Fix API Gateway endpoint, permissions and throttling for aws-py-apiga…

…teway-serverless. (pulumi#1282) - Proxy API Gateway REST endpoints require the {proxy+} on the address. Without this a missing token error occurs. - Add a trailing forward slash ('/') to the API Gateway HTTP endpoint so it can be directly invoked. Without this slash a 404 error occurs. - Add same lambda invoke permissions for HTTP endpoint that REST endpoint has. - API Gateway HTTP endpoints throttle all requests if no throttling config is provided, so set a reasonably low (but non-zero) throttling config. - Update README with how to test the endpoints.
AdrianM10 · Sep 16, 2022 · bfdab97 · bfdab97
1 parent 11bfc26
commit bfdab97
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 5 deletions.
diff --git a/aws-py-apigateway-lambda-serverless/README.md b/aws-py-apigateway-lambda-serverless/README.md
@@ -29,6 +29,26 @@ This sample uses the following AWS products:
 
 2.  To view the runtime logs of the Lambda function, use the `pulumi logs` command. To get a log stream, use `pulumi logs --follow`.
 
+## Test the Endpoints
+
+Use a HTTP tool like `curl` or [`httpie`](https://github.com/httpie/httpie) (`pip3 install httpie`) to query the API Gateway endpoints using the Pulumi stack outputs.
+
+Example using `curl`:
+
+```
+curl $(pulumi stack output apigateway-rest-endpoint)
+curl $(pulumi stack output apigatewayv2-http-endpoint)
+```
+
+Example using `httpie`:
+
+```
+http $(pulumi stack output apigateway-rest-endpoint)
+http $(pulumi stack output apigatewayv2-http-endpoint)
+```
+
+Output should include `"Cheers from AWS Lambda!!"`.
+
 ## Clean Up
 
 1.  Run `pulumi destroy` to tear down all resources.

diff --git a/aws-py-apigateway-lambda-serverless/__main__.py b/aws-py-apigateway-lambda-serverless/__main__.py
@@ -71,7 +71,7 @@ def swagger_route_handler(arn):
 )
 
 # Give permissions from API Gateway to invoke the Lambda
-invoke_permission = aws.lambda_.Permission("api-lambda-permission",
+rest_invoke_permission = aws.lambda_.Permission("api-rest-lambda-permission",
     action="lambda:invokeFunction",
     function=lambda_func.name,
     principal="apigateway.amazonaws.com",
@@ -89,7 +89,7 @@ def swagger_route_handler(arn):
 )
 
 http_lambda_backend = aws.apigatewayv2.Integration("example",
-    api_id= http_endpoint.id,
+    api_id=http_endpoint.id,
     integration_type="AWS_PROXY",
     connection_type="INTERNET",
     description="Lambda example",
@@ -110,13 +110,23 @@ def swagger_route_handler(arn):
     api_id=http_endpoint.id,
     route_settings= [
         {
-            "route_key": http_route.route_key
+            "route_key": http_route.route_key,
+            "throttling_burst_limit": 1,
+            "throttling_rate_limit": 0.5,
         }
     ],
     auto_deploy=True
 )
 
+# Give permissions from API Gateway to invoke the Lambda
+http_invoke_permission = aws.lambda_.Permission("api-http-lambda-permission",
+    action="lambda:invokeFunction",
+    function=lambda_func.name,
+    principal="apigateway.amazonaws.com",
+    source_arn=http_endpoint.execution_arn.apply(lambda arn: arn + "*/*"),
+)
+
 # Export the https endpoint of the running Rest API
-pulumi.export("apigateway-rest-endpoint", deployment.invoke_url.apply(lambda url: url + custom_stage_name))
+pulumi.export("apigateway-rest-endpoint", deployment.invoke_url.apply(lambda url: url + custom_stage_name + '/{proxy+}'))
 # See "Outputs" for (Inputs and Outputs)[https://www.pulumi.com/docs/intro/concepts/inputs-outputs/] the usage of the pulumi.Output.all function to do string concatenation
-pulumi.export("apigatewayv2-http-endpoint", pulumi.Output.all(http_endpoint.api_endpoint, http_stage.name).apply(lambda values: values[0] + '/' + values[1]))
+pulumi.export("apigatewayv2-http-endpoint", pulumi.Output.all(http_endpoint.api_endpoint, http_stage.name).apply(lambda values: values[0] + '/' + values[1] + '/'))