It's been a couple of weeks that I've been fighting with AWS API Gateway.
I've a working version of our APIs with a client certificate and a custom lambda authorizer in my API gateway console.
I am trying to export to a swagger file to import within the same AWS account as a different API, but the imported API just doesn't work.
All the endpoints are working well in the "Resources" panel with the functionality "test" but when I try to deploy a stage, it doesn't work. Both the swagger import and export work OK, and deploying the stage runs without problems but calling the API always returns {"message": null}
I've tried many times with swagger or swagger + API extensions template, with both JSON or YAML but it still fails when actually calling the APIs.
Someone knows if I need to do some extra steps in order to export and import a template?
I found the solution.
If you want to use a custom authorizer in the API Gateway, you need to define manually the "execution role ARN" ( you need to create a new one or using an existing ).
Actually, if you leave that field blank, using the auto generation function then Swagger will not be able to create automatically a new role next time when you'll try to import the template.
Obviously, no docs say that.
Related
When I create REST API via APIGateway, I have a beautiful dashboard to allows me to see different endpoints:
Problem:
When I create HTTP API via APIGateway, I can't see my different endpoints like below:
My need and my goal:
I want to document my API resources in order to generate a swagger and to be able to make requests directly in the swagger.
I don't want to use S3 solution.
I used Cloudfront to make a required authentication before accessing swagger.
Thank's in advance :)
EDIT: #eli6, the problem is:
When I click on Routes, I have only this:
On the menu to the left on the HTTP API view, you can click on "Routes" to see the different endpoints, or on "Export" to export their definition in the OpenAPI 3 format. OpenAPI 3 can be imported and used with the Swagger tools.
I am trying to create a new API using
AWS API Gateway (backed by an AWS Lambda)
Swagger UI
Authentication (OAUTH2 with Okta)
I can create a new service with Pythong + Flask + Swagger and host a docker container, which I can develop, but I'm trying to keep it serverless and use the combination of technologies in my list above.
Any help would be greatly appreciated!
I'm assuming you want to know more about the OAuth part using Okta. You'll have to create a Lambda authorizer that will perform the introspection of the token from Okta.
For the serverless API, you'll have to break your service into functions. An approach is to have one function for each RESTful resource+method:
GET /books/{id} -> getBookFunction
PUT /books/{id} -> updateBookFunction
DELETE /books/{id} -> deleteBookFunction
Lastly, if you have a well-defined Swagger file. You can use it to create your API in API Gateway. You may also use x-amazon-apigateway-* in your Swagger file and define your resource backend to refer to a Lambda function's ARN. Documentation can be found here
Yes, you're right, the question is more around how to integrate Oauth2 (Okta) with a swagger UI using AWS API Gateway.
API Gateway 2.0 already provide the ability to inspect the JWT token from Okta, so no need to create a custom Lambda there.
I'm not sure how to get this ability with redirects configured in a Swagger UI, and have the user login using the implicit/authorization-code Grant-Type and let the user interact with the swagger page.
I have created API using AWS Api Gateway. Then i have documented documentation parts for all the entities ( like API, RESOURCE, METHOD, MODEL etc). Then using AWS Gateway Console i have published the documentation to dev stage with version 1
But i am not sure how do i (or the consumer of the API) going to access the documentation?
There is an Export option that can export documentation as Swagger or OpenAPI3. This will create .json or .yaml file and then consumer has to import these files into swagger UI. However this is not user-friendly option to provide swagger file every time i update documentation to all consumers.
I was wondering, after publishing the documentation is there anyway consumer can access documentation directly via http. So lets assume my dev stage api URL is
https://devapi.example.com/v1 so something like https://devapi.example.com/v1/help should launch Swagger UI with latest published swagger file.
Update 1
In ASP.NET Web API or .NET Core you can include Swashbuckle that creates swagger files and also has embedded version of the Swagger UI tool. So after deploying API user can access documentation directly from UI something like https://devapi.example.com/swagger.
I was hoping the same thing from AWS gateway. After publishing the documentation it should make that documentation available via some predefined resource path.
AWS API Gateway can only make documentation exportable but won't render a UI app. There is no endpoint that you can use in the gateway to render the documentation. You may wish to use third party tools or AWS API Gateway Developer Portal to allow users browse API documentation. You may find this blog helpful.
Micro Swagger imports swagger spec from Amazon API Gateway & serves a swagger UI from it.
You can leave it running on an EC2 instance:
npm i -g micro-swagger
micro-swagger start
It'll use the instance's IAM role to download the Swagger spec from API Gateway. Your CI/CD pipeline can restart/refresh Micro Swagger whenever it deploys. Your customers can see the latest API docs at the instance's domain.
I have a mobile back-end set up on as:
Apigateway-->[Cognitico authorizer]AWS Lambda --> DyanmoDb
I have one Environment setup for PROD
I want to create another environment for DEV and UAT. For this purposes I have created separate AWS account. My lambda code is easy to deploy and I can create DynamoDB tables manually.
API gateway was created via the web console. Now I could export the API via swagger but when I import into another account I get the error below:
Invalid authorizer ID specified. Setting the authorization type to CUSTOM or COGNITO_USER_POOLS requires a valid authorizer.
I could manually remove authorizers and import the swagger file but that seam like a hack.
So the questions:
1) Assuming having one account for PROD and another account for UAT is the right approach. What would proper/easier way to move API Gateway config from one AWS account to another?
2)Is there a better way to have multiple environments for kind of setup above? Any official recommendations?
We are using Amazon Gateway API and currently we describe API endpoints manually through the web console.
Is it possible to create definition of API in some file(s) and import it?
Why do we need this:
We want every change in the API be reviewed (it's our development process) by other people.
In case if API is deleted or broken accidently, we want to be able to restore it easily.
By now the only solution I see is to write script, based on aws apigateway command line command that creates all resources and methods.
But probably there is a better way to do it?
Thanks!
P.S. It may partially overlaps with this question: exporting api definition from AWS api gateway.
I think the Swagger Importer feature of AWS API Gateway is what you are looking for: https://aws.amazon.com/about-aws/whats-new/2015/07/introducing-swagger-importer-easily-import-swagger-api-definitions-into-amazon-api-gateway/
You can export your API definition with API Gateway extensions into swagger format. Then you use the API Gateway API importer to import/update your API.
If you are backing your API Gateway endpoints with Lambda functions you may want to check out the serverless project https://github.com/serverless/serverless
Using this framework you have a JSON file that describes your endpoints and binds them to your Lambda code in the same project structure. The tool lets you deploy the endpoints or code from the command line. It also allows you to manage other AWS resources in a CloudFormation template in the same project structure and deploy it from the command line.