internal ApigwHttpApiEventbridgeDotnetCdkStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)
{
var eventBus = new EventBus(this, "MyEventBus", new EventBusProps
{
EventBusName = "MyEventBus"
});
// Logging
var eventLoggerRule = new Rule(this, "EventLoggerRule", new RuleProps
{
Description = "Log all events",
EventPattern = new EventPattern
{
Region = new string[] { "us-west-2" }
},
EventBus = eventBus
});
var logGroup = new LogGroup(this, "EventLogGroup", new LogGroupProps
{
LogGroupName = "/aws/events/MyEventBus",
});
eventLoggerRule.AddTarget(new EventTargets.CloudWatchLogGroup(logGroup));
// API
var httpApi = new HttpApi(this, "MyHttpApi");
// There"s no Eventbridge integration available as CDK L2 yet, so we have to use L1 and create Role, Integration and Route
var apiRole = new Role(this, "EventBridgeIntegrationRole", new RoleProps
{
AssumedBy = new ServicePrincipal("apigateway.amazonaws.com"),
});
apiRole.AddToPolicy(
new PolicyStatement(new PolicyStatementProps
{
Effect = Effect.ALLOW,
Resources = new string[] { eventBus.EventBusArn },
Actions = new string[] { "events:PutEvents" },
})
);
var eventbridgeIntegration = new CfnIntegration(
this,
"EventBridgeIntegration",
new CfnIntegrationProps
{
ApiId = httpApi.HttpApiId,
IntegrationType = "AWS_PROXY",
IntegrationSubtype = "EventBridge-PutEvents",
CredentialsArn = apiRole.RoleArn,
RequestParameters = new Dictionary <string, object>
{
["Source"] = "WebApp",
["DetailType"] = "MyDetailType",
["Detail"] = "$request.body",
["EventBusName"] = eventBus.EventBusArn
},
PayloadFormatVersion = "1.0",
TimeoutInMillis = 10000,
}
);
new CfnRoute(this, "EventRoute", new CfnRouteProps
{
ApiId = httpApi.HttpApiId,
RouteKey = "POST /",
Target = $"integrations/{eventbridgeIntegration.Ref}",
});
new CfnOutput(this, "apiUrl", new CfnOutputProps {
Value = httpApi.Url !, Description = "HTTP API endpoint URL"
});
internal CdkStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)
{
var startState = new Pass(this, "StartState");
var logGroup = new LogGroup(this, "HttpExpressWorkflowLogGroup");
var stepFunction = new StateMachine(this, "HttpExpressWorkflow", new StateMachineProps()
{
StateMachineName = "HttpExpressWorkflowExample",
StateMachineType = StateMachineType.EXPRESS,
Definition = startState,
Logs = new LogOptions()
{
Destination = logGroup,
Level = LogLevel.ALL
},
TracingEnabled = true
});
var apiGatewayRole = new Role(this, "ApiGatewayRole", new RoleProps()
{
AssumedBy = new ServicePrincipal("apigateway.amazonaws.com")
});
apiGatewayRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps()
{
Effect = Effect.ALLOW,
Sid = "AllowStepFunctionExecution",
Actions = new string[1] {
"states:StartSyncExecution"
},
Resources = new string[1] {
stepFunction.StateMachineArn
}
}));
var httpApi = new CfnHttpApi(this, "HttpApi", new CfnHttpApiProps()
{
StageName = "Main",
});
var integration = new CfnIntegration(this, "StepFunctionIntegration", new CfnIntegrationProps()
{
ApiId = httpApi.Ref,
IntegrationType = "AWS_PROXY",
IntegrationSubtype = "StepFunctions-StartSyncExecution",
CredentialsArn = apiGatewayRole.RoleArn,
RequestParameters = new Dictionary <string, string>(2)
{
{ "Input", "$request.body" },
{ "StateMachineArn", stepFunction.StateMachineArn }
},
PayloadFormatVersion = "1.0",
ConnectionType = "INTERNET"
});
var route = new CfnRoute(this, "StepFunctionRoute", new CfnRouteProps()
{
ApiId = httpApi.Ref,
RouteKey = "POST /execute",
Target = $"integrations/{integration.Ref}"
});
}
internal Apigatewayv2JwtAuthzSampleStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)
{
const string LambdaKey = "secure-lambda";
// Create a lambda function that will execute the logic when the api is called.
var function = new Function(this, LambdaKey, new FunctionProps
{
Runtime = Runtime.NODEJS_12_X,
Code = Code.FromAsset("lambdas"),
Handler = "my-secure-lambda.handler"
});
// Add cors options. (if you intend to call this from a web app)
var cors = new CorsPreflightOptions
{
AllowCredentials = true,
AllowHeaders = new string[] { "Authorization" },
AllowMethods = new HttpMethod[] { HttpMethod.GET, HttpMethod.OPTIONS },
AllowOrigins = new string[] { "http://*****:*****@"/secureresource";
// add a route to the api, attaching the JWT authorizer and targeting the integration.
var cr = new CfnRoute(this, $"{LambdaKey}-route", new CfnRouteProps
{
ApiId = api.HttpApiId,
RouteKey = $"GET {apiPath}",
AuthorizationType = "JWT",
AuthorizerId = jwtAuthZ.Ref,
Target = $"integrations/{integration.Ref}"
});
// finally, add permissions so the http api can invoke the lambda for the api path.
var resource = (CfnResource)api.Node.FindChild("Resource");
function.AddPermission($"{LambdaKey}-permission", new Permission
{
Principal = new Amazon.CDK.AWS.IAM.ServicePrincipal("apigateway.amazonaws.com"),
Action = "lambda:InvokeFunction",
SourceArn = $"arn:aws:execute-api:{this.Region}:{this.Account}:{resource.Ref}/*/*{apiPath}"
});
}
