diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/README.md b/packages/@aws-cdk/aws-apigatewayv2-integrations/README.md index cce77fd6398e6..c3e28c7484081 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-integrations/README.md +++ b/packages/@aws-cdk/aws-apigatewayv2-integrations/README.md @@ -20,6 +20,7 @@ - [HTTP APIs](#http-apis) - [Lambda Integration](#lambda) - [HTTP Proxy Integration](#http-proxy) + - [AWS Service Integration](#aws-service) - [Private Integration](#private-integration) - [WebSocket APIs](#websocket-apis) - [Lambda WebSocket Integration](#lambda-websocket-integration) @@ -78,6 +79,34 @@ httpApi.addRoutes({ }); ``` +### AWS Service + +You can integrate your HTTP API with AWS services by using first-class integrations. A first-class integration connects +an HTTP API route to an AWS service API. When a client invokes a route that's backed by a first-class integration, +API Gateway invokes an AWS service API for you. More information can be found at [Working with AWS service integrations for HTTP APIs] +(https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-integrations-aws-services.html). + +The following code configures a route `POST /start` to start execution of Step Functions state machine. + +```ts +const httpApi = new HttpApi(stack, 'HttpApi'); + +const state = new StateMachine(stack, 'MyStateMachine', { + definition: Chain.start(new Pass(stack, 'Pass')), + stateMachineType: StateMachineType.STANDARD, +}); + +httpApi.addRoutes({ + path: '/start', + methods: [ HttpMethod.POST ], + integration: new StepFunctionsStartExecutionIntegration({ + stateMachine: state, + input: '$request.body.input', + timeout: Duration.seconds(10), + }), +}); +``` + ### Private Integration Private integrations enable integrating an HTTP API route with private resources in a VPC, such as Application Load Balancers or diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/aws.ts b/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/aws.ts new file mode 100644 index 0000000000000..8534c3ec62c9a --- /dev/null +++ b/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/aws.ts @@ -0,0 +1,141 @@ +import { IRole } from '@aws-cdk/aws-iam'; +import { IStateMachine } from '@aws-cdk/aws-stepfunctions'; +import { AwsServiceIntegration, AwsServiceIntegrationProps } from './private/integration'; + +/** + * The common Step Functions integration resource for HTTP API + */ +abstract class StepFunctionsIntegration extends AwsServiceIntegration { + + /** + * + * @internal + */ + protected _integrationService(): string { + return 'StepFunctions'; + } +} + +/** + * Step Functions StartExecution integration properties + */ +export interface StepFunctionsStartExecutionIntegrationProps extends AwsServiceIntegrationProps { + + /** + * The state machine to be executed + */ + readonly stateMachine: IStateMachine; + + /** + * The execution name + * + * @default - undefined + */ + readonly name?: string; + + /** + * The input parameters of execution + * + * @default - undefined + */ + readonly input?: any; + + /** + * The region of state machine + * + * @default - undefined + */ + readonly region?: string; +} + +/** + * The StepFunctions-StartExecution integration resource for HTTP API + */ +export class StepFunctionsStartExecutionIntegration extends StepFunctionsIntegration { + + constructor(private readonly _props: StepFunctionsStartExecutionIntegrationProps) { + super(_props); + } + + /** + * + * @internal + */ + protected _integrationAction(): string { + return 'StartExecution'; + } + + /** + * + * @internal + */ + protected _fulfillRole(credentialsRole: IRole): void { + this._props.stateMachine.grantStartExecution(credentialsRole); + } + + /** + * + * @internal + */ + protected _buildRequestParameters(): { [key: string]: any } { + return { + StateMachineArn: this._props.stateMachine.stateMachineArn, + Name: this._props.name, + Input: this._props.input, + Region: this._props.region, + }; + } +} + +/** + * Step Functions StartSyncExecution integration properties + */ +export interface StepFunctionsStartSyncExecutionIntegrationProps extends StepFunctionsStartExecutionIntegrationProps { + + /** + * Passes the AWS X-Ray trace header. The trace header can also be passed in the request payload. + * + * @default - undefined + */ + readonly traceHeader?: string; +} + +/** + * The StepFunctions-StartExecution integration resource for HTTP API + */ +export class StepFunctionsStartSyncExecutionIntegration extends StepFunctionsIntegration { + + constructor(private readonly _props: StepFunctionsStartSyncExecutionIntegrationProps) { + super(_props); + } + + /** + * + * @internal + */ + protected _integrationAction(): string { + return 'StartSyncExecution'; + } + + /** + * + * @internal + */ + protected _fulfillRole(credentialsRole: IRole): void { + this._props.stateMachine.grantStartExecution(credentialsRole); + } + + /** + * + * @internal + */ + protected _buildRequestParameters(): { [key: string]: any } { + return { + StateMachineArn: this._props.stateMachine.stateMachineArn, + Name: this._props.name, + Input: this._props.input, + Region: this._props.region, + TraceHeader: this._props.traceHeader, + }; + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/base-types.ts b/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/base-types.ts index 5000dfb63a751..f233f7fcac447 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/base-types.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/base-types.ts @@ -1,4 +1,5 @@ import { HttpMethod, IVpcLink } from '@aws-cdk/aws-apigatewayv2'; +import { Duration } from '@aws-cdk/core'; /** * Base options for private integration @@ -16,4 +17,24 @@ export interface HttpPrivateIntegrationOptions { * @default HttpMethod.ANY */ readonly method?: HttpMethod; +} + +/** + * Common properties to initialize a new `HttpProxyIntegration`. + */ +export interface CommonIntegrationProps { + + /** + * The description of the integration + * + * @default - undefined + */ + readonly description?: string; + + /** + * Custom timeout for HTTP APIs + * + * @default - undefined + */ + readonly timeout?: Duration; } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/index.ts b/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/index.ts index 8e0598975f8cb..9bb5a46315f63 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/index.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/index.ts @@ -4,3 +4,4 @@ export * from './nlb'; export * from './service-discovery'; export * from './http-proxy'; export * from './lambda'; +export * from './aws'; diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/private/integration.ts b/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/private/integration.ts index 6d32b22794722..e135dac5aff8f 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/private/integration.ts +++ b/packages/@aws-cdk/aws-apigatewayv2-integrations/lib/http/private/integration.ts @@ -9,6 +9,8 @@ import { IVpcLink, } from '@aws-cdk/aws-apigatewayv2'; import * as ec2 from '@aws-cdk/aws-ec2'; +import { IRole, Role, ServicePrincipal } from '@aws-cdk/aws-iam'; +import { CommonIntegrationProps } from '../base-types'; /** @@ -63,3 +65,65 @@ export abstract class HttpPrivateIntegration implements IHttpRouteIntegration { public abstract bind(options: HttpRouteIntegrationBindOptions): HttpRouteIntegrationConfig; } + +/** + * Aws Service integration properties + * + * @internal + */ +export interface AwsServiceIntegrationProps extends CommonIntegrationProps { +} + +/** + * The Aws Service integration resource for HTTP API + * + * @internal + */ +export abstract class AwsServiceIntegration implements IHttpRouteIntegration { + + constructor(private readonly props: AwsServiceIntegrationProps) { + } + + /** + * + * @internal + */ + protected abstract _fulfillRole(credentialsRole: IRole): void; + + /** + * + * @internal + */ + protected abstract _buildRequestParameters(): { [key: string]: any }; + + /** + * + * @internal + */ + protected abstract _integrationService(): string; + + /** + * + * @internal + */ + protected abstract _integrationAction(): string; + + public bind(_options: HttpRouteIntegrationBindOptions): HttpRouteIntegrationConfig { + + const role = new Role(_options.scope, 'Role', { + assumedBy: new ServicePrincipal('apigateway.amazonaws.com'), + }); + this._fulfillRole(role); + + return { + payloadFormatVersion: PayloadFormatVersion.VERSION_1_0, // 1.0 is required and is the only supported format + type: HttpIntegrationType.LAMBDA_PROXY, + subtype: `${this._integrationService()}-${this._integrationAction()}`, + credentials: role.roleArn, + timeout: this.props.timeout, + description: this.props.description, + requestParameters: this._buildRequestParameters(), + }; + } + +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/package.json b/packages/@aws-cdk/aws-apigatewayv2-integrations/package.json index 8eb5e63c8c3a0..4dcd694962b29 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-integrations/package.json +++ b/packages/@aws-cdk/aws-apigatewayv2-integrations/package.json @@ -84,6 +84,7 @@ "@aws-cdk/aws-iam": "0.0.0", "@aws-cdk/aws-lambda": "0.0.0", "@aws-cdk/aws-servicediscovery": "0.0.0", + "@aws-cdk/aws-stepfunctions": "0.0.0", "@aws-cdk/core": "0.0.0", "constructs": "^3.3.69" }, @@ -94,6 +95,7 @@ "@aws-cdk/aws-iam": "0.0.0", "@aws-cdk/aws-lambda": "0.0.0", "@aws-cdk/aws-servicediscovery": "0.0.0", + "@aws-cdk/aws-stepfunctions": "0.0.0", "@aws-cdk/core": "0.0.0", "constructs": "^3.3.69" }, diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/aws.test.ts b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/aws.test.ts new file mode 100644 index 0000000000000..6bfb85f7ea290 --- /dev/null +++ b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/aws.test.ts @@ -0,0 +1,82 @@ +import '@aws-cdk/assert-internal/jest'; +import { HttpApi, HttpRoute, HttpRouteKey } from '@aws-cdk/aws-apigatewayv2'; +import { StateMachine, Chain, Pass, StateMachineType } from '@aws-cdk/aws-stepfunctions'; +import { Stack, Duration } from '@aws-cdk/core'; +import { StepFunctionsStartExecutionIntegration, StepFunctionsStartSyncExecutionIntegration } from '../../lib'; + +describe('AwsServiceIntegration', () => { + test('StepFunctions-StartExecution', () => { + const stack = new Stack(); + const api = new HttpApi(stack, 'HttpApi'); + + new HttpRoute(stack, 'StepFunctionsStartExeRoute', { + httpApi: api, + integration: new StepFunctionsStartExecutionIntegration({ + stateMachine: stateMachine(stack), + name: 'MyExe', + input: '$request.body.input', + timeout: Duration.seconds(10), + description: 'Start execution of state machine', + }), + routeKey: HttpRouteKey.with('/start'), + }); + + expect(stack).toHaveResource('AWS::ApiGatewayV2::Integration', { + IntegrationType: 'AWS_PROXY', + CredentialsArn: { + 'Fn::GetAtt': [ + 'StepFunctionsStartExeRouteRoleEC2F84D2', + 'Arn', + ], + }, + IntegrationSubtype: 'StepFunctions-StartExecution', + PayloadFormatVersion: '1.0', + RequestParameters: { + StateMachineArn: { + Ref: 'MyStateMachine6C968CA5', + }, + Input: '$request.body.input', + Name: 'MyExe', + }, + TimeoutInMillis: 10000, + }); + }); + + test('StepFunctions-StartSyncExecution', () => { + const stack = new Stack(); + const api = new HttpApi(stack, 'HttpApi'); + + new HttpRoute(stack, 'StepFunctionsStartSyncExeRoute', { + httpApi: api, + integration: new StepFunctionsStartSyncExecutionIntegration({ + stateMachine: stateMachine(stack), + input: { + a: 'b', + }, + }), + routeKey: HttpRouteKey.with('/startSync'), + }); + + expect(stack).toHaveResource('AWS::ApiGatewayV2::Integration', { + IntegrationType: 'AWS_PROXY', + IntegrationSubtype: 'StepFunctions-StartSyncExecution', + PayloadFormatVersion: '1.0', + RequestParameters: { + StateMachineArn: { + Ref: 'MyStateMachine6C968CA5', + }, + Input: { + a: 'b', + }, + }, + }); + }); +}); + +function stateMachine(stack: Stack): StateMachine { + return new StateMachine(stack, 'MyStateMachine', { + stateMachineName: 'MyStateMachine', + definition: Chain.start(new Pass(stack, 'Pass')), + stateMachineType: StateMachineType.STANDARD, + }); +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.aws-integration.expected.json b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.aws-integration.expected.json new file mode 100644 index 0000000000000..0dbf462ad57e6 --- /dev/null +++ b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.aws-integration.expected.json @@ -0,0 +1,172 @@ +{ + "Resources": { + "MyStateMachineRoleD59FFEBC": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MyStateMachine6C968CA5": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "RoleArn": { + "Fn::GetAtt": [ + "MyStateMachineRoleD59FFEBC", + "Arn" + ] + }, + "DefinitionString": "{\"StartAt\":\"Pass\",\"States\":{\"Pass\":{\"Type\":\"Pass\",\"End\":true}}}", + "StateMachineType": "STANDARD" + }, + "DependsOn": [ + "MyStateMachineRoleD59FFEBC" + ] + }, + "AwsIntegrationApi1AEE0491": { + "Type": "AWS::ApiGatewayV2::Api", + "Properties": { + "Name": "AwsIntegrationApi", + "ProtocolType": "HTTP" + } + }, + "AwsIntegrationApiDefaultRouteRole281F5707": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "apigateway.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "AwsIntegrationApiDefaultRouteRoleDefaultPolicyB4A9E1ED": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "states:StartExecution", + "Effect": "Allow", + "Resource": { + "Ref": "MyStateMachine6C968CA5" + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "AwsIntegrationApiDefaultRouteRoleDefaultPolicyB4A9E1ED", + "Roles": [ + { + "Ref": "AwsIntegrationApiDefaultRouteRole281F5707" + } + ] + } + }, + "AwsIntegrationApiDefaultRouteHttpIntegration537920e78a2bcc139296f1727fb9aebf9BA3DE24": { + "Type": "AWS::ApiGatewayV2::Integration", + "Properties": { + "ApiId": { + "Ref": "AwsIntegrationApi1AEE0491" + }, + "IntegrationType": "AWS_PROXY", + "CredentialsArn": { + "Fn::GetAtt": [ + "AwsIntegrationApiDefaultRouteRole281F5707", + "Arn" + ] + }, + "IntegrationSubtype": "StepFunctions-StartExecution", + "PayloadFormatVersion": "1.0", + "RequestParameters": { + "StateMachineArn": { + "Ref": "MyStateMachine6C968CA5" + }, + "Input": "$request.body.input" + } + } + }, + "AwsIntegrationApiDefaultRouteF019925B": { + "Type": "AWS::ApiGatewayV2::Route", + "Properties": { + "ApiId": { + "Ref": "AwsIntegrationApi1AEE0491" + }, + "RouteKey": "$default", + "Target": { + "Fn::Join": [ + "", + [ + "integrations/", + { + "Ref": "AwsIntegrationApiDefaultRouteHttpIntegration537920e78a2bcc139296f1727fb9aebf9BA3DE24" + } + ] + ] + } + } + }, + "AwsIntegrationApiDefaultStageDFAEF224": { + "Type": "AWS::ApiGatewayV2::Stage", + "Properties": { + "ApiId": { + "Ref": "AwsIntegrationApi1AEE0491" + }, + "StageName": "$default", + "AutoDeploy": true + } + } + }, + "Outputs": { + "Endpoint": { + "Value": { + "Fn::Join": [ + "", + [ + "https://", + { + "Ref": "AwsIntegrationApi1AEE0491" + }, + ".execute-api.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/" + ] + ] + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.aws-integration.ts b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.aws-integration.ts new file mode 100644 index 0000000000000..5ebbd9fa847cb --- /dev/null +++ b/packages/@aws-cdk/aws-apigatewayv2-integrations/test/http/integ.aws-integration.ts @@ -0,0 +1,29 @@ +import { HttpApi } from '@aws-cdk/aws-apigatewayv2'; +import { StateMachine, Chain, StateMachineType, Pass } from '@aws-cdk/aws-stepfunctions'; +import { App, CfnOutput, Stack } from '@aws-cdk/core'; +import { StepFunctionsStartExecutionIntegration } from '../../lib'; + +/* + * Stack verification steps: + * "curl " should return 'success' + */ + +const app = new App(); + +const stack = new Stack(app, 'integ-aws-service'); + +const state = new StateMachine(stack, 'MyStateMachine', { + definition: Chain.start(new Pass(stack, 'Pass')), + stateMachineType: StateMachineType.STANDARD, +}); + +const endpoint = new HttpApi(stack, 'AwsIntegrationApi', { + defaultIntegration: new StepFunctionsStartExecutionIntegration({ + stateMachine: state, + input: '$request.body.input', + }), +}); + +new CfnOutput(stack, 'Endpoint', { + value: endpoint.url!, +}); \ No newline at end of file diff --git a/packages/@aws-cdk/aws-apigatewayv2/lib/http/api.ts b/packages/@aws-cdk/aws-apigatewayv2/lib/http/api.ts index 9675a7654a712..8f0daffc811c8 100644 --- a/packages/@aws-cdk/aws-apigatewayv2/lib/http/api.ts +++ b/packages/@aws-cdk/aws-apigatewayv2/lib/http/api.ts @@ -228,12 +228,17 @@ abstract class HttpApiBase extends ApiBase implements IHttpApi { // note that th const integration = new HttpIntegration(scope, `HttpIntegration-${configHash}`, { httpApi: this, + description: config.description, integrationType: config.type, + integrationSubtype: config.subtype, integrationUri: config.uri, + requestParameters: config.requestParameters, + credentials: config.credentials, method: config.method, connectionId: config.connectionId, connectionType: config.connectionType, payloadFormatVersion: config.payloadFormatVersion, + timeout: config.timeout, }); this._integrationCache.saveIntegration(scope, config, integration); diff --git a/packages/@aws-cdk/aws-apigatewayv2/lib/http/integration.ts b/packages/@aws-cdk/aws-apigatewayv2/lib/http/integration.ts index 836b831550fb7..7c49ea742691e 100644 --- a/packages/@aws-cdk/aws-apigatewayv2/lib/http/integration.ts +++ b/packages/@aws-cdk/aws-apigatewayv2/lib/http/integration.ts @@ -1,4 +1,4 @@ -import { Resource } from '@aws-cdk/core'; +import { Resource, Duration } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { CfnIntegration } from '../apigatewayv2.generated'; import { IIntegration } from '../common'; @@ -82,17 +82,54 @@ export interface HttpIntegrationProps { */ readonly httpApi: IHttpApi; + /** + * The description of the integration + * + * @default - undefined + */ + readonly description?: string; + + /** + * Specifies the credentials ARN required for the integration, if any. + * + * @default - undefined + */ + readonly credentials?: string; + /** * Integration type */ readonly integrationType: HttpIntegrationType; + /** + * Specifies the AWS service action to invoke. + * + * @default - undefined + */ + readonly integrationSubtype?: string; + + /** + * Custom timeout for HTTP APIs + * + * @default - undefined + */ + readonly timeout?: Duration; + + /** + * Request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. + * + * @default - undefined + */ + readonly requestParameters?: { [key: string]: any }; + /** * Integration URI. * This will be the function ARN in the case of `HttpIntegrationType.LAMBDA_PROXY`, * or HTTP URL in the case of `HttpIntegrationType.HTTP_PROXY`. + * + * @default - undefined */ - readonly integrationUri: string; + readonly integrationUri?: string; /** * The HTTP method to use when calling the underlying HTTP proxy @@ -133,14 +170,24 @@ export class HttpIntegration extends Resource implements IHttpIntegration { constructor(scope: Construct, id: string, props: HttpIntegrationProps) { super(scope, id); + + if (props.timeout && (props.timeout.toMilliseconds() < 50 || props.timeout.toMilliseconds() > 30000)) { + throw new Error(`The timeout of HTTP integration should be between 50 and 30,000, got ${props.timeout.toMilliseconds()}.`); + } + const integ = new CfnIntegration(this, 'Resource', { apiId: props.httpApi.apiId, + description: props.description, integrationType: props.integrationType, + integrationSubtype: props.integrationSubtype, integrationUri: props.integrationUri, integrationMethod: props.method, + credentialsArn: props.credentials, + requestParameters: props.requestParameters, connectionId: props.connectionId, connectionType: props.connectionType, payloadFormatVersion: props.payloadFormatVersion?.version, + timeoutInMillis: props.timeout?.toMilliseconds(), }); this.integrationId = integ.ref; this.httpApi = props.httpApi; @@ -178,15 +225,52 @@ export interface IHttpRouteIntegration { * Config returned back as a result of the bind. */ export interface HttpRouteIntegrationConfig { + /** + * The description of the integration + * + * @default - undefined + */ + readonly description?: string; + /** * Integration type. */ readonly type: HttpIntegrationType; + /** + * Specifies the credentials ARN required for the integration, if any. + * + * @default - undefined + */ + readonly credentials?: string; + + /** + * Specifies the AWS service action to invoke. + * + * @default - undefined + */ + readonly subtype?: string; + + /** + * Custom timeout for HTTP APIs + * + * @default - undefined + */ + readonly timeout?: Duration; + + /** + * Request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. + * + * @default - undefined + */ + readonly requestParameters?: { [key: string]: any }; + /** * Integration URI + * + * @default - undefined */ - readonly uri: string; + readonly uri?: string; /** * The HTTP method that must be used to invoke the underlying proxy.