Aws-cdk: [apigateway] SpecRestAPI `x-amazon-apigateway-endpoint-configuration` not usable for private API initial deployment
It is not possible to use the swagger/openAPI x-amazon-apigateway-endpoint-configuration option in conjunction with the private endpointType.
If you specify a vpce in the endpoint configuration, you get the following:
VPCEndpoints can only be specified with PRIVATE apis. (Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException; Request ID: a2a6cebc-7004-4884-9398-0b83a384b49c)
new SpecRestApi (/Users/ismael.martinez/projects/bitbucket/BIP/draw/draw-scheduler/node_modules/@aws-cdk/aws-apigateway/lib/restapi.ts:486:22)
...
If you deploy the stack without the x-amazon-apigateway-endpoint-configuration, it does create a usable and private API Gateway, but the vpce is not defined in the 'Settings - Endpoint configuration' section.
If you then deploy again the stack with the x-amazon-apigateway-endpoint-configuration, it does work, so this issue is only related to the initial creation of the API Gateway.
Reproduction Steps
Using the following code:
const api = new apigateway.SpecRestApi(this, 'ExampleRestApi', {
apiDefinition: apigateway.ApiDefinition.fromInline(swaggerInline),
endpointTypes: [apigateway.EndpointType.PRIVATE],
});
Where the swagger inline is as shown:
{
"openapi": "3.0.1",
"servers": [
{
"x-amazon-apigateway-endpoint-configuration": {
"vpcEndpointIds": [
"${PPL::VPCId}"
]
}
}
],
"paths": {
"/example": {
"get": {
"responses": {
"200": {
"description": "200 response",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/200Response"
}
}
}
},
"400": {
"description": "400 response",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/400Response"
}
}
}
},
"404": {
"description": "404 response",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/404Response"
}
}
}
},
"500": {
"description": "500 response",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/500Response"
}
}
}
}
},
"x-amazon-apigateway-integration": {
"uri": "${PPL::LambdaAliasArn}",
"responses": {
"default": {
"statusCode": "200"
}
},
"passthroughBehavior": "when_no_match",
"httpMethod": "POST",
"contentHandling": "CONVERT_TO_TEXT",
"type": "aws_proxy"
}
}
}
},
"components": {
"schemas": {
"200Response": {
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
},
"400Response": {
"type": "object",
"properties": {
"errors": {
"type": "array",
"items": {
"$ref": "#/components/schemas/Error"
}
}
}
},
"404Response": {
"$ref": "#/components/schemas/Error"
},
"500Response": {
"$ref": "#/components/schemas/Error"
},
"Error": {
"type": "object",
"properties": {
"errorCode": {
"type": "string"
},
"message": {
"type": "string"
}
}
}
}
},
"x-amazon-apigateway-policy": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": [
"execute-api:Invoke",
"execute-api:GET"
],
"Resource": "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:*",
"Condition": {
"StringEquals": {
"aws:sourceVpce": "${PPL::VPCId}"
}
}
}
]
}
}
Where the PPL::VPCId is the endpoint id and the PPL::LambdaAliasArn is the lambda alias arn.
We substitute those values dynamically but I don't thinks that is the issue.
What did you expect to happen?
I will expect to get a private API Gateway with the vpce defined in the 'Settings - Endpoint configuration' section.
What actually happened?
The deployment fails with the following message:
VPCEndpoints can only be specified with PRIVATE apis. (Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException; Request ID: a2a6cebc-7004-4884-9398-0b83a384b49c)
new SpecRestApi (/Users/ismael.martinez/projects/bitbucket/BIP/draw/draw-scheduler/node_modules/@aws-cdk/aws-apigateway/lib/restapi.ts:486:22)
...
Environment
- CLI Version : 1.57.0
- Framework Version: 1.57.0
- Node.js Version: 10.22.0
- OS : MAC 10.15.6
- Language (Version): TypeScript (3.8.2)
Other
This is :bug: Bug Report
IsmaelMartinez
>All comments
The requires investigation into how to correctly use x-amazon-apigateway-endpoint-configuration option in the OpenAPI definition.
nija-at
on 17 Aug 2020
Related issues
mirazmamun
路
3Comments
slipdexic
路
3Comments
PaulMaddox
路
3Comments
schof
路
3Comments
peterdeme
路
3Comments
Most helpful comment
The requires investigation into how to correctly use
x-amazon-apigateway-endpoint-configurationoption in the OpenAPI definition.