This example create an API Gateway which responds to requests using different sources:
- Static files from a directory
- Lambda Function
- HTTP Proxy
When you're finished, you'll be familiar with how to configure routes in API Gateway using the RestAPI.
For Pulumi examples, we typically start by creating a directory and changing into it. Then, we create a new Pulumi project from a template. For example, azure-javascript
.
-
Install prerequisites:
go install
-
Make Lambda handlers:
make
-
Create a new Pulumi stack:
pulumi stack init
-
Configure the AWS region to deploy into:
pulumi config set aws:region us-east-2
-
Deploy the Pulumi stack:
pulumi up
Use the example CURL commands to test the API responses.
$ curl -w '\n' "$(pulumi stack output url)static"
<h1>Hello Pulumi!</h1>
$ curl -w '\n' "$(pulumi stack output url)lambda"
Hello, API Gateway!
$ python3 -m webbrowser "$(pulumi stack output url)proxy"
# Opens a page looking like Google in your browser
$ curl -w '\n' "$(pulumi stack output url)swagger"
{
"uuid": ...
}
$ curl -w '\n' -H "Authorization: HEADER.PAYLOAD.SIGNATURE" "$(pulumi stack output url)cognito-authorized"
{"message":"Unauthorized"}
$ curl -w '\n' -H "Authorization: goodToken" "$(pulumi stack output url)lambda-authorized"
Hello, API Gateway!
$ curl -w '\n' -H "Authorization: badToken" "$(pulumi stack output url)lambda-authorized"
{"message": "404 Not found" }
$ curl -w '\n' "$(pulumi stack output url)lambda-authorized" # No token
{"message":"Unauthorized"}
$ curl -w '\n' "$(pulumi stack output swagger-url)"
{
"uuid": ...
}
$ curl -w '\n' -H "x-api-key: $(pulumi stack output apiKeyValue --show-secrets)" "$(pulumi stack output url)key-authorized"
Hello, API Gateway!
Testing a valid Cognito token is a little more involved.
-
Create a random password
PASSWORD=$(curl -s https://www.passwordrandom.com/query?command=password&scheme=Llnn%23rrrrrrrrrr)
-
Create a user
aws cognito-idp sign-up --region $(pulumi config get aws:region) --client-id $(pulumi stack output user-pool-client-id) --username "[email protected]" --password "$PASSWORD"
-
Confirm the user's account
aws cognito-idp admin-confirm-sign-up --region $(pulumi config get aws:region) --user-pool-id $(pulumi stack output user-pool-id) --username "[email protected]"
-
Authenticate to create a new session:
TOKEN=$(aws cognito-idp admin-initiate-auth --region $(pulumi config get aws:region) --user-pool-id $(pulumi stack output user-pool-id) --client-id $(pulumi stack output user-pool-client-id) --auth-flow ADMIN_NO_SRP_AUTH --auth-parameters "{\"USERNAME\":\"[email protected]\",\"PASSWORD\":\"$PASSWORD\"}")
-
Perform authenticated request
$ curl -w '\n' -H "Authorization: $(echo $TOKEN | jq '.AuthenticationResult.IdToken' -r)" "$(pulumi stack output url)cognito-authorized" Hello, API Gateway!
Fetch and review the logs from the Lambda executions:
pulumi logs
Before you can set up a custom domain you must register a domain name with Route 53.
Configure the stack with your custom DNS information:
pulumi config set domain subdomain.acmecorp.example
pulumi config set dns-zone acmecorp.example
Deploy your stack:
$ pulumi up
...
Type Name Plan
pulumi:pulumi:Stack aws-apigateway-ts-routes-dev
+ ├─ pulumi:providers:aws usEast1 create
+ ├─ aws:acm:Certificate ssl-cert create
+ ├─ aws:route53:Record ssl-cert-validation-dns-record create
+ ├─ aws:acm:CertificateValidation ssl-cert-validation create
+ ├─ aws:apigateway:DomainName api-domain-name create
+ ├─ aws:route53:Record api-dns create
+ └─ aws:apigateway:BasePathMapping api-domain-mapping create
Test your API is now available on your custom domain:
curl -w '\n' "$(pulumi stack output customUrl)static"
Once you're finished experimenting, you can destroy your stack and remove it to avoid incurring any additional cost:
pulumi destroy
pulumi stack rm
In this tutorial, you deployed an API with different route configurations. Now you can use these patterns to build real APIs which connect to other services.