This example create an API Gateway which responds to requests using different sources:
- Static files from a directory
- Lambda Function
- HTTP Proxy
When you're finished, you'll be familiar with how to configure routes in API Gateway using the RestAPI.
For Pulumi examples, we typically start by creating a directory and changing into it. Then, we create a new Pulumi project from a template. For example, azure-javascript.
-
Install prerequisites:
npm install
or
yarn install
-
Create a new Pulumi stack:
pulumi stack init
-
Configure the AWS region to deploy into:
pulumi config set aws:region us-east-2 -
Deploy the Pulumi stack:
pulumi up
Use the example CURL commands to test the API responses.
$ curl -w '\n' "$(pulumi stack output url)static"
<h1>Hello Pulumi!</h1>
$ curl -w '\n' "$(pulumi stack output url)lambda"
Hello, API Gateway!
$ python3 -m webbrowser "$(pulumi stack output url)proxy"
# Opens a page looking like Google in your browser
$ curl -w '\n' "$(pulumi stack output url)swagger"
{
"uuid": ...
}
$ curl -w '\n' -H "Authorization: HEADER.PAYLOAD.SIGNATURE" "$(pulumi stack output url)cognito-authorized"
{"message":"Unauthorized"}
$ curl -w '\n' -H "Authorization: goodToken" "$(pulumi stack output url)lambda-authorized"
Hello, API Gateway!
$ curl -w '\n' -H "Authorization: badToken" "$(pulumi stack output url)lambda-authorized"
{"message": "404 Not found" }
$ curl -w '\n' "$(pulumi stack output url)lambda-authorized" # No token
{"message":"Unauthorized"}
$ curl -w '\n' "$(pulumi stack output swaggerUrl)"
{
"uuid": ...
}
$ curl -w '\n' -H "x-api-key: $(pulumi stack output apiKeyValue --show-secrets)" "$(pulumi stack output url)key-authorized"
Hello, API Gateway!Testing a valid Cognito token is a little more involved.
-
Create a random password
PASSWORD=$(curl -s https://www.passwordrandom.com/query?command=password&scheme=Llnn%23rrrrrrrrrr) -
Create a user
aws cognito-idp sign-up --region $(pulumi config get aws:region) --client-id $(pulumi stack output userPoolClientId) --username "test@domain.example" --password "$PASSWORD"
-
Confirm the user's account
aws cognito-idp admin-confirm-sign-up --region $(pulumi config get aws:region) --user-pool-id $(pulumi stack output userPoolId) --username "test@domain.example"
-
Authenticate to create a new session:
TOKEN=$(aws cognito-idp admin-initiate-auth --region $(pulumi config get aws:region) --user-pool-id $(pulumi stack output userPoolId) --client-id $(pulumi stack output userPoolClientId) --auth-flow ADMIN_NO_SRP_AUTH --auth-parameters "{\"USERNAME\":\"test@domain.example\",\"PASSWORD\":\"$PASSWORD\"}") -
Perform authenticated request
$ curl -w '\n' -H "Authorization: $(echo $TOKEN | jq '.AuthenticationResult.IdToken' -r)" "$(pulumi stack output url)cognito-authorized" Hello, API Gateway!
Fetch and review the logs from the Lambda executions:
pulumi logsBefore you can set up a custom domain you must register a domain name with Route 53.
Configure the stack with your custom DNS information:
pulumi config set domain subdomain.acmecorp.example
pulumi config set dns-zone acmecorp.exampleDeploy your stack:
$ pulumi up
...
Type Name Plan
pulumi:pulumi:Stack aws-apigateway-ts-routes-dev
+ ├─ pulumi:providers:aws usEast1 create
+ ├─ aws:acm:Certificate ssl-cert create
+ ├─ aws:route53:Record ssl-cert-validation-dns-record create
+ ├─ aws:acm:CertificateValidation ssl-cert-validation create
+ ├─ aws:apigateway:DomainName api-domain-name create
+ ├─ aws:route53:Record api-dns create
+ └─ aws:apigateway:BasePathMapping api-domain-mapping createTest your API is now available on your custom domain:
curl -w '\n' "$(pulumi stack output customUrl)static"Once you're finished experimenting, you can destroy your stack and remove it to avoid incurring any additional cost:
pulumi destroy
pulumi stack rmIn this tutorial, you deployed an API with different route configurations. Now you can use these patterns to build real APIs which connect to other services.