Serverless-application-model: Add VpcEndpointIds to EndpointConfiguration Parameter

Created on 13 Dec 2019 · 4Comments · Source: aws/serverless-application-model

Description:

Currently Cloudformation supports both Types and VpcEndpointIds as parameters on EndpointConfiguration. For endpoints types of PRIVATE a VPC endpoint is required to generate Route53 Aliases from which you can use to direct to specific APIs on apigateway. Without the Aliases the API id must be supplied in the header on every request (x-apigw-api-id). As a workaround the Api and VPCe can be linked through the console/sdks but every time SAM is deployed it overwrites the previous configuration.

Adding a VpcEndpointIds as a list of strings parameter on the EndpointConfiguration would enable the association of Apis on apigateway and vpce's

typfeature

Source

matmertz25

👍24

Most helpful comment

Looks like a PR exists for this https://github.com/awslabs/serverless-application-model/pull/1524 -- last update 19 days ago. Hitting the same issue, so hope something comes up soon.

markdwags on 18 Jun 2020

👍5

All 4 comments

Steps to reproduce the issue:

Create a template with the following content:

AWSTemplateFormatVersion: '2010-09-09'

Transform: AWS::Serverless-2016-10-31

Description: >
  sam-app

  Sample SAM Template for sam-app

Resources:

  AWSApiGateway:
    Type: AWS::Serverless::Api
    Properties:
      # resolves an issue with the following error:
      # Private REST API doesn't have a resource policy attached to it (Service: AmazonApiGateway;
      # Status Code: 400; Error Code: BadRequestException; Request ID: acbe714e-970b-4150-b042-f5624a8b3ff4)
      Auth:
        ResourcePolicy:
          IpRangeWhitelist: 10.0.0.0/24
      Name: Private AWS Api Gateway
      # EndpointConfiguration: Private
      EndpointConfiguration: 
        Types: 
          - PRIVATE
        VpcEndpointIds:
          - !Ref ApiGatewayVPCEndpoint
      StageName: Staging

  HelloWorldFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: hello_world/
      Handler: app.lambda_handler
      Runtime: python3.8
      Events:
        HelloWorld:
          Type: Api
          Properties:
            Path: /hello
            Method: get
            RestApiId: !Ref AWSApiGateway

Outputs: {}

Where the !mport statement returns the id of a AWS::EC2::VPCEndpoint type resource.

Then run the following command: sam build --use-container

Observed result:

I receive the following error:

samcli.commands.validate.lib.exceptions.InvalidSamDocumentException: [InvalidResourceException('AWSApiGateway', "Type of property 'EndpointConfiguration' is invalid.")] ('AWSApiGateway', "Type of property 'EndpointConfiguration' is invalid.")

Expected result:

The expected result is that a AWS::Serverless::Api type resource would be built.

colinbjohnson on 27 Feb 2020

Today EndpointConfiguration only takes a string, but we want to change this to accept string or dict, which would look something like

EndpointConfiguration:
  Types: [ <REGIONAL| EDGE | PRIVATE>]
  VPCEndpointIds: [<string>]

For adding in feature you need to update EndpointConfigurations property to one_of(is_str(), is_type(dict)) and also add VpcEndpointIds property here.

ShreyaGangishetty on 28 Feb 2020

Looks like a PR exists for this https://github.com/awslabs/serverless-application-model/pull/1524 -- last update 19 days ago. Hitting the same issue, so hope something comes up soon.

markdwags on 18 Jun 2020

👍5

Closing as #1524 provides solution below.

EndpointConfiguration:
  Type: PRIVATE # OPTIONAL | Default value is REGIONAL. Accepted values are EDGE, REGIONAL, PRIVATE
  VPCEndpointIds: [<list of vpc endpoint ids>] # REQUIRED if Type is PRIVATE

matmertz25 on 18 Aug 2020

Was this page helpful?

0 / 5 - 0 ratings