个人中心
gpt4 book ai didi

amazon-web-services - 如何使用cloudformation创建私有(private)AWS Api网关?

转载 作者:行者123 更新时间:2023-12-03 20:27:36 25 4
gpt4 key购买 nike

我正在尝试创建一个私有(private)类型的AWS API网关,
这需要一个资源策略,我拥有该策略,因为我可以从 AWS 控制台创建网关,
我想知道如何通过 CF 模板添加资源策略 -

以下是资源策略的 swagger 定义 -

x-amazon-apigateway-policy:
  Version: "2012-10-17"
  Statement:
  - Effect: "Deny"
    Principal: "*"
    Action: "execute-api:Invoke"
    Resource: "arn:aws:execute-api:us-east-1:awsAccountId:xxxx/*/*/*"
    Condition:
      StringNotEquals:
        aws:sourceVpc: "vpc-xxxxx"
  - Effect: "Allow"
    Principal: "*"
    Action: "execute-api:Invoke"
    Resource: "arn:aws:execute-api:us-east-1:xxxx:xxxx/*/*/*"

如何在 CF 模板中配置它 -

AWSTemplateFormatVersion: 2010-09-09
Transform: 'AWS::Serverless-2016-10-31'
Description: G2G Api Template Stack

Resources:
   g2gPrivate:
    Type: 'AWS::ApiGateway::RestApi'
    Properties:
      Name: 'private-gw'
      EndpointConfiguration:
        Types:
          - PRIVATE

引用-
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html

https://medium.com/@cathmgarcia/conditional-resource-policy-on-aws-sam-with-inline-swagger-816ce946dbb

最佳答案

您需要在一个键下提供策略(称为Policy,与Name处于同一级别。

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-policy

这需要以 JSON 格式提供。

类似...

AWSTemplateFormatVersion: 2010-09-09
Transform: 'AWS::Serverless-2016-10-31'
Description: G2G Api Template Stack

Resources:
   g2gPrivate:
    Type: 'AWS::ApiGateway::RestApi'
    Properties:
      Name: 'private-gw'
      EndpointConfiguration:
        Types:
          - PRIVATE
      Policy: !Sub |
        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Deny",
              "Principal": "*",
              "Action": "execute-api:Invoke",
              "Resource": "arn:aws:execute-api:us-east-1:${AWS::AccountId}:*/*/*/*",
              "Condition": {
                "StringNotEquals": {
                  "aws:sourceVpc": "vpc-xxxxx"
                }
              }
            },
            {
              "Effect": "Allow",
              "Principal": "*",
              "Action": "execute-api:Invoke",
              "Resource": "arn:aws:execute-api:us-east-1:${AWS::AccountId}:*/*/*/*"
            }
          ]
        }

关于amazon-web-services - 如何使用cloudformation创建私有(private)AWS Api网关?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57785755/

25 4 0
文章推荐: visual-studio - Azure Devops - 删除工作区
文章推荐: apache-spark - 如何在 Spark Structured Streaming 中指定批处理间隔?
文章推荐: python - Lambda Python 查询 SSM 参数存储值
文章推荐: performance - 点积与直接矢量分量在着色器中的总和性能
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com