def get_responses(self, method_config):
"""
Creates a method and integration response object in troposphere from a provided ApiGatewayMethodConfig object.
:param method_config: a preconfigured ApiGatewayMethodConfig object
"""
self.method_responses = []
self.integration_responses = []
for number, response in enumerate(method_config.responses):
method_response = MethodResponse(
'{0}Response{1}'.format(method_config.method_name, number),
StatusCode=response.statuscode
)
if response.models:
method_response.ResponseModels = response.models
integration_response = IntegrationResponse(
'{0}IntegrationResponse{1}'.format(method_config.method_name, number),
StatusCode=response.statuscode,
ResponseTemplates=response.templates,
SelectionPattern=response.selectionpattern
)
if response.parameters:
method_response.ResponseParameters = response.parameters
integration_response.ResponseParameters = response.parameters
self.integration_responses.append(integration_response)
self.method_responses.append(method_response)
def get_responses(self, method_config):
"""
Creates a method and integration response object in troposphere from a provided ApiGatewayMethodConfig object.
:param method_config: a preconfigured ApiGatewayMethodConfig object
"""
self.method_responses = []
self.integration_responses = []
for number, response in enumerate(method_config.responses):
method_response = MethodResponse('{0}Response{1}'.format(
method_config.method_name, number),
StatusCode=response.statuscode)
if response.models:
method_response.ResponseModels = response.models
integration_response = IntegrationResponse(
'{0}IntegrationResponse{1}'.format(method_config.method_name,
number),
StatusCode=response.statuscode,
ResponseTemplates=response.templates,
SelectionPattern=response.selectionpattern)
if response.parameters:
method_response.ResponseParameters = response.parameters
integration_response.ResponseParameters = response.parameters
self.integration_responses.append(integration_response)
self.method_responses.append(method_response)
def get_method_responses(self, resource):
default_method_responses = [{'code': '200'}]
responses = []
for response in resource.get('responses', default_method_responses):
extra = {}
if 'models' in response:
extra['ResponseModels'] = response['models']
if 'parameters' in response:
extra['ResponseParameters'] = response['parameters']
responses.append(
MethodResponse(StatusCode=six.text_type(response['code']),
**extra))
return responses
def add_method_to_apigateway(t: Template, lambda_function: Function,
apigwlambda_role: Role, rest_api: RestApi,
resource: Resource, method_type: str):
return t.add_resource(
Method(
f'Method{lambda_function.name}',
DependsOn=lambda_function,
RestApiId=Ref(rest_api),
AuthorizationType="NONE",
ResourceId=Ref(resource),
HttpMethod=method_type,
Integration=Integration(
Credentials=GetAtt(apigwlambda_role, "Arn"),
Type="AWS",
IntegrationHttpMethod='POST',
IntegrationResponses=[IntegrationResponse(StatusCode='200')],
Uri=Join("", [
"arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/",
GetAtt(lambda_function, "Arn"), "/invocations"
])),
MethodResponses=[MethodResponse("CatResponse", StatusCode='200')]))
"LambdaMethod",
DependsOn='FoobarFunction',
RestApiId=Ref(rest_api),
AuthorizationType="NONE",
ResourceId=Ref(resource),
HttpMethod="GET",
Integration=Integration(
Credentials=GetAtt("LambdaExecutionRole", "Arn"),
Type="AWS",
IntegrationHttpMethod='POST',
IntegrationResponses=[IntegrationResponse(StatusCode='200')],
Uri=Join("", [
"arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/",
GetAtt("FoobarFunction", "Arn"), "/invocations"
])),
MethodResponses=[MethodResponse("CatResponse", StatusCode='200')]))
# Create a deployment
stage_name = 'v1'
deployment = t.add_resource(
Deployment(
"%sDeployment" % stage_name,
DependsOn="LambdaMethod",
RestApiId=Ref(rest_api),
))
stage = t.add_resource(
Stage('%sStage' % stage_name,
StageName=stage_name,
RestApiId=Ref(rest_api),
Method("subscribeMethod",
DependsOn="EmailSubscribeFunction",
RestApiId=Ref(rest_api),
AuthorizationType="NONE",
ResourceId=Ref(subscribe_resource),
HttpMethod="POST",
Integration=Integration(
Type="AWS",
IntegrationHttpMethod="POST",
IntegrationResponses=[IntegrationResponse(StatusCode="200")],
Uri=Join("", [
"arn:aws:apigateway:",
Ref('AWS::Region'), ":lambda:path/2015-03-31/functions/",
GetAtt(EmailSubscribeFunction, "Arn"), "/invocations"
])),
MethodResponses=[MethodResponse("CatResponse", StatusCode="200")]))
# /unsubscribe
unsubscribe_resource = t.add_resource(
Resource("unsubscribeResource",
RestApiId=Ref(rest_api),
PathPart="unsubscribe",
ParentId=GetAtt("EmailListApi", "RootResourceId")))
unsubscribe_method = t.add_resource(
Method("unsubscribeMethod",
DependsOn="EmailUnsubscribeFunction",
RestApiId=Ref(rest_api),
AuthorizationType="NONE",
ResourceId=Ref(unsubscribe_resource),
HttpMethod="POST",
def initiate_api_gateway_creation(self):
self.template.set_version('2010-09-09')
self.template.set_description('Creates a API Gateway which is '
'used to get data from dynamoDB.')
role = self.template.add_resource(
Role('RootRole',
RoleName="monty-cloud-api-role",
Path='/',
AssumeRolePolicyDocument={
"Version":
"2012-10-17",
"Statement": [{
"Action": ["sts:AssumeRole"],
"Effect": "Allow",
"Principal": {
"Service": [
"apigateway.amazonaws.com",
"lambda.amazonaws.com",
"dynamodb.amazonaws.com"
]
}
}]
}))
self.template.add_resource(
ManagedPolicy(
'RolePolicies',
ManagedPolicyName='api-gw-policy',
Description='This policy is used for the DynamoDB table ',
PolicyDocument={
"Version":
"2012-10-17",
"Statement": [{
"Action": ["dynamodb:*", "lambda:*", "s3:*"],
"Resource": [
"arn:aws:dynamodb:*:*:table/*",
"arn:aws:lambda:*:*:function:*"
],
"Effect":
"Allow"
}]
},
Roles=[Ref(role)]))
name = self.template.add_resource(
RestApi('restApiName',
Name='monty-cloud-get-api',
Description='Monty Cloud API Gateway',
EndpointConfiguration=EndpointConfiguration(
Types=['REGIONAL'])))
self.template.add_resource(
Permission("lambdaApiGatewayInvoke",
Action="lambda:InvokeFunction",
FunctionName="arn:aws:lambda:{}:{}:function:"
"get_data".format(self.region, self.account_number),
Principal="apigateway.amazonaws.com",
SourceArn="arn:aws:execute-api:{}:{}:*/*"
"/GET/get-details".format(self.region,
self.account_number)))
get_api_resource = self.template.add_resource(
Resource('restApiGetDetailsResource',
RestApiId=Ref(name),
ParentId=GetAtt(name, 'RootResourceId'),
PathPart='get-details',
DependsOn=name))
get_api_method = self.template.add_resource(
Method('restApiGetDetailsMethod',
AuthorizationType='None',
ApiKeyRequired=False,
HttpMethod='GET',
ResourceId=Ref(get_api_resource),
RestApiId=Ref(name),
Integration=Integration(Type='AWS_PROXY',
IntegrationHttpMethod='POST',
Uri=self.uri.format(
self.region, self.region,
self.account_number),
Credentials=GetAtt(role, "Arn")),
MethodResponses=[
MethodResponse(
StatusCode='200',
ResponseModels={'application/json': 'Empty'})
],
DependsOn=get_api_resource))
deployment = self.template.add_resource(
Deployment('restApiDeployment',
RestApiId=Ref(name),
DependsOn=[get_api_method]))
self.template.add_resource(
Stage('restApiStage',
DeploymentId=Ref(deployment),
Description='Prod Stage',
MethodSettings=[
MethodSetting(ResourcePath='/get-details',
HttpMethod='GET')
],
RestApiId=Ref(name),
StageName='prod'))
return self.template.to_yaml()
def add_api_gateway(self, apigateway_name):
self.log.info('Adding API Gateway %s' % apigateway_name)
assert (self.lambda_function is not None)
# define all value used by api gateway
lambda_method_name = '%sLambdaMethod' % apigateway_name
lambda_permission_name = '%sLambdaPermission' % apigateway_name
resource_name = '%sResource' % apigateway_name
deployment_name = '%sDeployment' % self.stage_name
apikey_name = '%sApiKey' % apigateway_name
# start creating api gateway template
self.apigateway = RestApi(apigateway_name, Name=apigateway_name)
self.template.add_resource(self.apigateway)
resource = Resource(resource_name,
RestApiId=Ref(self.apigateway),
PathPart='{proxy+}',
ParentId=GetAtt(apigateway_name, 'RootResourceId'))
self.template.add_resource(resource)
permission = Permission(lambda_permission_name,
Action='lambda:invokeFunction',
FunctionName=GetAtt(self.lambda_function,
'Arn'),
Principal='apigateway.amazonaws.com',
SourceArn=Join("", [
'arn:aws:execute-api:',
Ref('AWS::Region'), ':',
Ref('AWS::AccountId'), ':',
Ref(self.apigateway), '/*'
]))
self.template.add_resource(permission)
method = Method(
lambda_method_name,
DependsOn=lambda_permission_name,
RestApiId=Ref(self.apigateway),
ResourceId=Ref(resource),
HttpMethod='ANY',
AuthorizationType='NONE',
Integration=Integration(
Type='AWS_PROXY',
IntegrationHttpMethod='POST',
Uri=Join("", [
'arn:aws:apigateway:',
Ref('AWS::Region'), ':lambda:path/2015-03-31/functions/',
GetAtt(self.lambda_function, 'Arn'), '/invocations'
])),
MethodResponses=[MethodResponse(StatusCode='200')])
self.template.add_resource(method)
# create a deployment
deployment = Deployment(deployment_name,
DependsOn=lambda_method_name,
RestApiId=Ref(self.apigateway))
self.template.add_resource(deployment)
stage = Stage('%sStage' % self.stage_name,
StageName=self.stage_name,
RestApiId=Ref(self.apigateway),
DeploymentId=Ref(deployment))
self.template.add_resource(stage)
key = ApiKey(apikey_name,
StageKeys=[
StageKey(RestApiId=Ref(self.apigateway),
StageName=Ref(stage))
])
self.template.add_resource(key)
RestApiId=Ref(rest_api),
PathPart="dynamo",
ParentId=GetAtt("api", "RootResourceId"),
))
# Create a get method that integrates into Lambda
getmethod = t.add_resource(
Method(
"getmethod",
RestApiId=Ref(rest_api),
AuthorizationType="NONE",
ResourceId=Ref(resource),
HttpMethod="GET",
MethodResponses=[
MethodResponse("CatResponse",
StatusCode='200',
ResponseModels={'application/json': 'Empty'})
],
Integration=Integration(
Credentials=GetAtt("LambdaExecutionRole", "Arn"),
PassthroughBehavior='WHEN_NO_MATCH',
Type="AWS",
IntegrationHttpMethod='POST',
IntegrationResponses=[
IntegrationResponse(
StatusCode='200',
ResponseTemplates={'application/json': ''},
)
],
Uri=Join("", [
"arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/",
IntegrationResponses=[IntegrationResponse(
ResponseTemplates={
'application/json': "{\"message\": \"OK\"}"
},
StatusCode='200'
)],
PassthroughBehavior='WHEN_NO_TEMPLATES',
RequestTemplates={
'application/json': "{\"statusCode\": 200, \"message\": \"OK\"}"
},
),
MethodResponses=[
MethodResponse(
'HealthResponse',
ResponseModels={
'application/json': Ref(health_model),
},
StatusCode='200',
)
],
))
# This should be done with a mock method with mocked response headers. But I just want it to work right now.
options_role = template.add_resource(Role(
'OptionsRole',
Path="/",
AssumeRolePolicyDocument={
"Version": "2012-10-17",
"Statement": [{
"Action": ["sts:AssumeRole"],
"Effect": "Allow",
def get_framework_template(self):
from troposphere import (
GetAtt,
Ref,
Sub,
Tags,
Template,
)
from troposphere.apigateway import (
BasePathMapping,
Deployment,
DomainName,
Integration,
IntegrationResponse,
Method,
MethodResponse,
Resource,
RestApi,
Stage,
)
from troposphere.ec2 import (
VPCEndpoint, )
from troposphere.s3 import (
Bucket,
BucketPolicy,
VersioningConfiguration,
)
t = Template()
###############
# API Gateway #
###############
api = t.add_resource(
RestApi(
'ApiGateway',
Name=self.args.stack + 'Api',
Description=
'API for portal and redirects for the Cornell AppStream Service',
))
####################
# Redirect Methods #
####################
stack_url = "'https://shibidp.cit.cornell.edu/idp/profile/SAML2/Unsolicited/SSO?providerId=urn:amazon:webservices&target=https://appstream2.{region}.aws.amazon.com/saml?accountId={account}%26stack={stack}'"
stack_link = '<li><a href="./{redirect_nal}">{redirect}</a></li>'
methods = []
stack_links = ''
for redirect in sorted(self.config['Redirects'].keys()):
redirect_info = self.config['Redirects'][redirect]
redirect_nal = re.sub('\W+', '', redirect)
redirect_url = stack_url.format(account=redirect_info['account'],
region=redirect_info['region'],
stack=redirect_info['stack'])
methods.append('ApiGatewayRedirect' + redirect_nal)
stack_links += stack_link.format(redirect=redirect,
redirect_nal=redirect_nal)
resource = t.add_resource(
Resource(
'ApiGatewayResource' + redirect_nal,
ParentId=GetAtt(api, 'RootResourceId'),
PathPart=redirect_nal,
RestApiId=Ref(api),
))
method = t.add_resource(
Method(
'ApiGatewayRedirect' + redirect_nal,
AuthorizationType='None',
HttpMethod='ANY',
Integration=Integration(
Type='MOCK',
IntegrationResponses=[
IntegrationResponse(
ResponseParameters={
'method.response.header.Location':
redirect_url,
},
ResponseTemplates={
'application/json': '{"redirect": 302}'
},
StatusCode='302',
),
],
RequestTemplates={
'application/json': '{"statusCode":200}'
},
),
MethodResponses=[
MethodResponse(
ResponseParameters={
'method.response.header.Location': True,
},
StatusCode='302',
),
],
ResourceId=Ref(resource),
RestApiId=Ref(api),
))
###########################
# API Gateway Root Method #
###########################
with open('./include/root_integration_template.html',
'r') as rootTemplateHTML:
rootTemplate = rootTemplateHTML.read()
root_method = t.add_resource(
Method(
'ApiGatewayRootMethod',
AuthorizationType='None',
HttpMethod='ANY',
Integration=Integration(
Type='MOCK',
IntegrationResponses=[
IntegrationResponse(
ResponseParameters={
'method.response.header.Content-Type':
"'text/html'",
},
ResponseTemplates={
'text/html':
rootTemplate.format(stack_links=stack_links),
},
StatusCode='200',
),
],
RequestTemplates={
'application/json': '{"statusCode":200}'
},
),
MethodResponses=[
MethodResponse(
ResponseParameters={
'method.response.header.Content-Type': True,
},
StatusCode='200',
),
],
ResourceId=GetAtt(api, 'RootResourceId'),
RestApiId=Ref(api),
))
#####################
# API Gateway Stage #
#####################
api_deployment = t.add_resource(
Deployment(
'ApiGatewayDeployment' + self.run_time,
Description=
'Deployment for API portal and redirects for the Cornell AppStream Service',
RestApiId=Ref(api),
DependsOn=methods + ['ApiGatewayRootMethod'],
))
api_stage = t.add_resource(
Stage(
'ApiGatewayStage',
DeploymentId=Ref(api_deployment),
Description=
'Stage for API portal and redirects for the Cornell AppStream Service',
RestApiId=Ref(api),
StageName='apps',
))
######################
# API Gateway Domain #
######################
api_domain = t.add_resource(
DomainName(
'ApiGatewayDomain',
CertificateArn=self.config['ACM_ARN'],
DomainName=self.config['DomainName'],
))
api_domain_mapping = t.add_resource(
BasePathMapping(
'ApiGatewayDomainMapping',
DomainName=Ref(api_domain),
RestApiId=Ref(api),
Stage=Ref(api_stage),
))
###################
# VPC S3 Endpoint #
###################
s3_endpoint = t.add_resource(
VPCEndpoint(
'S3VPCEndpoint',
ServiceName=Sub('com.amazonaws.${AWS::Region}.s3'),
VpcId=self.config['VPC'],
RouteTableIds=self.config['RouteTables'],
))
####################
# S3 Bucket Policy #
####################
sub_args = {
'bucket_name': self.config['Bucket'],
'vpc_id': self.config['VPC']
}
with open('./include/bucket_policy.json', 'r') as bucketPolicyJSON:
bucket_policy_document = bucketPolicyJSON.read()
bucket_policy = t.add_resource(
BucketPolicy(
'FrameworkBucketPolicy',
Bucket=self.config['Bucket'],
PolicyDocument=Sub(bucket_policy_document, **sub_args),
))
with open('./cloudformation/framework.json', 'w') as frameworkTemplate:
frameworkTemplate.write(t.to_json())
return t