Skip to content

Instantly share code, notes, and snippets.

@maatthc

maatthc/api-gw-template.yml

Last active October 13, 2023 14:52
Show Gist options
  • Save maatthc/c1acc0ded4522cc82fbac3929a345dba to your computer and use it in GitHub Desktop.
Save maatthc/c1acc0ded4522cc82fbac3929a345dba to your computer and use it in GitHub Desktop.
Download ZIP
AWS CloudFormation template example for allowing uploading files to S3 via API Gateway
Raw
api-gw-template.yml
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
ApiGatewayStack:
Description: The stack where the api gateway rest api is defined
Type: String
Default: dev-maat-apigw-app
EventBucket:
Type: String
Default: dev-maat-bucket
CorsAllowOrigin:
Type: String
Default: '*'
Resources:
# Resource: /maat
MaatResource:
Type: AWS::ApiGateway::Resource
Properties:
RestApiId:
Fn::ImportValue: !Sub ${ApiGatewayStack}::AppApiGw
ParentId:
Fn::ImportValue: !Sub ${ApiGatewayStack}::AppApiGwRootResourceId
PathPart: 'maat'
# Resource: /maat/input
MaatInputResource:
Type: AWS::ApiGateway::Resource
Properties:
RestApiId:
Fn::ImportValue: !Sub ${ApiGatewayStack}::AppApiGw
ParentId:
Ref: WssiResource
PathPart: 'input'
MaatObjectPostRequest:
Type: AWS::ApiGateway::Method
Properties:
AuthorizationType: NONE
HttpMethod: POST
RestApiId:
Fn::ImportValue: !Sub ${ApiGatewayStack}::AppApiGw
ResourceId:
Ref: MaatInputResource
Integration:
Credentials: !GetAtt ApiGatewayS3ProxyRole.Arn
IntegrationHttpMethod: PUT
PassthroughBehavior: WHEN_NO_MATCH
RequestParameters:
integration.request.path.requestId: context.requestId
integration.request.header.x-amz-server-side-encryption: "'AES256'"
Type: AWS
Uri: !Sub arn:aws:apigateway:${AWS::Region}:s3:path/${EventBucket}/input/{requestId}
IntegrationResponses:
- StatusCode: '201'
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
method.response.header.Access-Control-Allow-Methods: "'GET,POST,OPTIONS'"
method.response.header.Access-Control-Allow-Origin: !Sub "'${CorsAllowOrigin}'"
ResponseTemplates:
application/json: ''
MethodResponses:
- StatusCode: '201'
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: true
method.response.header.Access-Control-Allow-Methods: true
method.response.header.Access-Control-Allow-Origin: true
MaatObjectOptionsRequest:
Type: AWS::ApiGateway::Method
Properties:
AuthorizationType: NONE
HttpMethod: OPTIONS
RestApiId:
Fn::ImportValue: !Sub ${ApiGatewayStack}::AppApiGw
ResourceId:
Ref: MaatResource
Integration:
IntegrationResponses:
- StatusCode: '200'
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
method.response.header.Access-Control-Allow-Methods: "'GET,POST,OPTIONS'"
method.response.header.Access-Control-Allow-Origin: !Sub "'${CorsAllowOrigin}'"
ResponseTemplates:
application/json: ''
PassthroughBehavior: NEVER
Type: MOCK
RequestTemplates:
application/json: '{"statusCode": 200}'
MethodResponses:
- StatusCode: '200'
ResponseModels:
application/json: Empty
ResponseParameters:
method.response.header.Access-Control-Allow-Headers: true
method.response.header.Access-Control-Allow-Methods: true
method.response.header.Access-Control-Allow-Origin: true
ApiGatewayS3ProxyRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- apigateway.amazonaws.com
Action:
- sts:AssumeRole
Policies:
- PolicyName: s3
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- s3:PutObject
Resource:
- !Sub 'arn:aws:s3:::${EventBucket}'
- !Sub 'arn:aws:s3:::${EventBucket}/*'
@mrichman
Copy link

mrichman commented Sep 4, 2021

Do you have the template that outputs {ApiGatewayStack}::AppApiGw and ${ApiGatewayStack}::AppApiGwRootResourceId ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment