1. Packages
  2. AWS
  3. API Docs
  4. apigateway
  5. RestApiPolicy
AWS v6.54.0 published on Friday, Sep 27, 2024 by Pulumi

aws.apigateway.RestApiPolicy

Explore with Pulumi AI

aws logo
AWS v6.54.0 published on Friday, Sep 27, 2024 by Pulumi

    Provides an API Gateway REST API Policy.

    Note: Amazon API Gateway Version 1 resources are used for creating and deploying REST APIs. To create and deploy WebSocket and HTTP APIs, use Amazon API Gateway Version 2 resources.

    Example Usage

    Basic

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const testRestApi = new aws.apigateway.RestApi("test", {name: "example-rest-api"});
    const test = aws.iam.getPolicyDocumentOutput({
        statements: [{
            effect: "Allow",
            principals: [{
                type: "AWS",
                identifiers: ["*"],
            }],
            actions: ["execute-api:Invoke"],
            resources: [testRestApi.executionArn],
            conditions: [{
                test: "IpAddress",
                variable: "aws:SourceIp",
                values: ["123.123.123.123/32"],
            }],
        }],
    });
    const testRestApiPolicy = new aws.apigateway.RestApiPolicy("test", {
        restApiId: testRestApi.id,
        policy: test.apply(test => test.json),
    });
    
    import pulumi
    import pulumi_aws as aws
    
    test_rest_api = aws.apigateway.RestApi("test", name="example-rest-api")
    test = aws.iam.get_policy_document_output(statements=[{
        "effect": "Allow",
        "principals": [{
            "type": "AWS",
            "identifiers": ["*"],
        }],
        "actions": ["execute-api:Invoke"],
        "resources": [test_rest_api.execution_arn],
        "conditions": [{
            "test": "IpAddress",
            "variable": "aws:SourceIp",
            "values": ["123.123.123.123/32"],
        }],
    }])
    test_rest_api_policy = aws.apigateway.RestApiPolicy("test",
        rest_api_id=test_rest_api.id,
        policy=test.json)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		testRestApi, err := apigateway.NewRestApi(ctx, "test", &apigateway.RestApiArgs{
    			Name: pulumi.String("example-rest-api"),
    		})
    		if err != nil {
    			return err
    		}
    		test := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
    			Statements: iam.GetPolicyDocumentStatementArray{
    				&iam.GetPolicyDocumentStatementArgs{
    					Effect: pulumi.String("Allow"),
    					Principals: iam.GetPolicyDocumentStatementPrincipalArray{
    						&iam.GetPolicyDocumentStatementPrincipalArgs{
    							Type: pulumi.String("AWS"),
    							Identifiers: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    						},
    					},
    					Actions: pulumi.StringArray{
    						pulumi.String("execute-api:Invoke"),
    					},
    					Resources: pulumi.StringArray{
    						testRestApi.ExecutionArn,
    					},
    					Conditions: iam.GetPolicyDocumentStatementConditionArray{
    						&iam.GetPolicyDocumentStatementConditionArgs{
    							Test:     pulumi.String("IpAddress"),
    							Variable: pulumi.String("aws:SourceIp"),
    							Values: pulumi.StringArray{
    								pulumi.String("123.123.123.123/32"),
    							},
    						},
    					},
    				},
    			},
    		}, nil)
    		_, err = apigateway.NewRestApiPolicy(ctx, "test", &apigateway.RestApiPolicyArgs{
    			RestApiId: testRestApi.ID(),
    			Policy: pulumi.String(test.ApplyT(func(test iam.GetPolicyDocumentResult) (*string, error) {
    				return &test.Json, nil
    			}).(pulumi.StringPtrOutput)),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var testRestApi = new Aws.ApiGateway.RestApi("test", new()
        {
            Name = "example-rest-api",
        });
    
        var test = Aws.Iam.GetPolicyDocument.Invoke(new()
        {
            Statements = new[]
            {
                new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
                {
                    Effect = "Allow",
                    Principals = new[]
                    {
                        new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                        {
                            Type = "AWS",
                            Identifiers = new[]
                            {
                                "*",
                            },
                        },
                    },
                    Actions = new[]
                    {
                        "execute-api:Invoke",
                    },
                    Resources = new[]
                    {
                        testRestApi.ExecutionArn,
                    },
                    Conditions = new[]
                    {
                        new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
                        {
                            Test = "IpAddress",
                            Variable = "aws:SourceIp",
                            Values = new[]
                            {
                                "123.123.123.123/32",
                            },
                        },
                    },
                },
            },
        });
    
        var testRestApiPolicy = new Aws.ApiGateway.RestApiPolicy("test", new()
        {
            RestApiId = testRestApi.Id,
            Policy = test.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.apigateway.RestApi;
    import com.pulumi.aws.apigateway.RestApiArgs;
    import com.pulumi.aws.iam.IamFunctions;
    import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
    import com.pulumi.aws.apigateway.RestApiPolicy;
    import com.pulumi.aws.apigateway.RestApiPolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var testRestApi = new RestApi("testRestApi", RestApiArgs.builder()
                .name("example-rest-api")
                .build());
    
            final var test = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
                .statements(GetPolicyDocumentStatementArgs.builder()
                    .effect("Allow")
                    .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                        .type("AWS")
                        .identifiers("*")
                        .build())
                    .actions("execute-api:Invoke")
                    .resources(testRestApi.executionArn())
                    .conditions(GetPolicyDocumentStatementConditionArgs.builder()
                        .test("IpAddress")
                        .variable("aws:SourceIp")
                        .values("123.123.123.123/32")
                        .build())
                    .build())
                .build());
    
            var testRestApiPolicy = new RestApiPolicy("testRestApiPolicy", RestApiPolicyArgs.builder()
                .restApiId(testRestApi.id())
                .policy(test.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(test -> test.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
                .build());
    
        }
    }
    
    resources:
      testRestApi:
        type: aws:apigateway:RestApi
        name: test
        properties:
          name: example-rest-api
      testRestApiPolicy:
        type: aws:apigateway:RestApiPolicy
        name: test
        properties:
          restApiId: ${testRestApi.id}
          policy: ${test.json}
    variables:
      test:
        fn::invoke:
          Function: aws:iam:getPolicyDocument
          Arguments:
            statements:
              - effect: Allow
                principals:
                  - type: AWS
                    identifiers:
                      - '*'
                actions:
                  - execute-api:Invoke
                resources:
                  - ${testRestApi.executionArn}
                conditions:
                  - test: IpAddress
                    variable: aws:SourceIp
                    values:
                      - 123.123.123.123/32
    

    Create RestApiPolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new RestApiPolicy(name: string, args: RestApiPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def RestApiPolicy(resource_name: str,
                      args: RestApiPolicyArgs,
                      opts: Optional[ResourceOptions] = None)
    
    @overload
    def RestApiPolicy(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      policy: Optional[str] = None,
                      rest_api_id: Optional[str] = None)
    func NewRestApiPolicy(ctx *Context, name string, args RestApiPolicyArgs, opts ...ResourceOption) (*RestApiPolicy, error)
    public RestApiPolicy(string name, RestApiPolicyArgs args, CustomResourceOptions? opts = null)
    public RestApiPolicy(String name, RestApiPolicyArgs args)
    public RestApiPolicy(String name, RestApiPolicyArgs args, CustomResourceOptions options)
    
    type: aws:apigateway:RestApiPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args RestApiPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args RestApiPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args RestApiPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args RestApiPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args RestApiPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var restApiPolicyResource = new Aws.ApiGateway.RestApiPolicy("restApiPolicyResource", new()
    {
        Policy = "string",
        RestApiId = "string",
    });
    
    example, err := apigateway.NewRestApiPolicy(ctx, "restApiPolicyResource", &apigateway.RestApiPolicyArgs{
    	Policy:    pulumi.String("string"),
    	RestApiId: pulumi.String("string"),
    })
    
    var restApiPolicyResource = new RestApiPolicy("restApiPolicyResource", RestApiPolicyArgs.builder()
        .policy("string")
        .restApiId("string")
        .build());
    
    rest_api_policy_resource = aws.apigateway.RestApiPolicy("restApiPolicyResource",
        policy="string",
        rest_api_id="string")
    
    const restApiPolicyResource = new aws.apigateway.RestApiPolicy("restApiPolicyResource", {
        policy: "string",
        restApiId: "string",
    });
    
    type: aws:apigateway:RestApiPolicy
    properties:
        policy: string
        restApiId: string
    

    RestApiPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The RestApiPolicy resource accepts the following input properties:

    Policy string
    JSON formatted policy document that controls access to the API Gateway.
    RestApiId string
    ID of the REST API.
    Policy string
    JSON formatted policy document that controls access to the API Gateway.
    RestApiId string
    ID of the REST API.
    policy String
    JSON formatted policy document that controls access to the API Gateway.
    restApiId String
    ID of the REST API.
    policy string
    JSON formatted policy document that controls access to the API Gateway.
    restApiId string
    ID of the REST API.
    policy str
    JSON formatted policy document that controls access to the API Gateway.
    rest_api_id str
    ID of the REST API.
    policy String
    JSON formatted policy document that controls access to the API Gateway.
    restApiId String
    ID of the REST API.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the RestApiPolicy resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing RestApiPolicy Resource

    Get an existing RestApiPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: RestApiPolicyState, opts?: CustomResourceOptions): RestApiPolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            policy: Optional[str] = None,
            rest_api_id: Optional[str] = None) -> RestApiPolicy
    func GetRestApiPolicy(ctx *Context, name string, id IDInput, state *RestApiPolicyState, opts ...ResourceOption) (*RestApiPolicy, error)
    public static RestApiPolicy Get(string name, Input<string> id, RestApiPolicyState? state, CustomResourceOptions? opts = null)
    public static RestApiPolicy get(String name, Output<String> id, RestApiPolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Policy string
    JSON formatted policy document that controls access to the API Gateway.
    RestApiId string
    ID of the REST API.
    Policy string
    JSON formatted policy document that controls access to the API Gateway.
    RestApiId string
    ID of the REST API.
    policy String
    JSON formatted policy document that controls access to the API Gateway.
    restApiId String
    ID of the REST API.
    policy string
    JSON formatted policy document that controls access to the API Gateway.
    restApiId string
    ID of the REST API.
    policy str
    JSON formatted policy document that controls access to the API Gateway.
    rest_api_id str
    ID of the REST API.
    policy String
    JSON formatted policy document that controls access to the API Gateway.
    restApiId String
    ID of the REST API.

    Import

    Using pulumi import, import aws_api_gateway_rest_api_policy using the REST API ID. For example:

    $ pulumi import aws:apigateway/restApiPolicy:RestApiPolicy example 12345abcde
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v6.54.0 published on Friday, Sep 27, 2024 by Pulumi