Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Creating api gateway api from openapi specification with lambda integration does not create triggers

0

I am trying to learn CloudFormation and my current project is to create a simple Api Gateway API with Lambda integrations (that'll call DynamoDB). I want to separate the API specification from the CloudFormation template so I use OpenAPI to define it. Since I want to trigger Lambda functions, I use Fn::Transform to be able to refer Lambda arns in the OpenAPI swagger extensions. Like this:

api:
    Type: AWS::ApiGateway::RestApi
    Properties:
      Body:
        Fn::Transform:
          Name: AWS::Include
          Parameters:  
            Location: 's3://somebucket/specfile.yaml'

When I deploy the template, the API and Lambda integrations are created correctly and everything seems to be OK. Except that the Api Gateway triggers are not added to the Lambda functions. If I edit the integration from Console and save without changes, the triggers are created. Am I missing something? TIA!

Topics
ServerlessManagement & GovernanceFront-End Web & MobileComputeNetworking & Content Delivery
Tags
Amazon API GatewayAWS CloudFormationAWS Lambda
Language
English
asked a year ago755 views
1 Answer
0
Accepted Answer

The issue you're experiencing is a common one when creating API Gateway APIs with Lambda integrations using OpenAPI specifications and CloudFormation. While your approach of using Fn::Transform to include the OpenAPI specification from an S3 bucket is correct, it doesn't automatically create the necessary permissions for API Gateway to invoke the Lambda functions.

To resolve this, you need to explicitly grant API Gateway permission to invoke your Lambda functions. This is typically done by adding resource-based policies to your Lambda functions. In your CloudFormation template, you can achieve this by adding AWS::Lambda::Permission resources for each Lambda function that your API Gateway needs to invoke.

Here's an example of how you might add this permission in your CloudFormation template:

LambdaPermission:
  Type: AWS::Lambda::Permission
  Properties:
    FunctionName: !Ref YourLambdaFunction
    Action: lambda:InvokeFunction
    Principal: apigateway.amazonaws.com
    SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${api}/*/*/*"

In this example, 'YourLambdaFunction' should be replaced with the logical ID of your Lambda function resource in the CloudFormation template, and 'api' should be the logical ID of your API Gateway resource.

You'll need to add a similar permission for each Lambda function that your API Gateway needs to invoke. This explicitly grants API Gateway the necessary permissions to trigger your Lambda functions, which is why manually saving the integration in the console (which automatically adds these permissions) resolves the issue.

By adding these permissions in your CloudFormation template, you ensure that the API Gateway triggers are properly set up for your Lambda functions when you deploy your stack, without needing manual intervention in the console.

Remember to test your updated template thoroughly to ensure all integrations are working as expected after deployment.

Sources
Troubleshooting issues with HTTP API Lambda integrations - Amazon API Gateway
Invoking a Lambda function using an Amazon API Gateway endpoint - AWS Lambda
Lambda integrations for REST APIs in API Gateway - Amazon API Gateway

answered a year ago
EXPERT
reviewed a year ago
  • Rami
    a year ago

    I need to refine the permissions a bit, but the triggers are created now. So that is one step forward.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content