Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[apigateway] SpecRestAPI x-amazon-apigateway-endpoint-configuration not usable for private API initial deployment #9684

Open
IsmaelMartinez opened this issue Aug 13, 2020 · 9 comments
Open

[apigateway] SpecRestAPI x-amazon-apigateway-endpoint-configuration not usable for private API initial deployment #9684

IsmaelMartinez opened this issue Aug 13, 2020 · 9 comments
Labels
@aws-cdk/aws-apigateway Related to Amazon API Gateway bug This issue is a bug. effort/medium Medium work item – several days of effort p1

Comments

@IsmaelMartinez
Copy link
Contributor

It is not possible to use the swagger/openAPI x-amazon-apigateway-endpoint-configuration option in conjunction with the private endpointType.

If you specify a vpce in the endpoint configuration, you get the following:

VPCEndpoints can only be specified with PRIVATE apis. (Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException; Request ID: a2a6cebc-7004-4884-9398-0b83a384b49c)
	new SpecRestApi (/Users/ismael.martinez/projects/bitbucket/BIP/draw/draw-scheduler/node_modules/@aws-cdk/aws-apigateway/lib/restapi.ts:486:22)
...

If you deploy the stack without the x-amazon-apigateway-endpoint-configuration, it does create a usable and private API Gateway, but the vpce is not defined in the 'Settings - Endpoint configuration' section.

If you then deploy again the stack with the x-amazon-apigateway-endpoint-configuration, it does work, so this issue is only related to the initial creation of the API Gateway.

Reproduction Steps

Using the following code:

const api = new apigateway.SpecRestApi(this, 'ExampleRestApi', {
  apiDefinition: apigateway.ApiDefinition.fromInline(swaggerInline),
  endpointTypes: [apigateway.EndpointType.PRIVATE],
});

Where the swagger inline is as shown:

{
    "openapi": "3.0.1",
    "servers": [
        {
            "x-amazon-apigateway-endpoint-configuration": {
                "vpcEndpointIds": [
                    "${PPL::VPCId}"
                ]
            }
        }
    ],
    "paths": {
        "/example": {
            "get": {
                "responses": {
                    "200": {
                        "description": "200 response",
                        "content": {
                            "application/json": {
                                "schema": {
                                    "$ref": "#/components/schemas/200Response"
                                }
                            }
                        }
                    },
                    "400": {
                        "description": "400 response",
                        "content": {
                            "application/json": {
                                "schema": {
                                    "$ref": "#/components/schemas/400Response"
                                }
                            }
                        }
                    },
                    "404": {
                        "description": "404 response",
                        "content": {
                            "application/json": {
                                "schema": {
                                    "$ref": "#/components/schemas/404Response"
                                }
                            }
                        }
                    },
                    "500": {
                        "description": "500 response",
                        "content": {
                            "application/json": {
                                "schema": {
                                    "$ref": "#/components/schemas/500Response"
                                }
                            }
                        }
                    }
                },
                "x-amazon-apigateway-integration": {
                    "uri": "${PPL::LambdaAliasArn}",
                    "responses": {
                        "default": {
                            "statusCode": "200"
                        }
                    },
                    "passthroughBehavior": "when_no_match",
                    "httpMethod": "POST",
                    "contentHandling": "CONVERT_TO_TEXT",
                    "type": "aws_proxy"
                }
            }
        }
    },
    "components": {
        "schemas": {
            "200Response": {
                "type": "object",
                "properties": {
                    "message": {
                        "type": "string"
                    }
                }
            },
            "400Response": {
                "type": "object",
                "properties": {
                    "errors": {
                        "type": "array",
                        "items": {
                            "$ref": "#/components/schemas/Error"
                        }
                    }
                }
            },
            "404Response": {
                "$ref": "#/components/schemas/Error"
            },
            "500Response": {
                "$ref": "#/components/schemas/Error"
            },
            "Error": {
                "type": "object",
                "properties": {
                    "errorCode": {
                        "type": "string"
                    },
                    "message": {
                        "type": "string"
                    }
                }
            }
        }
    },
    "x-amazon-apigateway-policy": {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Principal": "*",
                "Action": [
                    "execute-api:Invoke",
                    "execute-api:GET"
                ],
                "Resource": "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:*",
                "Condition": {
                    "StringEquals": {
                        "aws:sourceVpce": "${PPL::VPCId}"
                    }
                }
            }
        ]
    }
}

Where the PPL::VPCId is the endpoint id and the PPL::LambdaAliasArn is the lambda alias arn.

We substitute those values dynamically but I don't thinks that is the issue.

What did you expect to happen?

I will expect to get a private API Gateway with the vpce defined in the 'Settings - Endpoint configuration' section.

What actually happened?

The deployment fails with the following message:

VPCEndpoints can only be specified with PRIVATE apis. (Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException; Request ID: a2a6cebc-7004-4884-9398-0b83a384b49c)
	new SpecRestApi (/Users/ismael.martinez/projects/bitbucket/BIP/draw/draw-scheduler/node_modules/@aws-cdk/aws-apigateway/lib/restapi.ts:486:22)
...

Environment

  • CLI Version : 1.57.0
  • Framework Version: 1.57.0
  • Node.js Version: 10.22.0
  • OS : MAC 10.15.6
  • Language (Version): TypeScript (3.8.2)

Other

This is 🐛 Bug Report
@IsmaelMartinez IsmaelMartinez added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Aug 13, 2020
@github-actions github-actions bot added the @aws-cdk/aws-apigateway Related to Amazon API Gateway label Aug 13, 2020
This was referenced Aug 13, 2020
Closed
Closed
Merged
@nija-at
Copy link
Contributor

nija-at commented Aug 17, 2020

The requires investigation into how to correctly use x-amazon-apigateway-endpoint-configuration option in the OpenAPI definition.

@nija-at nija-at added effort/medium Medium work item – several days of effort p2 labels Aug 17, 2020
@SomayaB SomayaB removed the needs-triage This issue or PR still needs to be triaged. label Aug 18, 2020
@nija-at nija-at added p1 and removed p2 labels Aug 25, 2020
@rishavpaul
Copy link

rishavpaul commented Mar 30, 2021
edited
Loading

Is there any plan to fix this? Or perhaps enable SpecRestAPI to use the EndpointConfiguration interface ?

@rishavpaul
Copy link 

let api = new SpecRestAPI(...)
(api.node.defaultChild as CfnRestApi).endpointConfiguration = {
  types: [EndpointType.PRIVATE],
  vpcEndpointIds: [ 'xyz' ],
};

Is a workaround until above is implemented for any else facing the same issue.

@github-actions
Copy link

This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added closing-soon This issue will automatically close in 4 days unless further comments are made. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Jun 17, 2022
@oddg
Copy link

oddg commented Jun 23, 2022

I also have a use case for the required feature. Is there a plan to address the issue?

@aura-herrera-sonarsource
Copy link

I am also having an issue with this. Same error, no VPC endpoint added to the REST Api after using SpecRestAPI.

@kornel-kotan-sonarsource
Copy link

I'm facing the same issue too. Any suggested workaround? The one indicated by @rishavpaul doesn't seem to fix the problem for me.

@mattiamatrix
Copy link
Contributor

2023, and this is still not fixed. @RomainMuller can you help?

@roypronoy
Copy link

This is still open, and is very annoying. Programmatic deployments shouldn't fail like this.

@mrlikl mrlikl mentioned this issue Jan 17, 2024
Closed
2 tasks
@tim-finnigan tim-finnigan reopened this Jan 17, 2024
@MarcioMeier MarcioMeier mentioned this issue May 2, 2024
Merged
@moelasmar moelasmar removed the closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. label Sep 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-apigateway Related to Amazon API Gateway bug This issue is a bug. effort/medium Medium work item – several days of effort p1
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests