generated from amazon-archives/__template_MIT-0
-
Notifications
You must be signed in to change notification settings - Fork 140
Expand file tree
/
Copy pathapi.yaml
More file actions
137 lines (132 loc) · 4 KB
/
api.yaml
File metadata and controls
137 lines (132 loc) · 4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
AWSTemplateFormatVersion: '2010-09-09'
Description: Multiregional private Amazon API Gateway, based on https://github.com/aws-samples/serverless-samples/tree/main/apigw-private-custom-domain-name
Transform: AWS::Serverless-2016-10-31
Parameters:
vpcEndpointId:
Description: ID of the VPC Endpoint for API Gateway service
Type: String
Default: <VPC Endpoint ID here>
vpcEndpointIps:
Description: 2 IP addresses of the Elastic Network Interfaces created by VPC Endpoint
Type: List<String>
Default: <comma delimited list of 2 IP addresses here>
vpcId:
Description: ID of the VPC used by private APIs
Type: String
Default: <VPC ID here>
subnetIds:
Description: IDs of the subnets in the VPC to be used by NLB
Type: List<String>
Default: <comma delimited list of 2 subnet IDs here>
certificateArn:
Description: ARN of the certificate in ACM to be used by NLB and API Gateway
Type: String
Default: <ARN of the certificate in ACM here>
domainName:
Description: Domain name for the private API
Type: String
Default: private.internal.example.com
apiStageName:
Description: API Gateway stage name
Type: String
Default: dev
Resources:
RestApi:
Type: AWS::Serverless::Api
Properties:
StageName: !Ref apiStageName
EndpointConfiguration:
Type: PRIVATE
VPCEndpointIds:
- !Ref vpcEndpointId
Auth:
ResourcePolicy:
SourceVpcWhitelist:
- !Ref vpcId
ApiDomain:
Type: AWS::ApiGateway::DomainName
Properties:
DomainName: !Ref domainName
EndpointConfiguration:
Types:
- REGIONAL
RegionalCertificateArn: !Ref certificateArn
SecurityPolicy: TLS_1_2
ApiMapping:
Type: AWS::ApiGateway::BasePathMapping
Properties:
RestApiId: !Ref RestApi
BasePath: demo
DomainName: !Ref ApiDomain
Stage: !Ref apiStageName
DependsOn:
- RestApiStage
EchoFunction:
Type: AWS::Serverless::Function
Properties:
Runtime: nodejs14.x
Handler: index.handler
InlineCode: 'exports.handler = async (event) => {return {statusCode: 200, body: JSON.stringify(event)}}'
Events:
ApiEvent:
Type: Api
Properties:
RestApiId: !Ref RestApi
Path: /
Method: get
PrivateApiFacade:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
IpAddressType: ipv4
Scheme: internal
Subnets: !Ref subnetIds
Type: network
Listener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Order: 1
TargetGroupArn: !Ref Targets
Type: forward
LoadBalancerArn: !Ref PrivateApiFacade
Port: 443
Certificates:
- CertificateArn: !Ref certificateArn
Protocol: TLS
Targets:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckEnabled: true
HealthCheckIntervalSeconds: 10
HealthCheckPort: 443
HealthCheckProtocol: TCP
HealthCheckTimeoutSeconds: 10
HealthyThresholdCount: 3
UnhealthyThresholdCount: 3
Port: 443
Protocol: TLS
Targets:
- Id: !Select [ 0, !Ref vpcEndpointIps ]
Port: 443
- Id: !Select [ 1, !Ref vpcEndpointIps ]
Port: 443
TargetType: ip
VpcId: !Ref vpcId
HealthyTargets:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmDescription: !Sub "Private API alarm to be used by Route 53 health check in ${AWS::Region}"
ComparisonOperator: LessThanOrEqualToThreshold
Dimensions:
- Name: LoadBalancer
Value: !GetAtt PrivateApiFacade.LoadBalancerFullName
- Name: TargetGroup
Value: !GetAtt Targets.TargetGroupFullName
EvaluationPeriods: 1
MetricName: HealthyHostCount
Namespace: AWS/NetworkELB
Period: 60
Statistic: Sum
Threshold: 1.0