internal CdkStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)
{
var startState = new Pass(this, "StartState");
var logGroup = new LogGroup(this, "HttpExpressWorkflowLogGroup");
var stepFunction = new StateMachine(this, "HttpExpressWorkflow", new StateMachineProps()
{
StateMachineName = "HttpExpressWorkflowExample",
StateMachineType = StateMachineType.EXPRESS,
Definition = startState,
Logs = new LogOptions()
{
Destination = logGroup,
Level = LogLevel.ALL
},
TracingEnabled = true
});
var apiGatewayRole = new Role(this, "ApiGatewayRole", new RoleProps()
{
AssumedBy = new ServicePrincipal("apigateway.amazonaws.com")
});
apiGatewayRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps()
{
Effect = Effect.ALLOW,
Sid = "AllowStepFunctionExecution",
Actions = new string[1] {
"states:StartSyncExecution"
},
Resources = new string[1] {
stepFunction.StateMachineArn
}
}));
var httpApi = new CfnHttpApi(this, "HttpApi", new CfnHttpApiProps()
{
StageName = "Main",
});
var integration = new CfnIntegration(this, "StepFunctionIntegration", new CfnIntegrationProps()
{
ApiId = httpApi.Ref,
IntegrationType = "AWS_PROXY",
IntegrationSubtype = "StepFunctions-StartSyncExecution",
CredentialsArn = apiGatewayRole.RoleArn,
RequestParameters = new Dictionary <string, string>(2)
{
{ "Input", "$request.body" },
{ "StateMachineArn", stepFunction.StateMachineArn }
},
PayloadFormatVersion = "1.0",
ConnectionType = "INTERNET"
});
var route = new CfnRoute(this, "StepFunctionRoute", new CfnRouteProps()
{
ApiId = httpApi.Ref,
RouteKey = "POST /execute",
Target = $"integrations/{integration.Ref}"
});
}
internal Apigatewayv2JwtAuthzSampleStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)
{
const string LambdaKey = "secure-lambda";
// Create a lambda function that will execute the logic when the api is called.
var function = new Function(this, LambdaKey, new FunctionProps
{
Runtime = Runtime.NODEJS_12_X,
Code = Code.FromAsset("lambdas"),
Handler = "my-secure-lambda.handler"
});
// Add cors options. (if you intend to call this from a web app)
var cors = new CorsPreflightOptions
{
AllowCredentials = true,
AllowHeaders = new string[] { "Authorization" },
AllowMethods = new HttpMethod[] { HttpMethod.GET, HttpMethod.OPTIONS },
AllowOrigins = new string[] { "http://*****:*****@"/secureresource";
// add a route to the api, attaching the JWT authorizer and targeting the integration.
var cr = new CfnRoute(this, $"{LambdaKey}-route", new CfnRouteProps
{
ApiId = api.HttpApiId,
RouteKey = $"GET {apiPath}",
AuthorizationType = "JWT",
AuthorizerId = jwtAuthZ.Ref,
Target = $"integrations/{integration.Ref}"
});
// finally, add permissions so the http api can invoke the lambda for the api path.
var resource = (CfnResource)api.Node.FindChild("Resource");
function.AddPermission($"{LambdaKey}-permission", new Permission
{
Principal = new Amazon.CDK.AWS.IAM.ServicePrincipal("apigateway.amazonaws.com"),
Action = "lambda:InvokeFunction",
SourceArn = $"arn:aws:execute-api:{this.Region}:{this.Account}:{resource.Ref}/*/*{apiPath}"
});
}
