Merge branch 'master' into ecs_alb_close_sg

Author: mergify[bot]

packages/@aws-cdk/aws-apigateway/README.md

@@ -38,6 +38,7 @@ running on AWS Lambda, or any web application.
 - [Private Integrations](#private-integrations)
 - [Gateway Response](#gateway-response)
 - [OpenAPI Definition](#openapi-definition)
+  - [Endpoint configuration](#endpoint-configuration)
 - [APIGateway v2](#apigateway-v2)
 
 ## Defining APIs
@@ -200,6 +201,12 @@ const key = api.addApiKey('ApiKey', {
 });
 ```
 
+Existing API keys can also be imported into a CDK app using its id.
+
+```ts
+const importedKey = ApiKey.fromApiKeyId(this, 'imported-key', '<api-key-id>');
+```
+
 In scenarios where you need to create a single api key and configure rate limiting for it, you can use `RateLimitedApiKey`.
 This construct lets you specify rate limiting properties which should be applied only to the api key being created.
 The API key created has the specified rate limits, such as quota and throttles, applied.
@@ -986,11 +993,29 @@ to configure these.
 There are a number of limitations in using OpenAPI definitions in API Gateway. Read the [Amazon API Gateway important
 notes for REST APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-known-issues.html#api-gateway-known-issues-rest-apis)
 for more details.
-
+ 
 **Note:** When starting off with an OpenAPI definition using `SpecRestApi`, it is not possible to configure some
 properties that can be configured directly in the OpenAPI specification file. This is to prevent people duplication
 of these properties and potential confusion.
 
+### Endpoint configuration
+
+By default, `SpecRestApi` will create an edge optimized endpoint.
+
+This can be modified as shown below:
+
+```ts
+const api = new apigateway.SpecRestApi(this, 'ExampleRestApi', {
+  // ...
+  endpointTypes: [apigateway.EndpointType.PRIVATE]
+});
+```
+
+**Note:** For private endpoints you will still need to provide the 
+[`x-amazon-apigateway-policy`](https://docs.aws.amazon.com/apigateway/latest/developerguide/openapi-extensions-policy.html) and 
+[`x-amazon-apigateway-endpoint-configuration`](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-endpoint-configuration.html) 
+in your openApi file. 
+
 ## APIGateway v2
 
 APIGateway v2 APIs are now moved to its own package named `aws-apigatewayv2`. For backwards compatibility, existing

packages/@aws-cdk/aws-apigateway/lib/api-key.ts

@@ -81,6 +81,18 @@ export interface ApiKeyProps extends ApiKeyOptions {
  * for Method resources that require an Api Key.
  */
 export class ApiKey extends Resource implements IApiKey {
+
+  /**
+   * Import an ApiKey by its Id
+   */
+  public static fromApiKeyId(scope: Construct, id: string, apiKeyId: string): IApiKey {
+    class Import extends Resource implements IApiKey {
+      public keyId = apiKeyId;
+    }
+
+    return new Import(scope, id);
+  }
+
   public readonly keyId: string;
 
   constructor(scope: Construct, id: string, props: ApiKeyProps = { }) {

packages/@aws-cdk/aws-apigateway/lib/deployment.ts

@@ -1,7 +1,8 @@
-import { CfnResource, Construct, Lazy, RemovalPolicy, Resource, Stack } from '@aws-cdk/core';
 import * as crypto from 'crypto';
+import { Construct, Lazy, RemovalPolicy, Resource, CfnResource } from '@aws-cdk/core';
 import { CfnDeployment } from './apigateway.generated';
-import { IRestApi, RestApi, SpecRestApi } from './restapi';
+import { IRestApi, RestApi, SpecRestApi, RestApiBase } from './restapi';
+import { Method } from './method';
 
 export interface DeploymentProps  {
   /**
@@ -77,6 +78,10 @@ export class Deployment extends Resource {
 
     this.api = props.api;
     this.deploymentId = Lazy.stringValue({ produce: () => this.resource.ref });
+
+    if (props.api instanceof RestApiBase) {
+      props.api._attachDeployment(this);
+    }
   }
 
   /**
@@ -92,27 +97,28 @@ export class Deployment extends Resource {
   }
 
   /**
-   * Hook into synthesis before it occurs and make any final adjustments.
+   * Quoting from CloudFormation's docs:
+   *
+   *   If you create an AWS::ApiGateway::RestApi resource and its methods (using
+   *   AWS::ApiGateway::Method) in the same template as your deployment, the
+   *   deployment must depend on the RestApi's methods. To create a dependency,
+   *   add a DependsOn attribute to the deployment. If you don't, AWS
+   *   CloudFormation creates the deployment right after it creates the RestApi
+   *   resource that doesn't contain any methods, and AWS CloudFormation
+   *   encounters the following error: The REST API doesn't contain any methods.
+   *
+   * @param method The method to add as a dependency of the deployment
+   * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-deployment.html
+   * @see https://github.com/aws/aws-cdk/pull/6165
+   * @internal
    */
-  protected prepare() {
-    if (this.api instanceof RestApi) {
-      // Ignore IRestApi that are imported
-
-      /*
-       * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-deployment.html
-       * Quoting from CloudFormation's docs - "If you create an AWS::ApiGateway::RestApi resource and its methods (using AWS::ApiGateway::Method) in
-       * the same template as your deployment, the deployment must depend on the RestApi's methods. To create a dependency, add a DependsOn attribute
-       * to the deployment. If you don't, AWS CloudFormation creates the deployment right after it creates the RestApi resource that doesn't contain
-       * any methods, and AWS CloudFormation encounters the following error: The REST API doesn't contain any methods."
-       */
-
-      /*
-       * Adding a dependency between LatestDeployment and Method construct, using ConstructNode.addDependencies(), creates additional dependencies
-       * between AWS::ApiGateway::Deployment and the AWS::Lambda::Permission nodes (children under Method), causing cyclic dependency errors. Hence,
-       * falling back to declaring dependencies between the underlying CfnResources.
-       */
-      this.api.methods.map(m => m.node.defaultChild as CfnResource).forEach(m => this.resource.addDependsOn(m));
-    }
+  public _addMethodDependency(method: Method) {
+    // adding a dependency between the constructs using `node.addDependency()`
+    // will create additional dependencies between `AWS::ApiGateway::Deployment`
+    // and the `AWS::Lambda::Permission` resources (children under Method),
+    // causing cyclic dependency errors. Hence, falling back to declaring
+    // dependencies between the underlying CfnResources.
+    this.node.addDependency(method.node.defaultChild as CfnResource);
   }
 }
 
@@ -122,9 +128,9 @@ interface LatestDeploymentResourceProps {
 }
 
 class LatestDeploymentResource extends CfnDeployment {
-  private hashComponents = new Array<any>();
-  private originalLogicalId: string;
-  private api: IRestApi;
+  private readonly hashComponents = new Array<any>();
+  private readonly originalLogicalId: string;
+  private readonly api: IRestApi;
 
   constructor(scope: Construct, id: string, props: LatestDeploymentResourceProps) {
     super(scope, id, {
@@ -133,7 +139,8 @@ class LatestDeploymentResource extends CfnDeployment {
     });
 
     this.api = props.restApi;
-    this.originalLogicalId = Stack.of(this).getLogicalId(this);
+    this.originalLogicalId = this.stack.getLogicalId(this);
+    this.overrideLogicalId(Lazy.stringValue({ produce: () => this.calculateLogicalId() }));
   }
 
   /**
@@ -150,27 +157,26 @@ class LatestDeploymentResource extends CfnDeployment {
     this.hashComponents.push(data);
   }
 
-  /**
-   * Hooks into synthesis to calculate a logical ID that hashes all the components
-   * add via `addToLogicalId`.
-   */
-  protected prepare() {
+  private calculateLogicalId() {
+    const hash = [ ...this.hashComponents ];
+
     if (this.api instanceof RestApi || this.api instanceof SpecRestApi) { // Ignore IRestApi that are imported
 
       // Add CfnRestApi to the logical id so a new deployment is triggered when any of its properties change.
       const cfnRestApiCF = (this.api.node.defaultChild as any)._toCloudFormation();
-      this.addToLogicalId(Stack.of(this).resolve(cfnRestApiCF));
+      hash.push(this.stack.resolve(cfnRestApiCF));
     }
 
-    const stack = Stack.of(this);
+    let lid = this.originalLogicalId;
 
     // if hash components were added to the deployment, we use them to calculate
     // a logical ID for the deployment resource.
-    if (this.hashComponents.length > 0) {
+    if (hash.length > 0) {
       const md5 = crypto.createHash('md5');
-      this.hashComponents.map(x => stack.resolve(x)).forEach(c => md5.update(JSON.stringify(c)));
-      this.overrideLogicalId(this.originalLogicalId + md5.digest('hex'));
+      hash.map(x => this.stack.resolve(x)).forEach(c => md5.update(JSON.stringify(c)));
+      lid += md5.digest('hex');
     }
-    super.prepare();
+
+    return lid;
   }
 }

packages/@aws-cdk/aws-apigateway/lib/restapi.ts

@@ -159,6 +159,14 @@ export interface RestApiBaseProps {
    * @default - when no export name is given, output will be created without export
    */
   readonly endpointExportName?: string;
+
+  /**
+   * A list of the endpoint types of the API. Use this property when creating
+   * an API.
+   *
+   * @default EndpointType.EDGE
+   */
+  readonly endpointTypes?: EndpointType[];
 }
 
 /**
@@ -218,18 +226,9 @@ export interface RestApiProps extends RestApiOptions {
    * The EndpointConfiguration property type specifies the endpoint types of a REST API
    * @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-restapi-endpointconfiguration.html
    *
-   * @default - No endpoint configuration
+   * @default EndpointType.EDGE
    */
   readonly endpointConfiguration?: EndpointConfiguration;
-
-  /**
-   * A list of the endpoint types of the API. Use this property when creating
-   * an API.
-   *
-   * @default - No endpoint types.
-   * @deprecated this property is deprecated, use endpointConfiguration instead
-   */
-  readonly endpointTypes?: EndpointType[];
 }
 
 /**
@@ -248,7 +247,6 @@ export interface SpecRestApiProps extends RestApiBaseProps {
  * Base implementation that are common to various implementations of IRestApi
  */
 export abstract class RestApiBase extends Resource implements IRestApi {
-
   /**
    * Checks if the given object is an instance of RestApiBase.
    * @internal
@@ -384,6 +382,15 @@ export abstract class RestApiBase extends Resource implements IRestApi {
     ignore(method);
   }
 
+  /**
+   * Associates a Deployment resource with this REST API.
+   *
+   * @internal
+   */
+  public _attachDeployment(deployment: Deployment) {
+    ignore(deployment);
+  }
+
   protected configureCloudWatchRole(apiResource: CfnRestApi) {
     const role = new iam.Role(this, 'CloudWatchRole', {
       assumedBy: new iam.ServicePrincipal('apigateway.amazonaws.com'),
@@ -423,6 +430,25 @@ export abstract class RestApiBase extends Resource implements IRestApi {
       }
     }
   }
+
+  /**
+   * @internal
+   */
+  protected _configureEndpoints(props: RestApiProps): CfnRestApi.EndpointConfigurationProperty | undefined {
+    if (props.endpointTypes && props.endpointConfiguration) {
+      throw new Error('Only one of the RestApi props, endpointTypes or endpointConfiguration, is allowed');
+    }
+    if (props.endpointConfiguration) {
+      return {
+        types: props.endpointConfiguration.types,
+        vpcEndpointIds: props.endpointConfiguration?.vpcEndpoints?.map(vpcEndpoint => vpcEndpoint.vpcEndpointId),
+      };
+    }
+    if (props.endpointTypes) {
+      return { types: props.endpointTypes };
+    }
+    return undefined;
+  }
 }
 
 /**
@@ -463,6 +489,7 @@ export class SpecRestApi extends RestApiBase {
       failOnWarnings: props.failOnWarnings,
       body: apiDefConfig.inlineDefinition ? apiDefConfig.inlineDefinition : undefined,
       bodyS3Location: apiDefConfig.inlineDefinition ? undefined : apiDefConfig.s3Location,
+      endpointConfiguration: this._configureEndpoints(props),
       parameters: props.parameters,
     });
     this.node.defaultChild = resource;
@@ -550,6 +577,11 @@ export class RestApi extends RestApiBase {
    */
   public readonly methods = new Array<Method>();
 
+  /**
+   * This list of deployments bound to this RestApi
+   */
+  private readonly deployments = new Array<Deployment>();
+
   constructor(scope: Construct, id: string, props: RestApiProps = { }) {
     super(scope, id, props);
 
@@ -560,7 +592,7 @@ export class RestApi extends RestApiBase {
       failOnWarnings: props.failOnWarnings,
       minimumCompressionSize: props.minimumCompressionSize,
       binaryMediaTypes: props.binaryMediaTypes,
-      endpointConfiguration: this.configureEndpoints(props),
+      endpointConfiguration: this._configureEndpoints(props),
       apiKeySourceType: props.apiKeySourceType,
       cloneFrom: props.cloneFrom ? props.cloneFrom.restApiId : undefined,
       parameters: props.parameters,
@@ -627,6 +659,29 @@ export class RestApi extends RestApiBase {
    */
   public _attachMethod(method: Method) {
     this.methods.push(method);
+
+    // add this method as a dependency to all deployments defined for this api
+    // when additional deployments are added, _attachDeployment is called and
+    // this method will be added there.
+    for (const dep of this.deployments) {
+      dep._addMethodDependency(method);
+    }
+  }
+
+  /**
+   * Attaches a deployment to this REST API.
+   *
+   * @internal
+   */
+  public _attachDeployment(deployment: Deployment) {
+    this.deployments.push(deployment);
+
+    // add all methods that were already defined as dependencies of this
+    // deployment when additional methods are added, _attachMethod is called and
+    // it will be added as a dependency to this deployment.
+    for (const method of this.methods) {
+      deployment._addMethodDependency(method);
+    }
   }
 
   /**
@@ -639,22 +694,6 @@ export class RestApi extends RestApiBase {
 
     return [];
   }
-
-  private configureEndpoints(props: RestApiProps): CfnRestApi.EndpointConfigurationProperty | undefined {
-    if (props.endpointTypes && props.endpointConfiguration) {
-      throw new Error('Only one of the RestApi props, endpointTypes or endpointConfiguration, is allowed');
-    }
-    if (props.endpointConfiguration) {
-      return {
-        types: props.endpointConfiguration.types,
-        vpcEndpointIds: props.endpointConfiguration?.vpcEndpoints?.map(vpcEndpoint => vpcEndpoint.vpcEndpointId),
-      };
-    }
-    if (props.endpointTypes) {
-      return { types: props.endpointTypes };
-    }
-    return undefined;
-  }
 }
 
 /**
@@ -666,7 +705,7 @@ export interface EndpointConfiguration {
   /**
    * A list of endpoint types of an API or its custom domain name.
    *
-   * @default - no endpoint types.
+   * @default EndpointType.EDGE
    */
   readonly types: EndpointType[];
 
@@ -752,4 +791,4 @@ class RootResource extends ResourceBase {
 
 function ignore(_x: any) {
   return;
-}
+}

packages/@aws-cdk/aws-apigateway/package.json

@@ -115,7 +115,6 @@
       "from-method:@aws-cdk/aws-apigateway.Resource",
       "duration-prop-type:@aws-cdk/aws-apigateway.QuotaSettings.period",
       "duration-prop-type:@aws-cdk/aws-apigateway.ResponseType.INTEGRATION_TIMEOUT",
-      "from-method:@aws-cdk/aws-apigateway.ApiKey",
       "ref-via-interface:@aws-cdk/aws-apigateway.ApiKeyProps.resources",
       "props-physical-name:@aws-cdk/aws-apigateway.DeploymentProps",
       "props-physical-name:@aws-cdk/aws-apigateway.MethodProps",