-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(apigateway): resource policy configuration for private API #31692
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request
. Additionally, if clarification is needed add Clarification Request
to a comment.
a0ccf6e
to
b599740
Compare
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
0c5d8b1
to
841c596
Compare
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Issue # (if applicable)
Closes #31660.
Reason for this change
To create a Private API Gateway, we need to attach a resource policy that allows access only from specific Interface VPC Endpoints, as shown below.
This is a bit troublesome.
Description of changes
IRestApi.addToResourcePolicy()
addToResourcePolicy()
atRestApi
,SpecApi
, and importedRestApi
classRestApiBase.grantInvoke()
In the
grantInvoke
method, it was necessary to set a resource policy, and since apolicy
already existed inRestApiProps
, I implemented it so that both can be used simultaneously.Description of how you validated changes
Add both unit and integ tests.
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license