I've managed to define a template for a Lambda behind an API GW authenticated via (dedicated) ApiKey by describing everything in the template and with no OpenApi definition.
The problem arises when trying to introduce Lambda Integrations for accomplishing the mappings: it seems that they can be defined only in the OpenAPI docs which, of course, I cannot manage to make work. Because SAM validation fails complaining about the Auth part.
Template provided at '/Users/cionzo/PycharmProjects/my_project/template.yaml' was invalid SAM Template.
Error: [InvalidResourceException('ApiGateway', "Invalid value for 'Auth' property")] ('ApiGateway', "Invalid value for 'Auth' property")
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
myToyApp POC
SAM Template for myToyApp POC
# ====================================
# PARAMETERS SETUP
# ====================================
Parameters:
StageParam:
Type: String
Default: dev
Description: (Required) Enter dev, test, prod. Default is dev.
AllowedValues:
- dev
- test
- prod
ProjectName:
Type: String
Default: myToyApp
Description: (Required) The name of the project
MinLength: 3
MaxLength: 50
AllowedPattern: ^[A-Za-z_-]+$
ConstraintDescription: "Required. Can be characters, hyphen, and underscore only. No numbers or special characters allowed."
Mappings:
Stage2Settings:
LoggingLevel:
dev: "INFO"
test: "INFO"
prod: "ERROR"
Globals:
Function:
Timeout: 60
Resources:
ApiGateway:
Type: AWS::Serverless::Api
Properties:
Name: !Sub "${ProjectName}_${StageParam}"
StageName: !Ref StageParam
MethodSettings:
- LoggingLevel: !FindInMap [ Stage2Settings, "LoggingLevel", !Ref StageParam ]
ResourcePath: '/*' # allows for logging on any resource
HttpMethod: '*' # allows for logging on any method
DataTraceEnabled: true # Put logs into cloudwatch
MetricsEnabled: true # Enable detailed metrics (error 404, latence, ...)
Auth:
ApiKeyRequired: true
UsagePlan:
CreateUsagePlan: PER_API
Description: Usage plan for this API
DefinitionBody:
openapi: 3.0.0
info:
title: "Hello Api"
version: 0.3.0
description: "This is an example OpenAPI specification"
termsOfService: "http://example.com/tos"
contact:
email: "[email protected]"
x-amazon-apigateway-request-validators:
all:
validateRequestBody: true
validateRequestParameters: true
params:
validateRequestBody: true
validateRequestParameters: true
body:
validateRequestBody: true
validateRequestParameters: false
paths:
/processData:
post:
operationId: processData
description: Test sam local functionality with API Gateway & Open API
myToyAppPOCFunction:
Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
Properties:
CodeUri: myLambdaCodeFolder/
Handler: app.lambda_handler
Runtime: python3.8
FunctionName: !Sub "${ProjectName}_DataProcessor_${StageParam}"
Events:
HelloWorld:
Type: Api # More info about API Event Source: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api
Properties:
Path: /processData
Method: POST
RestApiId: !Ref ApiGateway
Outputs:
# ServerlessRestApi is an implicit API created out of Events key under Serverless::Function
# Find out more about other implicit resources you can reference within SAM
# https://github.com/awslabs/serverless-application-model/blob/master/docs/internals/generated_resources.rst#api
myToyAppPOCApi:
Description: "API Gateway endpoint URL for myToyAppPOCFunction"
Value: !Sub "https://${ApiGateway}.execute-api.${AWS::Region}.amazonaws.com/${StageParam}/processData/"
myToyAppPOCFunction:
Description: "myToyAppPOCFunction Lambda Function ARN"
Value: "myToyAppPOCFunction"
myToyAppPOCFunctionIamRole:
Description: "Implicit IAM Role created for Hello World function"
Value: !GetAtt myToyAppPOCFunctionRole.Arn
Your Auth property syntax includes an incorrect property for DefinitionBody.
To fix your listed error, unindent that DefinitionBody block so its parent is Properties, and not Auth
ApiGateway:
Type: AWS::Serverless::Api
Properties:
Name: !Sub "${ProjectName}_${StageParam}"
StageName: !Ref StageParam
MethodSettings:
- LoggingLevel: !FindInMap [ Stage2Settings, "LoggingLevel", !Ref StageParam ]
ResourcePath: '/*' # allows for logging on any resource
HttpMethod: '*' # allows for logging on any method
DataTraceEnabled: true # Put logs into cloudwatch
MetricsEnabled: true # Enable detailed metrics (error 404, latence, ...)
Auth:
ApiKeyRequired: true
UsagePlan:
CreateUsagePlan: PER_API
Description: Usage plan for this API
DefinitionBody:
openapi: 3.0.0
info:
title: "Hello Api"
version: 0.3.0
description: "This is an example OpenAPI specification"
termsOfService: "http://example.com/tos"
contact:
email: "[email protected]"
x-amazon-apigateway-request-validators:
all:
validateRequestBody: true
validateRequestParameters: true
params:
validateRequestBody: true
validateRequestParameters: true
body:
validateRequestBody: true
validateRequestParameters: false
paths:
/processData:
post:
operationId: processData
description: Test sam local functionality with API Gateway & Open API
For more information on proper syntax check out the docs: