here i want to get arn of AWS::ApiGateway::Method in AWS::Lambda::Permission "SourceArn" property
here how i am how to get arn
when i am using Fn::GetAtt in SourceArn to get lambdaAPOSTMethod or lambdaBPOSTMethod arn its showing error saying Fn::GetAtt is not for AWS::ApiGateway::Method part
i saw we can do something like SourceArn: !Join [ ":", ["arn:aws:execute-api", !Ref AWS::Region, !Ref AWS::AccountId, !Ref ApiGatewayRestApi, "/*/POST/" ] ]
but i want something simple solution something like ref apigatewmethod
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": { "Environment": { "Type": "String" } },
"Resources":
{
"APIGatewayRestAPI":
{
"Type": "AWS::ApiGateway::RestApi",
"Properties": { "Name": { "Fn::Sub": "avllano-${Environment}" } },
},
"lambdaBResource":
{
"Type": "AWS::ApiGateway::Resource",
"Properties":
{
"RestApiId": { "Ref": "APIGatewayRestAPI" },
"ParentId":
{ "Fn::GetAtt": ["APIGatewayRestAPI", "RootResourceId"] },
"PathPart": { "Fn::Sub": "lambdaB-${Environment}" },
},
"DependsOn": ["APIGatewayRestAPI"],
},
"lambdaBPOSTMethod":
{
"Type": "AWS::ApiGateway::Method",
"Properties":
{
"RestApiId": { "Ref": "APIGatewayRestAPI" },
"ResourceId": { "Ref": "lambdaBResource" },
"HttpMethod": "POST",
"AuthorizationType": "AWS_IAM",
"MethodResponses": [{ "StatusCode": 200 }],
"Integration":
{
"Type": "AWS_PROXY",
"IntegrationResponses": [{ "StatusCode": 200 }],
"IntegrationHttpMethod": "POST",
"Uri":
{
"Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:lambdaB-${Environment}/invocations",
},
},
},
"DependsOn": ["lambdaBResource"],
},
"APIGatewayDeployment":
{
"Type": "AWS::ApiGateway::Deployment",
"Properties":
{
"RestApiId": { "Ref": "APIGatewayRestAPI" },
"StageName": { "Ref": "Environment" },
},
"DependsOn": ["lambdaAPOSTMethod", "lambdaBPOSTMethod"],
},
"lambdaAPermission":
{
"Type": "AWS::Lambda::Permission",
"Properties":
{
"Action": "lambda:InvokeFunction",
"FunctionName":
{
"Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:lambdaA-${Environment}",
},
"Principal": "apigateway.amazonaws.com",
"SourceArn" : ?
},
"DependsOn": ["APIGatewayDeployment"],
},
"lambdaBPermission":
{
"Type": "AWS::Lambda::Permission",
"Properties":
{
"Action": "lambda:InvokeFunction",
"FunctionName":
{
"Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:lambdaB-${Environment}",
},
"Principal": "apigateway.amazonaws.com",
"SourceArn" : ?
},
"DependsOn": ["APIGatewayDeployment"],
},
},
}
CodePudding user response:
Refs and GetAtts are not consistently implemented for CloudFormation resource types. You can find them towards the bottom of each doc page, before the examples. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-method.html
In this case you will have to use Join or Sub to construct the Arn.
CodePudding user response:
You can use the following syntax in the SourceArn property:
"SourceArn": { "Fn::Sub": "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${APIGatewayRestApi}/*/POST/" }