From e45434928a17cde580698a82ee53f6ee7463c6cf Mon Sep 17 00:00:00 2001 From: mickychetta <45010053+mickychetta@users.noreply.github.com> Date: Wed, 20 Oct 2021 13:57:49 -0700 Subject: [PATCH] fix(apigateway-helper): fixed condition for cloudWatchRole creation (#468) * updated condition for cloudWatchRole creation in gateway helper * added test for false cloudWatchRole in gateway helper * updated test method * updated test method --- .../aws-apigateway-dynamodb/README.md | 2 +- .../aws-apigateway-dynamodb/lib/index.ts | 2 +- .../aws-apigateway-iot/README.md | 2 +- .../aws-apigateway-iot/lib/index.ts | 2 +- .../aws-apigateway-kinesisstreams/README.md | 2 +- .../lib/index.ts | 2 +- .../aws-apigateway-lambda/README.md | 2 +- .../aws-apigateway-lambda/lib/index.ts | 2 +- .../test/test.apigateway-lambda.test.ts | 9 +----- .../README.md | 2 +- .../lib/index.ts | 2 +- .../aws-apigateway-sqs/README.md | 2 +- .../aws-apigateway-sqs/lib/index.ts | 2 +- .../README.md | 2 +- .../lib/index.ts | 2 +- .../aws-cognito-apigateway-lambda/README.md | 2 +- .../lib/index.ts | 2 +- .../core/lib/apigateway-helper.ts | 29 ++++++++++++------- .../core/test/apigateway-helper.test.ts | 9 ++++++ 19 files changed, 45 insertions(+), 34 deletions(-) diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/README.md b/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/README.md index bf683e496..e555d3768 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/README.md @@ -71,7 +71,7 @@ _Parameters_ |apiGateway|[`api.RestApi`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-apigateway.RestApi.html)|Returns an instance of the api.RestApi created by the construct.| |apiGatewayRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway.| |dynamoTable|[`dynamodb.Table`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-dynamodb.Table.html)|Returns an instance of dynamodb.Table created by the construct.| -|apiGatewayCloudWatchRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway for CloudWatch access.| +|apiGatewayCloudWatchRole?|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway for CloudWatch access.| |apiGatewayLogGroup|[`logs.LogGroup`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroup.html)|Returns an instance of the LogGroup created by the construct for API Gateway access logging to CloudWatch.| ## Default settings diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/lib/index.ts index 7d34ec10a..b891136a8 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/lib/index.ts +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/lib/index.ts @@ -109,7 +109,7 @@ export class ApiGatewayToDynamoDB extends Construct { public readonly dynamoTable: dynamodb.Table; public readonly apiGatewayRole: iam.Role; public readonly apiGateway: api.RestApi; - public readonly apiGatewayCloudWatchRole: iam.Role; + public readonly apiGatewayCloudWatchRole?: iam.Role; public readonly apiGatewayLogGroup: logs.LogGroup; /** * @summary Constructs a new instance of the ApiGatewayToDynamoDB class. diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/README.md b/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/README.md index 2c60a9345..be5017cab 100755 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/README.md @@ -69,7 +69,7 @@ _Parameters_ |:-------------|:----------------|-----------------| |apiGateway|[`api.RestApi`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-apigateway.RestApi.html)|Returns an instance of the API Gateway REST API created by the pattern.| |apiGatewayRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway.| -|apiGatewayCloudWatchRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway for CloudWatch access.| +|apiGatewayCloudWatchRole?|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway for CloudWatch access.| |apiGatewayLogGroup|[`logs.LogGroup`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroup.html)|Returns an instance of the LogGroup created by the construct for API Gateway access logging to CloudWatch.| ## Default settings diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/lib/index.ts index 44fb1581d..bacfba624 100755 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/lib/index.ts +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/lib/index.ts @@ -61,7 +61,7 @@ export interface ApiGatewayToIotProps { */ export class ApiGatewayToIot extends Construct { public readonly apiGateway: api.RestApi; - public readonly apiGatewayCloudWatchRole: iam.Role; + public readonly apiGatewayCloudWatchRole?: iam.Role; public readonly apiGatewayLogGroup: logs.LogGroup; public readonly apiGatewayRole: iam.IRole; private readonly iotEndpoint: string; diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-kinesisstreams/README.md b/source/patterns/@aws-solutions-constructs/aws-apigateway-kinesisstreams/README.md index 876f4a6d0..a3dd78c13 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-kinesisstreams/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-kinesisstreams/README.md @@ -63,7 +63,7 @@ _Parameters_ |:-------------|:----------------|-----------------| |apiGateway|[`api.RestApi`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-apigateway.RestApi.html)|Returns an instance of the API Gateway REST API created by the pattern.| |apiGatewayRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway.| -|apiGatewayCloudWatchRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway for CloudWatch access.| +|apiGatewayCloudWatchRole?|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway for CloudWatch access.| |apiGatewayLogGroup|[`logs.LogGroup`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroup.html)|Returns an instance of the LogGroup created by the construct for API Gateway access logging to CloudWatch.| |kinesisStream|[`kinesis.Stream`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-kinesis.Stream.html)|Returns an instance of the Kinesis stream created or used by the pattern.| |cloudwatchAlarms?|[`cloudwatch.Alarm[]`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-cloudwatch.Alarm.html)|Returns an array of recommended CloudWatch Alarms created by the construct for Kinesis Data stream| diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-kinesisstreams/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-apigateway-kinesisstreams/lib/index.ts index a67badf60..9cbc11443 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-kinesisstreams/lib/index.ts +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-kinesisstreams/lib/index.ts @@ -96,7 +96,7 @@ export interface ApiGatewayToKinesisStreamsProps { export class ApiGatewayToKinesisStreams extends Construct { public readonly apiGateway: api.RestApi; public readonly apiGatewayRole: iam.Role; - public readonly apiGatewayCloudWatchRole: iam.Role; + public readonly apiGatewayCloudWatchRole?: iam.Role; public readonly apiGatewayLogGroup: logs.LogGroup; public readonly kinesisStream: kinesis.Stream; public readonly cloudwatchAlarms?: cloudwatch.Alarm[]; diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/README.md b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/README.md index a321d7b6c..80182026b 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/README.md @@ -64,7 +64,7 @@ _Parameters_ |:-------------|:----------------|-----------------| |lambdaFunction|[`lambda.Function`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-lambda.Function.html)|Returns an instance of the Lambda function created by the pattern.| |apiGateway|[`api.LambdaRestApi`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-apigateway.LambdaRestApi.html)|Returns an instance of the API Gateway REST API created by the pattern.| -|apiGatewayCloudWatchRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway for CloudWatch access.| +|apiGatewayCloudWatchRole?|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway for CloudWatch access.| |apiGatewayLogGroup|[`logs.LogGroup`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroup.html)|Returns an instance of the LogGroup created by the construct for API Gateway access logging to CloudWatch.| ## Default settings diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/lib/index.ts index 6711937c2..244e29f15 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/lib/index.ts +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/lib/index.ts @@ -55,7 +55,7 @@ export interface ApiGatewayToLambdaProps { */ export class ApiGatewayToLambda extends Construct { public readonly apiGateway: api.RestApi; - public readonly apiGatewayCloudWatchRole: iam.Role; + public readonly apiGatewayCloudWatchRole?: iam.Role; public readonly apiGatewayLogGroup: logs.LogGroup; public readonly lambdaFunction: lambda.Function; diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/test.apigateway-lambda.test.ts b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/test.apigateway-lambda.test.ts index 3fab28f12..c6c70bc2f 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/test.apigateway-lambda.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/test.apigateway-lambda.test.ts @@ -145,12 +145,5 @@ test('Test deployment ApiGateway override cloudWatchRole = false', () => { } }); // Assertion 1 - expect(stack).toHaveResourceLike("AWS::ApiGateway::Account", { - CloudWatchRoleArn: { - "Fn::GetAtt": [ - "apigatewaylambdaLambdaRestApiCloudWatchRoleA759E8AC", - "Arn" - ] - } - }); + expect(stack).not.toHaveResource("AWS::ApiGateway::Account", {}); }); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-sagemakerendpoint/README.md b/source/patterns/@aws-solutions-constructs/aws-apigateway-sagemakerendpoint/README.md index d935c5d2b..fd86c4979 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-sagemakerendpoint/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-sagemakerendpoint/README.md @@ -83,7 +83,7 @@ _Parameters_ |:-------------|:----------------|-----------------| |apiGateway|[`api.RestApi`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-apigateway.RestApi.html)|Returns an instance of the API Gateway REST API created by the pattern.| |apiGatewayRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway.| -|apiGatewayCloudWatchRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway for CloudWatch access.| +|apiGatewayCloudWatchRole?|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway for CloudWatch access.| |apiGatewayLogGroup|[`logs.LogGroup`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroup.html)|Returns an instance of the LogGroup created by the construct for API Gateway access logging to CloudWatch.| ## Sample API Usage diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-sagemakerendpoint/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-apigateway-sagemakerendpoint/lib/index.ts index 46d4c7c1b..0ed559f24 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-sagemakerendpoint/lib/index.ts +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-sagemakerendpoint/lib/index.ts @@ -78,7 +78,7 @@ export interface ApiGatewayToSageMakerEndpointProps { export class ApiGatewayToSageMakerEndpoint extends Construct { public readonly apiGateway: api.RestApi; public readonly apiGatewayRole: iam.Role; - public readonly apiGatewayCloudWatchRole: iam.Role; + public readonly apiGatewayCloudWatchRole?: iam.Role; public readonly apiGatewayLogGroup: logs.LogGroup; /** diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/README.md b/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/README.md index e6633f78a..c7c88eacb 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/README.md @@ -65,7 +65,7 @@ _Parameters_ |:-------------|:----------------|-----------------| |apiGateway|[`api.RestApi`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-apigateway.RestApi.html)|Returns an instance of the API Gateway REST API created by the pattern.| |apiGatewayRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway.| -|apiGatewayCloudWatchRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway for CloudWatch access.| +|apiGatewayCloudWatchRole?|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway for CloudWatch access.| |apiGatewayLogGroup|[`logs.LogGroup`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroup.html)|Returns an instance of the LogGroup created by the construct for API Gateway access logging to CloudWatch.| |sqsQueue|[`sqs.Queue`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-sqs.Queue.html)|Returns an instance of the SQS queue created by the pattern.| |deadLetterQueue?|[`sqs.DeadLetterQueue`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-sqs.DeadLetterQueue.html)|Returns an instance of the DeadLetterQueue created by the pattern.| diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/lib/index.ts index 9193b9c80..48d851f66 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/lib/index.ts +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/lib/index.ts @@ -111,7 +111,7 @@ export interface ApiGatewayToSqsProps { export class ApiGatewayToSqs extends Construct { public readonly apiGateway: api.RestApi; public readonly apiGatewayRole: iam.Role; - public readonly apiGatewayCloudWatchRole: iam.Role; + public readonly apiGatewayCloudWatchRole?: iam.Role; public readonly apiGatewayLogGroup: logs.LogGroup; public readonly sqsQueue: sqs.Queue; public readonly deadLetterQueue?: sqs.DeadLetterQueue; diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/README.md b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/README.md index 6c73c77ee..28b782cc9 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/README.md @@ -66,7 +66,7 @@ _Parameters_ |cloudFrontFunction?|[`cloudfront.Function`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-cloudfront.Function.html)|Returns an instance of the Cloudfront function created by the pattern.| |cloudFrontLoggingBucket|[`s3.Bucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-s3-readme.html)|Returns an instance of the logging bucket for CloudFront WebDistribution.| |apiGateway|[`api.RestApi`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-apigateway.RestApi.html)|Returns an instance of the API Gateway REST API created by the pattern.| -|apiGatewayCloudWatchRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway for CloudWatch access.| +|apiGatewayCloudWatchRole?|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway for CloudWatch access.| |apiGatewayLogGroup|[`logs.LogGroup`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroup.html)|Returns an instance of the LogGroup created by the construct for API Gateway access logging to CloudWatch.| |lambdaFunction|[`lambda.Function`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-lambda.Function.html)|Returns an instance of the Lambda function created by the pattern.| diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/lib/index.ts index 60704faf1..d4b55a100 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/lib/index.ts +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/lib/index.ts @@ -76,7 +76,7 @@ export class CloudFrontToApiGatewayToLambda extends Construct { public readonly cloudFrontFunction?: cloudfront.Function; public readonly cloudFrontLoggingBucket?: s3.Bucket; public readonly apiGateway: api.RestApi; - public readonly apiGatewayCloudWatchRole: iam.Role; + public readonly apiGatewayCloudWatchRole?: iam.Role; public readonly apiGatewayLogGroup: logs.LogGroup; public readonly lambdaFunction: lambda.Function; diff --git a/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/README.md b/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/README.md index b7dc933f9..928c253ad 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/README.md @@ -91,7 +91,7 @@ _Parameters_ |userPool|[`cognito.UserPool`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-cognito.UserPool.html)|Returns an instance of cognito.UserPool created by the construct| |userPoolClient|[`cognito.UserPoolClient`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-cognito.UserPoolClient.html)|Returns an instance of cognito.UserPoolClient created by the construct| |apiGateway|[`api.RestApi`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-apigateway.RestApi.html)|Returns an instance of api.RestApi created by the construct| -|apiGatewayCloudWatchRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway for CloudWatch access.| +|apiGatewayCloudWatchRole?|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for API Gateway for CloudWatch access.| |apiGatewayLogGroup|[`logs.LogGroup`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroup.html)|Returns an instance of the LogGroup created by the construct for API Gateway access logging to CloudWatch.| |apiGatewayAuthorizer|[`api.CfnAuthorizer`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-apigateway.CfnAuthorizer.html)|Returns an instance of the api.CfnAuthorizer created by the construct for API Gateway methods authorization.| |lambdaFunction|[`lambda.Function`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-lambda.Function.html)|Returns an instance of lambda.Function created by the construct| diff --git a/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/lib/index.ts index 872a57e28..d4f2d0fb2 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/lib/index.ts +++ b/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/lib/index.ts @@ -66,7 +66,7 @@ export class CognitoToApiGatewayToLambda extends Construct { public readonly userPool: cognito.UserPool; public readonly userPoolClient: cognito.UserPoolClient; public readonly apiGateway: api.RestApi; - public readonly apiGatewayCloudWatchRole: iam.Role; + public readonly apiGatewayCloudWatchRole?: iam.Role; public readonly apiGatewayLogGroup: logs.LogGroup; public readonly apiGatewayAuthorizer: api.CfnAuthorizer; public readonly lambdaFunction: lambda.Function; diff --git a/source/patterns/@aws-solutions-constructs/core/lib/apigateway-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/apigateway-helper.ts index e3ca929d7..afed0155e 100644 --- a/source/patterns/@aws-solutions-constructs/core/lib/apigateway-helper.ts +++ b/source/patterns/@aws-solutions-constructs/core/lib/apigateway-helper.ts @@ -77,7 +77,7 @@ function configureCloudwatchRoleForApi(scope: Construct, _api: api.RestApi): iam * @param apiGatewayProps - (optional) user-specified properties to override the default properties. */ function configureLambdaRestApi(scope: Construct, defaultApiGatewayProps: api.LambdaRestApiProps, - apiGatewayProps?: api.LambdaRestApiProps): [api.RestApi, iam.Role] { + apiGatewayProps?: api.LambdaRestApiProps): [api.RestApi, iam.Role | undefined] { // API Gateway doesn't allow both endpointTypes and endpointConfiguration, check whether endPointTypes exists if (apiGatewayProps?.endpointTypes) { @@ -88,14 +88,18 @@ function configureLambdaRestApi(scope: Construct, defaultApiGatewayProps: api.La let _api: api.RestApi; if (apiGatewayProps) { // If property overrides have been provided, incorporate them and deploy - const _apiGatewayProps = overrideProps(defaultApiGatewayProps, apiGatewayProps); + const _apiGatewayProps = overrideProps(defaultApiGatewayProps, { ...apiGatewayProps, cloudWatchRole: false }); _api = new api.LambdaRestApi(scope, 'LambdaRestApi', _apiGatewayProps); } else { // If no property overrides, deploy using the default configuration _api = new api.LambdaRestApi(scope, 'LambdaRestApi', defaultApiGatewayProps); } // Configure API access logging - const cwRole = configureCloudwatchRoleForApi(scope, _api); + let cwRole; + + if (apiGatewayProps?.cloudWatchRole !== false) { + cwRole = configureCloudwatchRoleForApi(scope, _api); + } let usagePlanProps: api.UsagePlanProps = { apiStages: [{ @@ -123,7 +127,7 @@ function configureLambdaRestApi(scope: Construct, defaultApiGatewayProps: api.La * @param apiGatewayProps - (optional) user-specified properties to override the default properties. */ function configureRestApi(scope: Construct, defaultApiGatewayProps: api.RestApiProps, - apiGatewayProps?: api.RestApiProps): [api.RestApi, iam.Role] { + apiGatewayProps?: api.RestApiProps): [api.RestApi, iam.Role | undefined] { // API Gateway doesn't allow both endpointTypes and endpointConfiguration, check whether endPointTypes exists if (apiGatewayProps?.endpointTypes) { @@ -134,14 +138,19 @@ function configureRestApi(scope: Construct, defaultApiGatewayProps: api.RestApiP let _api: api.RestApi; if (apiGatewayProps) { // If property overrides have been provided, incorporate them and deploy - const _apiGatewayProps = overrideProps(defaultApiGatewayProps, apiGatewayProps); + const _apiGatewayProps = overrideProps(defaultApiGatewayProps, { ...apiGatewayProps, cloudWatchRole: false }); _api = new api.RestApi(scope, 'RestApi', _apiGatewayProps); } else { // If no property overrides, deploy using the default configuration _api = new api.RestApi(scope, 'RestApi', defaultApiGatewayProps); } + + let cwRole; + // Configure API access logging - const cwRole = configureCloudwatchRoleForApi(scope, _api); + if (apiGatewayProps?.cloudWatchRole !== false) { + cwRole = configureCloudwatchRoleForApi(scope, _api); + } let usagePlanProps: api.UsagePlanProps = { apiStages: [{ @@ -170,7 +179,7 @@ function configureRestApi(scope: Construct, defaultApiGatewayProps: api.RestApiP * @param apiGatewayProps - (optional) user-specified properties to override the default properties. */ export function GlobalLambdaRestApi(scope: Construct, _existingLambdaObj: lambda.Function, - apiGatewayProps?: api.LambdaRestApiProps, logGroupProps?: logs.LogGroupProps): [api.RestApi, iam.Role, logs.LogGroup] { + apiGatewayProps?: api.LambdaRestApiProps, logGroupProps?: logs.LogGroupProps): [api.RestApi, iam.Role | undefined, logs.LogGroup] { // Configure log group for API Gateway AccessLogging const logGroup = buildLogGroup(scope, 'ApiAccessLogGroup', logGroupProps); @@ -186,7 +195,7 @@ export function GlobalLambdaRestApi(scope: Construct, _existingLambdaObj: lambda * @param apiGatewayProps - (optional) user-specified properties to override the default properties. */ export function RegionalLambdaRestApi(scope: Construct, _existingLambdaObj: lambda.Function, - apiGatewayProps?: api.LambdaRestApiProps, logGroupProps?: logs.LogGroupProps): [api.RestApi, iam.Role, logs.LogGroup] { + apiGatewayProps?: api.LambdaRestApiProps, logGroupProps?: logs.LogGroupProps): [api.RestApi, iam.Role | undefined, logs.LogGroup] { // Configure log group for API Gateway AccessLogging const logGroup = buildLogGroup(scope, 'ApiAccessLogGroup', logGroupProps); @@ -201,7 +210,7 @@ export function RegionalLambdaRestApi(scope: Construct, _existingLambdaObj: lamb * @param apiGatewayProps - (optional) user-specified properties to override the default properties. */ export function GlobalRestApi(scope: Construct, apiGatewayProps?: api.RestApiProps, - logGroupProps?: logs.LogGroupProps): [api.RestApi, iam.Role, logs.LogGroup] { + logGroupProps?: logs.LogGroupProps): [api.RestApi, iam.Role | undefined, logs.LogGroup] { // Configure log group for API Gateway AccessLogging const logGroup = buildLogGroup(scope, 'ApiAccessLogGroup', logGroupProps); @@ -216,7 +225,7 @@ export function GlobalRestApi(scope: Construct, apiGatewayProps?: api.RestApiPro * @param apiGatewayProps - (optional) user-specified properties to override the default properties. */ export function RegionalRestApi(scope: Construct, apiGatewayProps?: api.RestApiProps, - logGroupProps?: logs.LogGroupProps): [api.RestApi, iam.Role, logs.LogGroup] { + logGroupProps?: logs.LogGroupProps): [api.RestApi, iam.Role | undefined, logs.LogGroup] { // Configure log group for API Gateway AccessLogging const logGroup = buildLogGroup(scope, 'ApiAccessLogGroup', logGroupProps); diff --git a/source/patterns/@aws-solutions-constructs/core/test/apigateway-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/apigateway-helper.test.ts index f6580cdf9..fd172e6b8 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/apigateway-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/apigateway-helper.test.ts @@ -201,6 +201,15 @@ test('Test default RestApi deployment w/ ApiGatewayProps', () => { }); }); +test('Test default RestApi deployment w/ cloudWatchRole set to false', () => { + const stack = new Stack(); + setupRestApi(stack, { + cloudWatchRole: false + }); + + expect(stack).not.toHaveResourceLike("AWS::ApiGateway::Account", {}); +}); + test('Test default RestApi deployment for Cloudwatch loggroup', () => { const stack = new Stack(); deployRegionalApiGateway(stack);