"Ref": "AWS::Region"
},
":lambda:path/2015-03-31/functions/",
{
"Fn::GetAtt": ["createBannerHandler", "Arn"]
},
"/invocations"
]
]
}
}
}
}
}
}

Your RequestValidatorId is one level to deep. It should be in AWS::ApiGateway::Method, not in Integration:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"RolesStack": {
"Type": "String",
"Default": "admin-iam-roles"
},
"HandlerCodeS3Bucket": {
"Type": "String",
"Default": "admin-lambda-sourcecode"
},
"HandlerCodeS3BucketLayer": {
"Type": "String",
"Default": "admin-lambda-sourcecode/layers"
},
"HandlerCodeS3Key": {
"Type": "String",
"Default": "helloWorld.zip"
}
},
"Resources": {
"MyLayer": {
"Type": "AWS::Lambda::LayerVersion",
"Properties": {
"CompatibleRuntimes": [
"nodejs12.x"
],
"Content": {
"S3Bucket": {
"Ref": "HandlerCodeS3Bucket"
},
"S3Key": "imageUploadLayer.zip"
},
"Description": "My layer",
"LayerName": "imageLayer",
"LicenseInfo": "MIT"
}
},
"createBannerHandler": {
"Type": "AWS::Lambda::Function",
"Properties": {
"FunctionName": "createBanner",
"Handler": "createBanner.handler",
"Role": {
"Fn::ImportValue": {
"Fn::Sub": "${RolesStack}-LambdaRoleArn"
}
},
"Code": {
"S3Bucket": {
"Ref": "HandlerCodeS3Bucket"
},
"S3Key": "createBanner.zip"
},
"Layers": [
{
"Ref": "MyLayer"
}
],
"Runtime": "nodejs12.x"
}
},
"HelloWorldApi": {
"Type": "AWS::ApiGateway::RestApi",
"Properties": {
"Name": "hello-api",
"Description": "API used for practice",
"FailOnWarnings": true
}
},
"PostRequestValidator": {
"Type": "AWS::ApiGateway::RequestValidator",
"Properties": {
"Name": "PostRequestValidator",
"RestApiId": {
"Ref": "HelloWorldApi"
},
"ValidateRequestBody": true,
"ValidateRequestParameters": false
}
},
"BannerResource": {
"Type": "AWS::ApiGateway::Resource",
"Properties": {
"RestApiId": {
"Ref": "HelloWorldApi"
},
"ParentId": {
"Fn::GetAtt": [
"HelloWorldApi",
"RootResourceId"
]
},
"PathPart": "banner"
}
},
"postBannerMethod": {
"Type": "AWS::ApiGateway::Method",
"DependsOn": [
"HelloWorldApi"
],
"Properties": {
"RestApiId": {
"Ref": "HelloWorldApi"
},
"ResourceId": {
"Ref": "BannerResource"
},
"HttpMethod": "POST",
"AuthorizationType": "NONE",
"RequestValidatorId": {
"Ref": "PostRequestValidator"
},
"Integration": {
"Credentials": {
"Fn::ImportValue": {
"Fn::Sub": "${RolesStack}-ApiGatewayRoleArn"
}
},
"IntegrationHttpMethod": "POST",
"Type": "AWS_PROXY",
"Uri": {
"Fn::Join": [
"",
[
"arn:aws:apigateway:",
{
"Ref": "AWS::Region"
},
":lambda:path/2015-03-31/functions/",
{
"Fn::GetAtt": [
"createBannerHandler",
"Arn"
]
},
"/invocations"
]
]
}
}
}
}
}
}

Recommend trying the CloudFormation Linter in VSCode to see some of these errors inline while authoring templates along with autocompletion and documentation links:
[cfn-lint] E3002: Invalid Property Resources/postBannerMethod/Properties/Integration/RequestValidatorId

AWS CloudFormation Template - How to configure Lambda with a SQS queue to pick the item from queue

I am pretty new in AWS CloudFormaton template creation. Could not able to find the way to create a Lambda function which will connect with the SQS queue.
Any example or resource would help me to learn and implement.

You need:
AWS::SQS::Queue
AWS::Lambda::Function
AWS::Lambda::EventSourceMapping
"DequeueInstanceQueue": {
"Type": "AWS::SQS::Queue",
"Properties": {
"VisibilityTimeout": 301
},
"DeletionPolicy": "Delete"
},
"DequeueInstanceMapping": {
"Type": "AWS::Lambda::EventSourceMapping",
"Properties": {
"EventSourceArn": {
"Fn::GetAtt": [
"DequeueInstanceQueue",
"Arn"
]
},
"FunctionName": {
"Fn::GetAtt": [
"DequeueInstance",
"Arn"
]
},
"BatchSize": "1"
},
"DeletionPolicy": "Delete"
},
"DequeueInstance": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Runtime": "dotnetcore2.1",
"Environment": {
"Variables": {
"ServerName": {
"Fn::ImportValue": {
"Fn::Sub": "${DatabaseStack}-RdsEndpointAddress"
}
},
"DatabaseUserName": {
"Fn::ImportValue": {
"Fn::Sub": "${DatabaseStack}-MasterUsername"
}
},
"Password": {
"Fn::ImportValue": {
"Fn::Sub": "${DatabaseStack}-MasterUserPassword"
}
},
"BranchName": {
"Ref": "DbBranch"
},
"DequeueInstanceVehicleQueue": {
"Ref": "DequeueInstanceVehicleQueue"
}
}
},
"VpcConfig": {
"SecurityGroupIds": [
{
"Fn::ImportValue": {
"Fn::Sub": "${DatabaseStack}-DbGroup"
}
}
],
"SubnetIds": [
{
"Fn::ImportValue": {
"Fn::Sub": "${NetworkStack}-PrivateSubnet1"
}
},
{
"Fn::ImportValue": {
"Fn::Sub": "${NetworkStack}-PrivateSubnet2"
}
}
]
},
"Timeout": 300,
"Handler": "YadaYada.BubbleBoy.WebApi::YadaYada.BubbleBoy.WebApi.Functions.ProductMaker::DequeueInstance",
"MemorySize": 3008,
"Role": {
"Fn::GetAtt": [
"DequeueInstanceRole",
"Arn"
]
},
"Code": {
"S3Bucket": {
"Ref": "YadaYadaBubbleBoyWebApiBucket"
},
"S3Key": {
"Ref": "YadaYadaBubbleBoyWebApiKey"
}
}
},
"DeletionPolicy": "Delete"
},

How to create a nested Resource path in AWS RestAPI using Cloudformation?

Can somebody explain the parentId property of aws resource type AWS::ApiGateway::Resource ?
Documentation can be found here , Documentation is very much limited and only shows how to get the rootResourceId. Using that i was able to create the following structure. which gives me these paths.
/portfolio
/resource
/{resourceId}
/
/portfolio
GET
OPTIONS
/resource
GET
OPTIONS
/{resourceId}
GET
OPTIONS
Now my question is how to achieve structure like this where in {resourceId} is nested inside resource, so that my path looks like /resource/{resourceId} .
/
/portfolio
GET
OPTIONS
/resource
GET
OPTIONS
/{resourceId}
GET
OPTIONS
This is my template that create resources
"getPortfoliosResource": {
"Type": "AWS::ApiGateway::Resource",
"Properties": {
"RestApiId": {
"Ref": "myAPI"
},
"ParentId": {
"Fn::GetAtt": ["myAPI", "RootResourceId"]
},
"PathPart": "portfolios"
}
},
"getResourcesResource": {
"Type": "AWS::ApiGateway::Resource",
"Properties": {
"RestApiId": {
"Ref": "myAPI"
},
"ParentId": {
"Fn::GetAtt": ["myAPI", "RootResourceId"]
},
"PathPart": "resources"
}
},
"getResourceid": {
"Type": "AWS::ApiGateway::Resource",
"Properties": {
"RestApiId": {
"Ref": "epmoliteAPI"
},
"ParentId": {
"Fn::GetAtt": ["epmoliteAPI", "RootResourceId"]
},
"PathPart": "{resourceId}"
}
},

The ParentId needs to reference the Resource you want to put it in.
"getPortfoliosResource": {
"Type": "AWS::ApiGateway::Resource",
"Properties": {
"RestApiId": {
"Ref": "myAPI"
},
"ParentId": {
"Fn::GetAtt": ["myAPI", "RootResourceId"]
},
"PathPart": "portfolios"
}
},
"getResourcesResource": {
"Type": "AWS::ApiGateway::Resource",
"Properties": {
"RestApiId": {
"Ref": "myAPI"
},
"ParentId": {
"Fn::GetAtt": ["myAPI", "RootResourceId"]
},
"PathPart": "resources"
}
},
"getResourceid": {
"Type": "AWS::ApiGateway::Resource",
"Properties": {
"RestApiId": {
"Ref": "myAPI"
},
"ParentId": {
"Ref": "getResourcesResource"
},
"PathPart": "{resourceId}"
}
},