quin2 · November 15, 2020 07:03
diff --git a/key-finder.json b/key-finder.json
 "LambdaApiGatewayRole": {
  "Type": "AWS::IAM::Role",
  "Properties": {
    "AssumeRolePolicyDocument": {
      "Version": "2012-10-17",
      "Statement": [{ "Effect": "Allow", "Principal": {"Service": ["lambda.amazonaws.com"]}, "Action": ["sts:AssumeRole"] }]
    },
    "Path": "/",
    "Policies": [
      {
        "PolicyName": "gatewayAccess",
        "PolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Effect": "Allow",
                  "Action": "apigateway:GET",
                  "Resource": "*"
              }
          ]
        }
      },
      {
        "PolicyName": "logging",
        "PolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents",
                "logs:DescribeLogStreams"
            ],
              "Resource": [
                "arn:aws:logs:*:*:*"
            ]
          }
         ]
        }
      }
    ]
  }
 },
 "KeyValueFunc": {
  "Type": "AWS::Lambda::Function",
  "Properties": {
    "Code": {
      "ZipFile":  { "Fn::Join": ["\n", [
        "import boto3", 
        "import cfnresponse", 
        "def lambda_handler(e,ctx):", 
        "  try:", 
        "    apiKeyID=e['ResourceProperties']['ApiKeyID']",
        "    myGateway=boto3.client('apigateway')", 
        "    resp2=myGateway.get_api_key(apiKey=apiKeyID,includeValue=True)",
        "    cfnresponse.send(e,ctx,cfnresponse.SUCCESS,{'mykey':resp2['value']})", 
        "  except Exception as exceptt:", 
        "    print(exceptt)",
        "    cfnresponse.send(e,ctx,cfnresponse.FAILED,{'mykey':'err'})" 
      ]]}
    },
    "Description": "Returns API Gateway Key",
    "FunctionName": "apikey_value_func",
    "Handler": "index.lambda_handler",
    "Role": { "Fn::GetAtt" : ["LambdaApiGatewayRole", "Arn"] },
    "Runtime": "python3.6"
  }
 },
 "GetApiKeyValue": {
  "Type": "Custom::LambdaCallout",
  "Properties": {
    "ServiceToken": {"Fn::GetAtt": ["KeyValueFunc", "Arn"]},
    "ApiKeyID": {"Ref": "APIKey"}
  }
 }
	"LambdaApiGatewayRole": {
	"Type": "AWS::IAM::Role",
	"Properties": {
	"AssumeRolePolicyDocument": {
	"Version": "2012-10-17",
	"Statement": [{ "Effect": "Allow", "Principal": {"Service": ["lambda.amazonaws.com"]}, "Action": ["sts:AssumeRole"] }]
	},
	"Path": "/",
	"Policies": [
	{
	"PolicyName": "gatewayAccess",
	"PolicyDocument": {
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Action": "apigateway:GET",
	"Resource": "*"
	}
	]
	}
	},
	{
	"PolicyName": "logging",
	"PolicyDocument": {
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"logs:CreateLogGroup",
	"logs:CreateLogStream",
	"logs:PutLogEvents",
	"logs:DescribeLogStreams"
	],
	"Resource": [
	"arn:aws:logs:::*"
	]
	}
	]
	}
	}
	]
	}
	},
	"KeyValueFunc": {
	"Type": "AWS::Lambda::Function",
	"Properties": {
	"Code": {
	"ZipFile": { "Fn::Join": ["\n", [
	"import boto3",
	"import cfnresponse",
	"def lambda_handler(e,ctx):",
	" try:",
	" apiKeyID=e['ResourceProperties']['ApiKeyID']",
	" myGateway=boto3.client('apigateway')",
	" resp2=myGateway.get_api_key(apiKey=apiKeyID,includeValue=True)",
	" cfnresponse.send(e,ctx,cfnresponse.SUCCESS,{'mykey':resp2['value']})",
	" except Exception as exceptt:",
	" print(exceptt)",
	" cfnresponse.send(e,ctx,cfnresponse.FAILED,{'mykey':'err'})"
	]]}
	},
	"Description": "Returns API Gateway Key",
	"FunctionName": "apikey_value_func",
	"Handler": "index.lambda_handler",
	"Role": { "Fn::GetAtt" : ["LambdaApiGatewayRole", "Arn"] },
	"Runtime": "python3.6"
	}
	},
	"GetApiKeyValue": {
	"Type": "Custom::LambdaCallout",
	"Properties": {
	"ServiceToken": {"Fn::GetAtt": ["KeyValueFunc", "Arn"]},
	"ApiKeyID": {"Ref": "APIKey"}
	}
	}