I am trying to setup an API Gateway proxy service integration to Data Firehose. (Importantly, this has nothing to do with streaming access logs to Firehose)
However, I cannot seem to get it to work. Can anyone point me to an example?
Currently the integration responds with a 200, but Firehose never processes any records. So I don't know if Firehose actually receives the event or if I have an error in my proxy definition (below) which forces the 200.
Any support appreciated, I've been banging my head against the wall over this...
Here is what I have for my integration right now:
openapi: "3.0.1"
servers:
- url: "https://my-api-host.com"
paths:
/v1/events:
post:
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/ApiV1AnalyticsFlowEventsRequest"
required: true
responses:
"400":
description: "400 response"
headers:
Access-Control-Allow-Origin:
schema:
type: "string"
Access-Control-Allow-Methods:
schema:
type: "string"
Access-Control-Allow-Headers:
schema:
type: "string"
content:
application/json:
schema:
$ref: "#/components/schemas/ApiV1AnalyticsFlowEventsErrorResponse"
"200":
description: "200 response"
headers:
Access-Control-Allow-Origin:
schema:
type: "string"
Access-Control-Allow-Methods:
schema:
type: "string"
Access-Control-Allow-Headers:
schema:
type: "string"
content:
application/json:
schema:
$ref: "#/components/schemas/ApiV1AnalyticsFlowEventsErrorResponse"
x-amazon-apigateway-integration:
type: "aws"
credentials: "arn:aws:iam::1234567890:role/flow-events-firehose-integration"
httpMethod: "POST"
uri: "arn:aws:apigateway:us-west-2:firehose:action/PutRecordBatch"
responses:
"4\\d{2}":
statusCode: "400"
responseParameters:
method.response.header.Access-Control-Allow-Methods: "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'"
method.response.header.Access-Control-Allow-Headers: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token'"
method.response.header.Access-Control-Allow-Origin: "'*'"
responseTemplates:
application/json: "\n#set($data = $input.path('$'))\n{\n \"data\":\
\ \"$util.base64Encode($data)\"\n}"
"2\\d{2}":
statusCode: "200"
responseParameters:
method.response.header.Access-Control-Allow-Methods: "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'"
method.response.header.Access-Control-Allow-Headers: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token'"
method.response.header.Access-Control-Allow-Origin: "'*'"
responseTemplates:
application/json: "\n#set($failed = $input.path('$.FailedPutCount'))\n\
#if($failed > 0)\n{\n \"data\": \"$util.base64Encode($data)\"\n}\n\
#else\n{}\n#end\n"
requestTemplates:
application/json: "\n#set($data = $input.path('$.events'))\n{\n \"DeliveryStreamName\"\
: \"flow-events-ingestion\",\n \"Records\": [\n #foreach($elem in\
\ $data)\n {\n \"Data\": \"$util.base64Encode($elem)\"\n \
\ }#if($foreach.hasNext),#end\n #end\n ]\n}"
passthroughBehavior: "when_no_match"
components:
schemas:
ApiV1AnalyticsFlowEventsRequest:
required:
- "events"
type: "object"
properties:
events:
type: "array"
items:
type: "string"
additionalProperties: false
ApiV1AnalyticsFlowEventsErrorResponse:
type: "object"
properties:
data:
type: "string"
additionalProperties: false
The referenced role looks like:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "apigateway.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "firehose:PutRecordBatch",
"Resource": "arn:aws:firehose:*:1234567890:deliverystream/flow-events-ingestion",
"Effect": "Allow"
}
]
}