Support API Gateway Logging Metrics, Usage Plans, EndpointConfiguration, and CORS

[jfuss]

Parent Tracking Issue for Logging, Usage Plans, CORS etc on API resources (Implicit and Explicit). As part of this, we will move to a model where all API features will be supported in both Implicit & Explicit definitions consistently.

• Logging
• Usage Plans queued for v1.21.0
• Custom Authorizers (AWS::ApiGateway::Authorizer and AWS Cognito) (Add Support for AuthorizationType to API #49) (RFC: Authorizers #512)
• AWS_IAM
• Custom Domains v1.20.0
• ACM
• Base Path Mapping
• Regional Endpoints

For deeper details on the different issues, see the appropriate issue that is referenced below.

[rabowskyb]

Regarding the cors:true issue: could you please prioritize? Many users would like to utilize SAM to build web apps -- it is a huge percentage of use cases, many serveless app in fact are NOT "mobile first". Without direct CORS support, it is difficult to use SAM for web apps. Using Swagger with SAM to get around this can be painful and buggy.

[jfuss]

@rabowskyb All of these (in the issue) are being prioritize with high priority in the team and are going to be the first set of things we will address this year. The team is actively talking about how to move forward and we are trying to do this as quickly as we can. We don't have timelines to share, as of now though. I hope to share more soon.

[samwan]

Does this also mean it will be more straightforward to declare a AWS::ApiGateway::Authorizer resource with Type: "Cognito_user_pool" within a SAM template? There are a few unanswered requests for advice about this topic in the aws-sam-local issue 137 (aws/aws-sam-cli#137)

[steveparker-1984]

Can you confirm if this issue covers the built in AWS_IAM authorizer? It's a bit unclear from reading it but was referred to in the closure of #49

[jfuss]

@samwan Yes, we will be supporting AWS::ApiGateway::Authorizer

@steveparker-kcom Yes, this will cover the AWS_IAM authorizer.

I updated the list above to call this explicitly out. (Feel free to update or add more details as well)

[0xdevalias]

You may find AWS CDK gives the dream of ‘SAM Simplicity’ with enough functionality to actually be nice and useable. Get Outlook for iOS<https://aka.ms/o0ukef>

…

________________________________ From: Brandon Davidson <notifications@github.com> Sent: Saturday, January 19, 2019 6:08 pm To: awslabs/serverless-application-model Cc: 0xdevalias; Manual Subject: Re: [awslabs/serverless-application-model] Support API Gateway Logging Metrics, Usage Plans, EndpointConfiguration, and CORS (#248) Thanks @himanshu219<https://github.com/himanshu219>, I might give that a try. I was hoping to avoid having to generate my own swagger; the whole point of using SAM was to build the API with only CloudFormation templates and Lambda function code. If I've got to provide a bunch of additional artifacts or configuration then I might as well just go back to using stock CloudFormation and not mess with changesets and such. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub<#248 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AAuA4ymq-GH56AGYGL8kFbS2AfXmrzdoks5vEsRvgaJpZM4RW3tl>.

[brettstack]

IAM RFC #781 for those interested

[brettstack]

RFC for Custom Domain Names #783

[deleugpn]

API Gateway API Keys are not on that list? Would love to be able to create Lambda that requires API Key from SAM template.

[Recodify]

These limitations of SAM templates have now been a high priority for over a year, any news on when they are likely to be addressed? Specifically I'm interested in API keys, CORS and enabling logging.

[jfuss]

@Recodify Many of these have already been completed for some time now.

Logging in v1.4.0
CORS in v1.4.0

[Recodify]

@jfuss Ah brilliant, many thanks for pointing that out.
What about requiring an API key, is that currently possible without using a swagger definition?

[deleugpn]

Would love API Keys. That was merged on #444 and never released.

[jona]

Would love API Keys. That was merged on #444 and never released.

I'm also interested in seeing this be implemented. Any timelines on it? I also noticed it's not on the checklist at the top.

Thanks!

[jlhood]

@deleugpn @jona Thanks for following up on this. #444 can't be merged into develop in its current form. It needs to be updated to fit within the Auth syntax we've added to AWS::Serverless::Api since it was merged. We have not currently prioritized this work internally so the fastest way to get it into SAM is for someone from the community to contribute the necessary changes.

#547 is specifically tracking adding support for API Keys to AWS::Serverless::Api. It links to #827 as a good example PR to follow for anyone who wants to implement this feature.

[crawforde]

Any updates on this? not being able to add metrics using MethodSettings makes it pretty hard to use serverless in a production environment.

[jfuss]

@crawforde Please see above comment (it's have been released for some time now) #248 (comment)

[crawforde]

Found the docs on it. Thanks! Seems like there was another issue that was preventing this from working.

[liam-sage]

@jfuss, any update on support for throttling?

Will (or does) it consider all throttling definitions (AWS::ApiGateway::UsagePlan Throtle; AWS::ApiGateway::UsagePlan ApiStages Throtle; AWS::Serverless::Api MethodSettings)?

I am trying to verify the response messages returned to see whether my response template works when throttling but no matter what all jobs are queued and throttling never occurs on SAM CLI. Maybe I have to do this on AWS. Any hints?

[brandond]

@liam-sage Are you trying to test throttling with 'start-api'? I don't think that really does anything other than add some routes and invoke your function through a simple Flask CGI wrapper - any of the more complicated stuff that API Gateway does like authorizers, throttling, etc are not included.

[phanikrishnahari]

Hi, do we have the feature to enable logging for ApiGateway when deployed using SAM templet?

[ShreyaGangishetty]

We have created an RFC #1141 to support creation of Api keys for Auth with Usage Plans. Please let us know your thoughts on the RFC

[juhaniniinimaa]

@phanikrishnahari

You can't have it directly on AWS::Serverless::Api as discussed, but AWS SAM supports anything AWS CloudFormation supports so why not to apply this into your code. Template example here.

Then you can just

MyApi:
  Type: AWS::Serverless::Api
  Properties:
    MethodSettings: # Use execution logging  
    AccessLogSetting: # Use access logging

[awsjeffg]

@jfuss this was reviewed as part of backlog review. What's missing here that we need?

[sapessi]

Closing this issue for now since most feature requests are addressed. We'll track additional/new items separately.