Aws-cdk: ApiGateway LambdaRestApi doesn't allow overriding default integration properties
Note: for support questions, please first reference our documentation, then use Stackoverflow. This repository's issues are intended for feature requests and bug reports.
I'm submitting a ...
- [ ] :beetle: bug report
- [X] :rocket: feature request
- [ ] :books: construct library gap
- [ ] :phone: security issue or vulnerability => Please see policy
- [ ] :question: support request => Please see note at the top of this template.
What is the current behavior?
If the current behavior is a :beetle:bug:beetle:: Please provide the steps to reproduce
When defining LambdaRestApi I am unable to assign credentials role to the lambda. Only handler can be passed: https://github.com/awslabs/aws-cdk/blob/master/packages/@aws-cdk/aws-apigateway/lib/lambda-api.ts#L51
- What is the expected behavior (or behavior of feature suggested)?
I should be able to assign credentialsRole or other integration properties.
- What is the motivation / use case for changing the behavior or adding this feature?
When users are introduced to apigateway constructs are going to choose lambda rest api naturally when having a lambda handler. However they will soon find they can't override any props on the integration (https://github.com/awslabs/aws-cdk/blob/master/packages/@aws-cdk/aws-apigateway/lib/lambda-api.ts#L46) and will need to switch to a regular RestApi.
Please tell us about your environment:
- CDK CLI Version: 0.38.0
- Module Version: 0.38.0
- OS: All
- Language: All
Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. associated pull-request, stackoverflow, gitter, etc)
mb-dev
All 9 comments
Hey @mb-dev,
If I understand correctly, you want to assign a credentials role to the lambda handling the requests from the API.
The LambdaRestApiProps has a handler member that is an IFunction, which itself has a member of type IRole. You should be able to assign a role to that sub-member.
Please let me know if this solves your problem!
NGL321
on 10 Jul 2019
@NGL321 A handler role and integration credentials role are different. I have a role assigned to the handler and that is correctly assigned to the lambda itself. However the credentials role defined in the integration allows api gateway to launch the lambda, and needs to have service principal of "apigateway.amazonaws.com" with invoke lambda permissions.
So that doesn't solve the problem.
mb-dev
on 10 Jul 2019
Reading more in the docs - should I use permissions on the lambda instead?
https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html#access-control-resource-based-example-apigateway-invoke-function
mb-dev
on 10 Jul 2019
Hey! I'm having the same issue but with a twist. I was trying to pass an integration to the default integration because I really need cache to be based on the query parameters (using cacheKeyParameters on the options of this integration, which is not available on LamdaRestApi options).
I agree this should be changed, because it seems counter-intuitive that you're allowed to pass an Integration only to be received by a "you can't do that" message after using cdk deploy.
i-avalos
on 29 Jul 2019
i ended up using the plain RestApi. You can look at the code to see what LambdaRestApi does and apply it manually.
This seems to be the issue on many constructs that provide specialized behavior. For example ECSCluster addCapacity doesn't allow to specify iam role, or key name for the auto scaling group. Want a role? define auto scaling group yourself then use addAutoScalingGroup.
mb-dev
on 29 Jul 2019
This is really an issue for me too, we want to use a custom lambda integration that has a VpcLink to our own Vpc but I get this warning Cannot specify "defaultIntegration" since Lambda integration is automatically defined. So there seems to be no way to add this integration or override the existing one.
timurista
on 29 Jan 2020
This should be easy to add. It would require modifying LambdaRestApiProps to have another property - integrationOptions - of type IntegrationOptions.
nija-at
on 5 Feb 2020
@nija-at This sounds like a good first issue for me as I've used CDK with ApiGateway heavily. I'm happy to take a look
gustakasn0v
on 28 Apr 2020
All yours @gustakasn0v
nija-at
on 28 Apr 2020
Related issues
vgribok
路
3Comments
schof
路
3Comments
Kent1
路
3Comments
cybergoof
路
3Comments
v-do
路
3Comments
Most helpful comment
i ended up using the plain RestApi. You can look at the code to see what LambdaRestApi does and apply it manually.
This seems to be the issue on many constructs that provide specialized behavior. For example ECSCluster addCapacity doesn't allow to specify iam role, or key name for the auto scaling group. Want a role? define auto scaling group yourself then use addAutoScalingGroup.