How do I cloudform an API gateway resource with a lambda proxy integration

Question

I\'ve been trying to work out how to express (in cloudformation) an API Gateway Resource that has a Lambda function integration type using the Lambda Proxy integration.

Answer 1

I have solved this same issue by simple changing the

Integration:
Type: AWS_PROXY

To

Integration:
Type: AWS

The cloud formation documentation currently is scarce and the API gateway cloudformation documentation doesn't match up to what can be seen on the console which hinders anyone who is trying to resolve an issue.

Hope this helps!

Answer 2

The Integration type should be set to AWS_PROXY. An example snippet of a method from a working YAML CloudFormation template is below.

ProxyResourceAny:
  Type: AWS::ApiGateway::Method
  Properties:
    AuthorizationType: NONE
    HttpMethod: ANY
    ResourceId:
      Ref: ProxyResource
    RestApiId:
      Ref: API
    Integration:
      Type: AWS_PROXY
      IntegrationHttpMethod: POST
      Uri: !Sub
        - arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${Arn}/invocations
        - Arn:
            Fn::GetAtt:
            - RestorerLambda
            - Arn

It's worth saying how a I figured this out...

After scratching my head for a while I examined the output of the aws apigateway get-method CLI command for a method that was configured this way using the console. That gave me the following JSON and I realised that the checkbox might be encoded into the type. I tested my assumption and came up with the CloudFormation above.

{
    "apiKeyRequired": false,
    "httpMethod": "ANY",
    "methodIntegration": {
        "integrationResponses": {
            "200": {
                "responseTemplates": {
                    "application/json": null
                },
                "statusCode": "200"
            }
        },
        "passthroughBehavior": "WHEN_NO_MATCH",
        "cacheKeyParameters": [],
        "uri": "arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:XXXXXXXXX:function:Shildrew-Restorer-Play-Lambda/invocations",
        "httpMethod": "POST",
        "cacheNamespace": "64bl3tgw4g",
        "type": "AWS_PROXY"
    },
    "requestParameters": {},
    "authorizationType": "NONE"
}

Answer 3

We faced this exact issue. We are using Ansible for our Infrastructure. Could apply to CLI or Cloudformation or even the SDK

The solution to our problem was to make sure that the Lambda policy was defined in a granular manner for the endpoint verbs in API Gateway for the lambda you are attempting to use.

For instance, We had multiple routes. Each route(or sets of routes) needs its own lambda policy defined that allows lambda:InvokeFunction. This is defined in the Lambda Policy module for Ansible. With this, the lambda trigger was enabled automatically.