Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix endpoint, permissions and throttling for aws-py-apigateway-serverless. #1282

Merged
merged 1 commit into from
Sep 16, 2022
Merged

Fix endpoint, permissions and throttling for aws-py-apigateway-serverless. #1282

merged 1 commit into from
Sep 16, 2022

Conversation

holocronweaver
Copy link
Contributor

@holocronweaver holocronweaver commented Sep 14, 2022
edited
Loading

This PR fixes some issues with the API Gateway REST and HTTP endpoints in the aws-py-apigateway-serverless example. It also updates the README to including testing the endpoints.

Changes

  • Proxy API Gateway REST endpoints require the {proxy+} on the address. Without this a missing token error occurs.
  • Add a trailing forward slash ('/') to the API Gateway HTTP endpoint so it can be directly invoked. Without this slash a 404 error occurs.
  • Add same lambda invoke permissions for HTTP endpoint that REST endpoint has.
  • API Gateway HTTP endpoints throttle all requests if no throttling config is provided, so set a reasonably low (but non-zero) throttling config.
  • Update README with how to test the endpoints.

Testing

I used httpie (pip3 install httpie) for testing the V2 endpoint, but curl works just as well in this case.

Setup:

$ cd pulumi-examples/aws-py-apigateway-lambda-serverless
... do your regular AWS Pulumi config, like setting AWS region and profile ...
$ pulumi up

Before changes:

$ http $(pulumi stack output apigatewayv2-http-endpoint)
HTTP/1.1 429 Too Many Requests
Connection: keep-alive
Content-Length: 31
Content-Type: application/json
Date: Wed, 14 Sep 2022 17:35:27 GMT
apigw-requestid: YdeS4jKHPHcEPsw=

{
    "message": "Too Many Requests"
}

After adding the throttling config:

$ pulumi up
$ http $(pulumi stack output apigatewayv2-http-endpoint)
HTTP/1.1 500 Internal Server Error
Apigw-Requestid: YdeWEgzPPHcEPdQ=
Connection: keep-alive
Content-Length: 35
Content-Type: application/json
Date: Wed, 14 Sep 2022 17:35:47 GMT

{
    "message": "Internal Server Error"
}

API Gateway access logs revealed it was indeed a IAM permission issue when invoking the lambda.

After adding the invoke permission to the lambda:

$ pulumi up
$ http $(pulumi stack output apigatewayv2-http-endpoint)
HTTP/1.1 200 OK
Apigw-Requestid: YdeYKidLPHcEPEw=
Connection: keep-alive
Content-Length: 26
Content-Type: text/plain; charset=utf-8
Date: Wed, 14 Sep 2022 17:36:01 GMT

"Cheers from AWS Lambda!!"

Similar before and after for the REST endpoint:

$ http $(pulumi stack output apigateway-rest-endpoint)
HTTP/1.1 403 Forbidden
...

{
    "message": "Missing Authentication Token"
}

... change the REST endpoint export to include /{proxy+} suffix ...
$ pulumi up
$ http $(pulumi stack output apigateway-rest-endpoint)
HTTP/1.1 200 OK
...

"Cheers from AWS Lambda!!"

@holocronweaver
Fix API Gateway endpoint, permissions and throttling for aws-py-apiga…
ab2904f 
…teway-serverless.

- Proxy API Gateway REST endpoints require the {proxy+} on the address. Without this a missing token error occurs.
- Add a trailing forward slash ('/') to the API Gateway HTTP endpoint so it can be directly invoked. Without this slash a 404 error occurs.
- Add same lambda invoke permissions for HTTP endpoint that REST endpoint has.
- API Gateway HTTP endpoints throttle all requests if no throttling config is provided, so set a reasonably low (but non-zero) throttling config.
- Update README with how to test the endpoints.
@github-actions
Copy link

PR is now waiting for a maintainer to run the acceptance tests.

Note for the maintainer: To run the acceptance tests, please comment /run-example-tests on the PR

@dixler dixler self-assigned this Sep 15, 2022
dixler
dixler approved these changes Sep 16, 2022
View reviewed changes
Copy link
Contributor

@dixler dixler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks!

@dixler dixler merged commit bfdab97 into pulumi:master Sep 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dixler dixler dixler approved these changes

Assignees

@dixler dixler

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@holocronweaver @dixler