On my current project we configured forwarding of Cloudwatch alarms to Slack channel. For that we use AWS SNS topic + API Gateway which is subscribed on that topic and forwarded alarms to Slack webhook.
The issue I'm trying to solve - currently the REST resource of the mentioned API Gateway is public (it don't require any auth and is available from Internet). How can I configure API Gateway that it could be available only as SNS subscription endpoint?
You need to create the API gateway with the Endpoint type : Private
And you need to create a VPC end point for SNS to access the end point internally.
More Info: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-vpc-endpoint-policies.html
Related
I'm trying to build a schedule in AWS EventBridge that is going to invoke an API Gateway endpoint on a specific rate. However, I'm not able to specify the API Gateway endpoint when creating the schedule. I couldn't find examples in the documentation about the JSON body that I need to provide to specify the API Gateway ARN, endpoint and headers.
Follow AWS EventBridge documentation: https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-api-gateway-target.html
I have an API Gateway setup that has an integration to EventBridge.
The event bus will only send events to a Cloudwatch log group.
All of them are already setup.
The API Gateway works but it seems it won't reach the event bus 'cause I don't see any logs in the targeted log group.
Have you experienced setting up like this?
The API Gateway Integration:
I had a AWS lambda my_lambda which is configure API gateway. E.g: https://xxx.execute-api.us-east-1.amazonaws.com/{your-environment}/my_lambda.
I also had a SNS my_sns_topic.
I create subscription API gateway to SNS topic successfully But it need to confirm subscription.
I don't know to how get token from Lambda API gateway. So I can use that token to confirm subscription.
p.s: The difficulty is my API gateway was created in Lambda function.
Thanks.
I need a way to log API gateway deployments (date/time, user, swagger diff etc.). Is there an event thats fired that i can attach a lambda to, or alternatively is this information already available on the dashboard somewhere?
As Krishna mentioned, CloudTrail can capture API events (both from the AWS console as well as the AWS APIs) for API Gateway, including the deployment of APIs. Since CloudTrail stores the events in S3, you can take advantage of S3 bucket notifications as a means to trigger your Lambda function.
I would like to send SNS notifications to a Lambda function from one account to another exposing the lambda through and API gateway. But I'm having an Issue. I first tried with the API Gateway in the same account of the SNS topic and everything worked like a charm but when i try with a topic from other account all I got is a Bad Request Error. Do I need to configure any permission?
You need to enable permissions for the TOPIC in another account.
You can find an example in the AWS documentation, section
Allowing Any AWS Resource to Publish to a Topic