AWSTemplateFormatVersion: '2010-09-09' Description: AWS API Gateway with a Lambda Integration Parameters: lambdaFunctionName: Type: "String" AllowedPattern: "^[a-zA-Z0-9]+[a-zA-Z0-9-]+[a-zA-Z0-9]+$" Description: Ring Alarm Lambda function name. (Recommend to keep default) Default: "st-ring-alarm-f8" apiStageName: Type: "String" Description: Ring API Staging Name. (Recommend to keep default) Default: "v1" s3BucketName: Type: "String" Description: Amazon S3 bucket name with the deployment.zip file. Default: "st-ring-alarm" Resources: ApiGatewayRestApi: Type: AWS::ApiGateway::RestApi Properties: ApiKeySourceType: HEADER Description: An API Gateway for Ring Alarm APIs EndpointConfiguration: Types: - REGIONAL Name: !Join ["", [{"Ref": "AWS::StackName"}, "-api"]] ProxyResource: Type: 'AWS::ApiGateway::Resource' Properties: RestApiId: !Ref ApiGatewayRestApi ParentId: !GetAtt ApiGatewayRestApi.RootResourceId PathPart: '{ring-action+}' ProxyResourceANY: Type: 'AWS::ApiGateway::Method' Properties: RestApiId: !Ref ApiGatewayRestApi ResourceId: !Ref ProxyResource HttpMethod: ANY ApiKeyRequired: true AuthorizationType: NONE Integration: Type: AWS_PROXY IntegrationHttpMethod: POST Uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunction.Arn}/invocations' ApiGatewayModel: Type: AWS::ApiGateway::Model Properties: ContentType: 'application/json' RestApiId: !Ref ApiGatewayRestApi Schema: {} ApiGatewayStage: Type: AWS::ApiGateway::Stage Properties: DeploymentId: !Ref ApiGatewayDeployment Description: Lambda API Stage v1 RestApiId: !Ref ApiGatewayRestApi StageName: !Ref "apiStageName" ApiGatewayDeployment: Type: AWS::ApiGateway::Deployment DependsOn: ProxyResourceANY Properties: Description: Lambda API Deployment RestApiId: !Ref ApiGatewayRestApi ApiGatewayIamRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Sid: '' Effect: 'Allow' Principal: Service: - 'apigateway.amazonaws.com' Action: - 'sts:AssumeRole' Path: '/' Policies: - PolicyName: LambdaAccess PolicyDocument: Version: '2012-10-17' Statement: - Effect: 'Allow' Action: 'lambda:*' Resource: !GetAtt LambdaFunction.Arn LambdaFunction: Type: AWS::Lambda::Function Properties: Code: S3Bucket: !Ref s3BucketName S3Key: 'deployment.zip' Description: Ring API Lambda function FunctionName: !Ref "lambdaFunctionName" Handler: main MemorySize: 512 Role: !GetAtt LambdaIamRole.Arn Runtime: go1.x Timeout: 60 LambdaIamRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: 'Allow' Principal: Service: - 'lambda.amazonaws.com' Action: - 'sts:AssumeRole' Path: '/' Policies: - PolicyDocument: Version: "2012-10-17" Statement: - Action: - "logs:CreateLogGroup" - "logs:CreateLogStream" - "logs:PutLogEvents" Effect: "Allow" Resource: - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/${lambdaFunctionName}:*" PolicyName: !Join ["", [{"Ref": "AWS::StackName"}, "-lambda-log"]] LambdaPermission: Type: AWS::Lambda::Permission Properties: FunctionName: !GetAtt LambdaFunction.Arn Action: lambda:InvokeFunction Principal: 'apigateway.amazonaws.com' LambdaLogGroup: Type: "AWS::Logs::LogGroup" Properties: LogGroupName: !Sub "/aws/lambda/${lambdaFunctionName}" RetentionInDays: 3 ApiKey: Type: AWS::ApiGateway::ApiKey Properties: Name: !Join ["", [{"Ref": "AWS::StackName"}, "-apikey"]] Description: !Join ["", [{"Ref": "AWS::StackName"}, "api key"]] Enabled: true GenerateDistinctId: false ApiUsagePlan: Type: "AWS::ApiGateway::UsagePlan" DependsOn: ApiGatewayStage Properties: ApiStages: - ApiId: !Ref ApiGatewayRestApi Stage: !Ref "apiStageName" Description: !Join [" ", [{"Ref": "AWS::StackName"}, "usage plan"]] UsagePlanName: !Join ["", [{"Ref": "AWS::StackName"}, "-usage-plan"]] ApiUsagePlanKey: Type: "AWS::ApiGateway::UsagePlanKey" Properties: KeyId: !Ref ApiKey KeyType: API_KEY UsagePlanId: !Ref ApiUsagePlan