Merge pull request #16 from MarcioMeier/fix/api-gateway-vpce-ids

fix: api gateway vpc endpoint ids
flaviostutz · May 8, 2024 · a3fbfc9 · a3fbfc9
2 parents 9057700 + c283c9f
commit a3fbfc9
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 8 deletions.
diff --git a/lib/src/apigateway/openapi-gateway-lambda.test.ts b/lib/src/apigateway/openapi-gateway-lambda.test.ts
@@ -189,7 +189,7 @@ describe('openapi-gateway-lambda', () => {
             ],
             "Condition": {
               "StringEquals": {
-                "aws:SourceVpce": [
+                "aws:sourceVpce": [
                   "vpce-123123"
                 ]
               }
@@ -199,6 +199,14 @@ describe('openapi-gateway-lambda', () => {
       }`,
     );
 
+    // Make sure that the workaround adds the endpoint configuration to the rest api construct
+    template.hasResourceProperties('AWS::ApiGateway::RestApi', {
+      EndpointConfiguration: {
+        Types: ['PRIVATE'],
+        VpcEndpointIds: ['vpce-123123'],
+      },
+    });
+
     template.hasResourceProperties('AWS::Logs::LogGroup', {
       LogGroupName: 'apigateway-accesslogs-myapi',
       RetentionInDays: 30,
@@ -238,7 +246,7 @@ describe('openapi-gateway-lambda', () => {
     });
     expect(
       openapiDoc31WithVPCE['x-amazon-apigateway-policy'].Statement[0].Condition.StringEquals[
-        'aws:SourceVpce'
+        'aws:sourceVpce'
       ],
     ).toStrictEqual(originProps.vpcEndpointIds);
     // output includes fields from input

diff --git a/lib/src/apigateway/openapi-gateway-lambda.ts b/lib/src/apigateway/openapi-gateway-lambda.ts
@@ -11,6 +11,7 @@ import {
   SpecRestApi,
   SpecRestApiProps,
   StageOptions,
+  CfnRestApi,
 } from 'aws-cdk-lib/aws-apigateway';
 import type { oas30, oas31 } from 'openapi3-ts';
 import { Construct } from 'constructs';
@@ -82,6 +83,17 @@ export class OpenApiGatewayLambda extends Construct {
       deployOptions,
     });
 
+    // Workaround to link the vpc endpoint ids top the api gateway > api settings
+    // This should be removed when this issue is fixed
+    // https://github.com/aws/aws-cdk/issues/9684
+    const hasPrivate = props.endpointTypes?.some((value) => value === EndpointType.PRIVATE);
+    if (hasPrivate) {
+      (specRestApi.node.defaultChild as CfnRestApi).endpointConfiguration = {
+        types: propsWithDefaults.endpointTypes ?? [EndpointType.PRIVATE],
+        vpcEndpointIds: propsWithDefaults.vpcEndpointIds,
+      };
+    }
+
     this.specRestApi = specRestApi;
     this.openapiDocument = openapiDoc30;
     this.logGroupAccessLog = logGroupAccessLog;
@@ -143,10 +155,7 @@ export const addVPCEndpointConfig = (
   props: OpenApiGatewayLambdaProps,
   openapiDoc31: oas31.OpenAPIObject,
 ): { openapiDoc31WithVPCE: oas31.OpenAPIObject } => {
-  const hasPrivate = props.endpointTypes?.reduce(
-    (cur, value) => cur || value === EndpointType.PRIVATE,
-    false,
-  );
+  const hasPrivate = props.endpointTypes?.some((value) => value === EndpointType.PRIVATE);
   if (!hasPrivate) {
     return { openapiDoc31WithVPCE: openapiDoc31 };
   }
@@ -175,7 +184,7 @@ export const addVPCEndpointConfig = (
         Resource: ['execute-api:/*'],
         Condition: {
           StringEquals: {
-            'aws:SourceVpce': props.vpcEndpointIds,
+            'aws:sourceVpce': props.vpcEndpointIds,
           },
         },
       },
@@ -279,7 +288,7 @@ export const getPropsWithDefaults = (
   return {
     ...props,
 
-    // opiniated default props
+    // opinionated default props
     minCompressionSize: props.minCompressionSize ?? Size.bytes(200000),
     accessLogRetention: props.accessLogRetention ?? RetentionDays.SIX_MONTHS,
     deploy: props.deploy ?? true,