We Keep Coding

CloudFormation deploying implicit AWS::APIGateway::Deployment even after explicitly defining one

Trying to deploy a simple HelloWorld API using CloudFormation/SAM.
I have to defined an AWS::Serverless::Api, AWS::ApiGateway::Resource, AWS::ApiGateway::Method and a AWS::ApiGateway::Deployment. But during sam deploy I see that another AWS::ApiGateway::Deployment is implicitly created, one that is deployed before the API Method.
The API related resources deployed:
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Operation LogicalResourceId ResourceType Replacement
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ Add HelloWorldAPIDeployment5332c373d4 AWS::ApiGateway::Deployment N/A
+ Add HelloWorldAPIDeployment AWS::ApiGateway::Deployment N/A
+ Add HelloWorldAPIMethod AWS::ApiGateway::Method N/A
+ Add HelloWorldAPIResource AWS::ApiGateway::Resource N/A
+ Add HelloWorldAPIStage AWS::ApiGateway::Stage N/A
+ Add HelloWorldAPI AWS::ApiGateway::RestApi N/A
How can I stop the implicit AWS::ApiGateway::Deployment(HelloWorldAPIDeployment5332c373d4) from being created?
It causes the following error:
CREATE_FAILED AWS::ApiGateway::Deployment HelloWorldAPIDeployment5332c373d4 Resource handler returned message: "The REST
API doesn't contain any methods (Service:
ApiGateway, Status Code: 400, Request ID:
02f3dcab-0126-4d16-8c19-27fb1e05c381,
Extended Request ID: null)" (RequestToken:
d75d527f-da4f-78a5-3000-be3e156ccc7a,
HandlerErrorCode: InvalidRequest)
Here's the relevant template code:
HelloWorldAPI:
Type: AWS::Serverless::Api
Properties:
Name: HelloWorldApi
StageName: !Ref StageName
HelloWorldAPIResource:
Type: AWS::ApiGateway::Resource
Properties:
RestApiId: !Ref HelloWorldAPI
ParentId: !GetAtt HelloWorldAPI.RootResourceId
PathPart: hello
HelloWorldAPIMethod:
Type: AWS::ApiGateway::Method
Properties:
AuthorizationType: NONE
HttpMethod: GET
ResourceId: !Ref HelloWorldAPIResource
RestApiId: !Ref HelloWorldAPI
Integration:
Type: AWS_PROXY
IntegrationHttpMethod: POST
Uri: !Sub arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${HelloWorldFunction.Arn}/invocations
# - Arn: !GetAtt HelloWorldFunction.Arn
HelloWorldAPIDeployment:
Type: AWS::ApiGateway::Deployment
Properties:
RestApiId: !Ref HelloWorldAPI
StageName: !Ref StageName
DependsOn:
- HelloWorldAPIMethod

You can't switch that off. From docs:
When an AWS::Serverless::Api is specified, AWS Serverless Application Model (AWS SAM) always generates an AWS::ApiGateway::RestApi base AWS CloudFormation resource. In addition, it also always generates an AWS::ApiGateway::Stage and an AWS::ApiGateway::Deployment resource.
If you want to keep using AWS::Serverless::Api you have to use the auto-generated AWS::ApiGateway::Deployment, rather then your own. You do this by appending .Deployment to the name:
!Ref <api‑LogicalId>.Deployment
Alternatively, don't use AWS::Serverless::Api at all, as you seem you are creating everything from scratch anyway.

AWS CloudFormation stack: API Gateway resource with nested paths?

I have an API Gateway resource manually built that looks like:
GET
/assets/{items} - (points to S3 bucket)
/{proxy+} - points to Lambda function
I would like to mimic this setup in a Cloudformation YAML template but unsure how to do so. Here is the current template I'm working with (partially reduced for brevity):
AWSTemplateFormatVersion: 2010-09-09
Parameters:
apiGatewayStageName:
Type: String
AllowedPattern: '^[a-zA-Z0-9]+[a-zA-Z0-9-]+[a-zA-Z0-9]+$'
Default: call
lambdaFunctionName:
Type: String
AllowedPattern: '^[a-zA-Z0-9]+[a-zA-Z0-9-]+[a-zA-Z0-9]+$'
Default: my-function
s3BucketName:
Type: String
AllowedPattern: '^[a-zA-Z0-9]+[a-zA-Z0-9-]+[a-zA-Z0-9]+$'
Resources:
apiGateway:
Type: 'AWS::ApiGateway::RestApi'
Properties:
Name: my-api
Description: My API
Metadata:
...
apiGatewayRootMethod:
Type: 'AWS::ApiGateway::Method'
Properties:
AuthorizationType: NONE
HttpMethod: POST
Integration:
IntegrationHttpMethod: POST
Type: AWS_PROXY
Uri: !Sub
- >-
arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${lambdaArn}/invocations
- lambdaArn: !GetAtt lambdaFunction.Arn
ResourceId: !GetAtt apiGateway.RootResourceId
RestApiId: !Ref apiGateway
Metadata:
...
apiGatewayDeployment:
Type: 'AWS::ApiGateway::Deployment'
DependsOn:
- apiGatewayRootMethod
- apiGatewayGETMethod
Properties:
RestApiId: !Ref apiGateway
StageName: !Ref apiGatewayStageName
Metadata:
...
lambdaFunction:
Type: 'AWS::Lambda::Function'
Properties:
...
lambdaApiGatewayInvoke:
...
lambdaIAMRole:
...
lambdaLogGroup:
...
apiGatewayGETMethod:
Type: 'AWS::ApiGateway::Method'
Properties:
AuthorizationType: NONE
HttpMethod: GET
Integration:
IntegrationHttpMethod: POST
Type: AWS_PROXY
Uri: !Sub
- >-
arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${lambdaArn}/invocations
- lambdaArn: !GetAtt lambdaFunction.Arn
ResourceId: !GetAtt apiGateway.RootResourceId
RestApiId: !Ref apiGateway
Metadata:
'AWS::CloudFormation::Designer':
id: 1a329c4d-9d18-499e-b852-0e361af324f4
s3Bucket:
Type: 'AWS::S3::Bucket'
Properties:
BucketName: !Ref s3BucketName
Metadata:
...
Outputs:
apiGatewayInvokeURL:
Value: !Sub >-
https://${apiGateway}.execute-api.${AWS::Region}.amazonaws.com/${apiGatewayStageName}
lambdaArn:
Value: !GetAtt lambdaFunction.Arn
That is the result of lots of tweaking and me not having any prior CloudFormation knowledge besides going over the official docs. When the stack behind that template gets created, its API Gateway resource looks like:
The POST action is unnecessary, and only there from trial and error. The GET resource is the only important one as application returned by the Lambda function isn't doing any post requests yet.
The GET one must be created from this portion of the Stack:
apiGatewayGETMethod:
Type: 'AWS::ApiGateway::Method'
Properties:
AuthorizationType: NONE
HttpMethod: GET
Integration:
IntegrationHttpMethod: POST
Type: AWS_PROXY
Uri: !Sub
- >-
arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${lambdaArn}/invocations
- lambdaArn: !GetAtt lambdaFunction.Arn
ResourceId: !GetAtt apiGateway.RootResourceId
RestApiId: !Ref apiGateway
What must be done to make it so that GET resource has the nested /assets/{items} path pointing to an S3 bucket and the {proxy+} path pointing to a Lambda? Do I need to specify separate sibling resources for those paths like apiGatewayAssets and apiGatewayLambdaProxy then connect them to apiGatewayGETMethod somehow?
2020-05-17 Update
The current part tripping me up is this resource:
apiGatewayAssetsItemsResourceMethod:
Type: 'AWS::ApiGateway::Method'
Properties:
ResourceId: !Ref apiGatewayAssetsItemsResource
RestApiId: !Ref apiGateway
AuthorizationType: NONE
HttpMethod: GET
Integration:
Type: AWS
Credentials: arn:aws:iam::XXXXXX:role/AnExistingRole
IntegrationHttpMethod: GET
PassthroughBehavior: WHEN_NO_MATCH
RequestParameters:
integration.request.path.item: 'method.request.path.item'
method.request.path.item: true
Uri: !Sub >-
arn:aws:apigateway:${AWS::Region}:s3:path/${s3BucketName}/{item}
That leads to a CloudFormation stack creation error with the status reason being Invalid mapping expression specified: Validation Result: warnings : [], errors : [Invalid mapping expression parameter specified: method.request.path.item] (Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException; Request ID: XXXXXX)
However, if I attempt to create it with the exact same resource minus the RequestParameters entry, it gets created successfully. Although when viewing that API Gateway GET method in the console, it's missing the Paths: item line inside the Integration Request box. Full template I'm currently using:
AWSTemplateFormatVersion: 2010-09-09
Parameters:
apiGatewayStageName:
Type: String
AllowedPattern: '^[a-zA-Z0-9]+[a-zA-Z0-9-]+[a-zA-Z0-9]+$'
Default: call
lambdaFunctionName:
Type: String
AllowedPattern: '^[a-zA-Z0-9]+[a-zA-Z0-9-]+[a-zA-Z0-9]+$'
Default: my-function
s3BucketName:
Type: String
AllowedPattern: '^[a-zA-Z0-9]+[a-zA-Z0-9-]+[a-zA-Z0-9]+$'
Resources:
apiGateway:
Type: 'AWS::ApiGateway::RestApi'
Properties:
Name: my-api
Description: My API
apiGatewayDeployment:
Type: 'AWS::ApiGateway::Deployment'
DependsOn:
- apiGatewayGETMethod
Properties:
RestApiId: !Ref apiGateway
StageName: !Ref apiGatewayStageName
lambdaFunction:
...
lambdaApiGatewayInvoke:
...
lambdaIAMRole:
...
lambdaLogGroup:
...
apiGatewayGETMethod:
Type: 'AWS::ApiGateway::Method'
Properties:
AuthorizationType: NONE
HttpMethod: GET
Integration:
IntegrationHttpMethod: POST
Type: AWS_PROXY
Uri: !Sub
- >-
arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${lambdaArn}/invocations
- lambdaArn: !GetAtt lambdaFunction.Arn
ResourceId: !GetAtt apiGateway.RootResourceId
RestApiId: !Ref apiGateway
s3Bucket:
Type: 'AWS::S3::Bucket'
Properties:
BucketName: !Ref s3BucketName
BucketPolicy:
...
apiGatewayAssetsResource:
Type: 'AWS::ApiGateway::Resource'
Properties:
RestApiId: !Ref apiGateway
ParentId: !GetAtt
- apiGateway
- RootResourceId
PathPart: assets
apiGatewayAssetsItemsResource:
Type: 'AWS::ApiGateway::Resource'
Properties:
RestApiId: !Ref apiGateway
PathPart: '{item}'
ParentId: !Ref apiGatewayAssetsResource
apiGatewayAssetsItemsResourceMethod:
Type: 'AWS::ApiGateway::Method'
Properties:
ResourceId: !Ref apiGatewayAssetsItemsResource
RestApiId: !Ref apiGateway
AuthorizationType: NONE
HttpMethod: GET
Integration:
Type: AWS
Credentials: arn:aws:iam::XXXXXX:role/AnExistingRole
IntegrationHttpMethod: GET
PassthroughBehavior: WHEN_NO_MATCH
Uri: !Sub >-
arn:aws:apigateway:${AWS::Region}:s3:path/${s3BucketName}/{item}
apiGatewayLambdaResource:
Type: 'AWS::ApiGateway::Resource'
Properties:
RestApiId: !Ref apiGateway
PathPart: '{proxy+}'
ParentId: !GetAtt
- apiGateway
- RootResourceId
apiGatewayLambdaResourceMethod:
Type: 'AWS::ApiGateway::Method'
Properties:
AuthorizationType: NONE
RestApiId: !Ref apiGateway
ResourceId: !Ref apiGatewayLambdaResource
HttpMethod: ANY
Integration:
Type: AWS_PROXY
IntegrationHttpMethod: GET
Uri: !Sub
- >-
arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${lambdaArn}/invocations
- lambdaArn: !GetAtt lambdaFunction.Arn
Outputs:
apiGatewayInvokeURL:
Value: !Sub >-
https://${apiGateway}.execute-api.${AWS::Region}.amazonaws.com/${apiGatewayStageName}
lambdaArn:
Value: !GetAtt lambdaFunction.Arn

So what you need to do for this is the following:
Create a AWS::ApiGateway::Resource with a PathPart of assets, this will use a ParentId of the RootResourceId attr from your Rest API
Create a AWS::ApiGateway::Resource with a PathPart of {item}, this will use a ParentId of the assets Resource above.
Create a AWS::ApiGateway::Method for the ResourceId of the resource above. This will use the HTTP_PROXY and set the Uri to be the S3 bucket path, making sure to include the {{ item }} variable in the path.
Create a AWS::ApiGateway::Resource with a PathPart of {proxy+}, this will use a ParentId of the RootResourceId attr from your Rest API
Create a AWS::ApiGateway::Method for the ResourceId of the resource above. This will use the AWS_PROXY and set the uri to reference the Lambda function.
Hope this helps

Why does CloudFormation API Gateway fail stating 'The REST API doesn't contain any methods' even with DependsOn?

I have a CloudFormation template which I'm trying to deploy. This template is very similar to another template I have which works without issue however when deploying this template it keeps failing stating:
APIGatewayDeployment5332c373d4 CREATE_FAILED The REST API doesn't contain any methods (Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException; Request ID: 02c0352f-b23b-44d5-a0af-2f3f3ecd7273)
I had this issue previously on my other template and added the DependsOn property on the deployment which fixed the issue however even with this property this template is failing.
See cut down version of my template below:
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31
Globals:
Function:
Environment:
Variables:
FOO: bah
Api:
EndpointConfiguration: REGIONAL
Resources:
APIGateway:
Type: AWS::Serverless::Api
Properties:
Name: Some API
StageName: !Sub ${EnvironmentTagName}
ApiFooResource:
Type: AWS::ApiGateway::Resource
Properties:
ParentId: !GetAtt APIGateway.RootResourceId
PathPart: foo
RestApiId: !Ref APIGateway
ApiFooNotificationResource:
Type: AWS::ApiGateway::Resource
Properties:
ParentId: !Ref ApiFooResource
PathPart: notification
RestApiId: !Ref APIGateway
ApiFooNotificationMethod:
Type: AWS::ApiGateway::Method
Properties:
HttpMethod: POST
AuthorizationType: NONE
ResourceId: !Ref ApiFooNotificationResource
RestApiId: !Ref APIGateway
MethodResponses:
- StatusCode: '200'
Integration:
Credentials: !GetAtt SQSRole.Arn
IntegrationHttpMethod: POST
IntegrationResponses:
- StatusCode: 200
Type: AWS
Uri: !Sub arn:aws:apigateway:${AWS::Region}:sqs:action/SendMessage
RequestParameters:
integration.request.querystring.QueueUrl: !Sub '''${FooNotificationQueue}'''
integration.request.querystring.MessageBody: method.request.body
ApiTestResource:
Type: AWS::ApiGateway::Resource
Properties:
ParentId: !GetAtt APIGateway.RootResourceId
PathPart: test
RestApiId: !Ref APIGateway
ApiTestMethod:
Type: AWS::ApiGateway::Method
Properties:
HttpMethod: POST
AuthorizationType: NONE
ResourceId: !Ref ApiTestResource
RestApiId: !Ref APIGateway
MethodResponses:
- StatusCode: '200'
Integration:
Credentials: !GetAtt SQSRole.Arn
IntegrationHttpMethod: POST
IntegrationResponses:
- StatusCode: 200
Type: AWS
Uri: !Sub arn:aws:apigateway:${AWS::Region}:sqs:action/SendMessage
RequestParameters:
integration.request.querystring.QueueUrl: !Sub '''${TestQueue}'''
integration.request.querystring.MessageBody: method.request.body
ApiDeployment:
Type: AWS::ApiGateway::Deployment
DependsOn: ApiTestMethod
Properties:
RestApiId: !Ref APIGateway
Description: !Sub Api Deployment for ${EnvironmentTagName}
StageName: !Sub ${EnvironmentTagName}
...**Removed the rest for brevity**...
Parameters:
StackTagName:
Type: String
Description: Stack Name (injected by Stackery at deployment time)
EnvironmentTagName:
Type: String
Description: Environment Name (injected by Stackery at deployment time)

CloudFormation Stack Errors with REST API Doesn't Contain Any Methods

Get the following when deploying a CloudFormation stack:
The REST API doesn't contain any methods (Service: AmazonApiGateway;
Status Code: 400; Error Code: BadRequestException; Request ID:
d527f56e-a1e1-11e9-a0a4-af7563b2b15a)
The stack has a single Lambda triggered by an API with a single resource and method:
FailureReporting:
Type: "AWS::ApiGateway::RestApi"
DependsOn: "MyLambdaFunction"
Properties:
Name: "FailureReporting"
FailOnWarnings: true
FailureReportingDeployment:
Type: AWS::ApiGateway::Deployment
Properties:
RestApiId:
Ref: "FailureReporting"
Description: "Production environment supporting version-1 of the interface."
StageName: "v1"
Failures:
Type: "AWS::ApiGateway::Resource"
Properties:
RestApiId: !Ref "FailureReporting"
ParentId: !GetAtt ["FailureReporting", "RootResourceId"]
PathPart: "failures"
FailuresMethodGet:
Type: "AWS::ApiGateway::Method"
Properties:
RestApiId: !Ref "FailureReporting"
ResourceId: !Ref "Failures"
HttpMethod: "GET"
AuthorizationType: "NONE"
MethodResponses:
- StatusCode: "200"
Integration:
IntegrationHttpMethod: "POST"
Type: "AWS_PROXY"
IntegrationResponses:
- StatusCode: "200"
Credentials: !GetAtt [ 3FailureReportingExecuteAPI, Arn ]
Uri: !Sub
- "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${lambdaArn}/invocations"
- lambdaArn: !GetAtt [ GetFailureKeysByOrderNumber, Arn ]
I'm missing where I mucked up.

Put a DependsOn the deployment resource:
FailureReportingDeployment:
Type: AWS::ApiGateway::Deployment
DependsOn:
- "FailuresMethodGet"
Properties:
Description: "Production environment supporting version-1 of the interface."
RestApiId: !Ref "FailureReporting"
StageName: "v1"
It's not intuitive. Buried in the docs you'll find the following:
If you create an AWS::ApiGateway::RestApi resource and its methods
(using AWS::ApiGateway::Method) in the same template as your
deployment, the deployment must depend on the RestApi's methods. To
create a dependency, add a DependsOn attribute to the deployment. If
you don't, AWS CloudFormation creates the deployment right after it
creates the RestApi resource that doesn't contain any methods, and AWS
CloudFormation encounters the following error: The REST API doesn't
contain any methods.

lambda and api gateway defined by cloud formation

I want to add authorization to endpoints used for lambda.
Since I can not set up this in Lambda definition, I create methods explicitly.
LambdaName:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./lambdaDir
FunctionName: LambdaName
Events:
APIEvent:
Type: Api
Properties:
RestApiId: !Ref MyApi
Path: /products
Method: POST
MyApi:
Type: AWS::Serverless::Api
Properties:
Name: MyApi
StageName: dev
ProductsResource:
Type: AWS::ApiGateway::Resource
Properties:
ParentId:
Fn::GetAtt:
- "MyApi"
- "RootResourceId"
PathPart: products
RestApiId: !Ref MyApi
ProductsCreateApiMethod:
Type: AWS::ApiGateway::Method
Properties:
AuthorizationType: NONE
AuthorizerId: !Ref Authorizer
AuthorizationScopes:
- someScope
RestApiId: !Ref MyApi
HttpMethod: POST
ResourceId: !Ref ProductsResource
Unfortunately I get error:
Another resource with the same parent already has this name: products (Service: AmazonApiGateway; Status Code: 409; Error Code: ConflictException; Request ID: 03ca26de-27be-11e9-82bb-536e557773f3)
It seems like when Cloud Formation tries to create explicitly products resource, it is already there created implicitly by lambda definition,