The Magical Blueprint
Configurable CloudFormation Template - API Gateway, custom domain, Lambda Integration.
Today, we’ll unveil a CloudFormation template that isn’t just a piece of code, it’s your Aladdin’s lamp
Set up an endpoint, a lambda worker, IAM role in a click of a button.
You can now focus on the POC/project/million $ software.
What kind of Magic is this?
Imagine a world where setting up complex infrastructures is as easy as casting a spell.
That’s what this AWS CloudFormation template offers.
It’s a meticulously crafted magical scroll — configurable, reusable, and designed to conjure up a robust API Gateway connected to a Lambda function, all with minimal manual intervention.
What Does This Template Summon?
-
API Gateway as the Front Gate:
The face of your operations, it’s a custom domain API Gateway, easily configurable to represent your unique digital presence in the cloud.
The template will create a Rest API with POST Method, A Resource, set up a Domain name and create a Prod Stage for deployment. -
Lambda, the Magic Worker:
Behind this gateway lies the real wizardry.
Ready to execute your business logic without the need to manage servers.
The lambda is triggered by the above api gateway (any method it has) and the code that powers this function rests securely in an existing S3 bucket, summoned and executed as needed.
-
The Invisible Cloak of Security:
The template weaves an IAM role automatically, granting your Lambda function the precise permissions needed to perform its duties securely and efficiently.
It can use the S3 code and write cloudwatch logs and metrics.
How It Works: The Spellbinding Process
Deploying this template is like weaving a spell.
You specify your configurations — like the domain name for your API Gateway or the S3 bucket for your Lambda code — and let the template do the rest.
It’s a seamless dance of resources, orchestrated by the template, resulting in a fully functional, scalable, and secure application endpoint, worker and security.
Prerequisites:
-
An AWS account with administrative access.
-
Your own custom domain name, configured with Route 53 or a third-party DNS provider.
-
A signed ACM certificate (us-east)
-
S3 bucket to hold the lambda code.
-
Code repository files uploaded to the mentioned S3 bucket.
-
A basic understanding of AWS Lambda functions and API Gateway configurations.
Lets Get Down to Business, How to Use the Template:
- Set up the prerequisites.
- Modify the Parameters at the top of the yaml.
- Deploy the stack using aws console or aws cli.
Copy the template code to your own .yaml file.
AWSTemplateFormatVersion: 2010-09-09
Description: apigw-lambda-domain-iam API Gateway, Lambda function, custom domain, and base path mapping.
Parameters:
ApiGatewayName: # API Gateway Name
Type: String
Default: ChatApi
ApiGatewayHTTPMethod: # API Gateway HTTP Method to invoke the Lambda function
Type: String
Default: POST
lambdaFunctionName: # Lambda Function Name
Type: String
AllowedPattern: '[a-zA-Z0-9]+[a-zA-Z0-9-]+[a-zA-Z0-9]+'
Default: ServerlesSetupLambda
CodeS3Bucket: # S3 Bucket Name ** should be set up before deploying the stack **
Type: String
Default: codereposbucket
S3CodeFileName: # S3 Code File Name ** should be set up before deploying the stack **
Type: String
Default: lambdaCode.zip
PathPart: # API Gateway Resource Path Part
Type: String
Default: chat
DomainName: # Custom Domain Name
Type: String
Default: ai.asafmaoz.com
CertificateArn: # SSL Certificate ARN us-east ** should be set up before deploying the stack **
Type: String
Default: arn:aws:acm:us-east-1:353012345243:certificate/123456-1df6-4a98-984c-4b321432f683
LambdaHandler: # Lambda Handler
Type: String
Default: com.asafmaoz.LambdaExample
LambdaRunTime: # Lambda Runtime
Type: String
Default: java11
Resources:
ApiGatewayRestApi:
Type: AWS::ApiGateway::RestApi
Properties:
Description: API Gateway RestApi
Name: !Ref ApiGatewayName
ApiGatewayMethod:
Type: AWS::ApiGateway::Method
Properties:
AuthorizationType: NONE
HttpMethod: !Ref ApiGatewayHTTPMethod
ResourceId: !Ref ApiGatewayResource
RestApiId: !Ref ApiGatewayRestApi
Integration:
IntegrationHttpMethod: POST
Type: AWS_PROXY
Uri: !Sub arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunction.Arn}/invocations
MethodResponses:
- StatusCode: 200
ApiGatewayResource:
Type: AWS::ApiGateway::Resource
Properties:
ParentId: !GetAtt ApiGatewayRestApi.RootResourceId
PathPart: !Ref PathPart
RestApiId: !Ref ApiGatewayRestApi
ApiGatewayDeployment:
Type: AWS::ApiGateway::Deployment
Properties:
RestApiId: !Ref ApiGatewayRestApi
DependsOn:
- ApiGatewayMethod
ApiGatewayDomainName:
Type: AWS::ApiGateway::DomainName
Properties:
RegionalCertificateArn: !Ref CertificateArn
DomainName: !Ref DomainName
EndpointConfiguration: # Endpoint Type for the API Gateway custom domain name
Types:
- REGIONAL
ApiGatewayStage:
Type: AWS::ApiGateway::Stage
Properties:
RestApiId: !Ref ApiGatewayRestApi
DeploymentId: !Ref ApiGatewayDeployment
StageName: Prod
ApiGatewayBasePathMapping:
Type: AWS::ApiGateway::BasePathMapping
Properties:
DomainName: !Ref ApiGatewayDomainName
RestApiId: !Ref ApiGatewayRestApi
Stage: Prod
DependsOn:
- ApiGatewayStage
LambdaFunction:
Type: AWS::Lambda::Function
Properties:
Handler: !Ref LambdaHandler
Role: !GetAtt lambdaIAMRole.Arn
FunctionName: !Ref lambdaFunctionName
Code:
S3Bucket: !Ref CodeS3Bucket
S3Key: !Ref S3CodeFileName
Runtime: !Ref LambdaRunTime
LambdaInvokePermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName: !GetAtt LambdaFunction.Arn
Principal: apigateway.amazonaws.com
SourceArn: !Sub arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ApiGatewayRestApi}/*/${ApiGatewayHTTPMethod}/${PathPart}
# Note: SourceArn here means any method on any resource within the API Gateway can invoke this Lambda.
lambdaIAMRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Policies:
- PolicyDocument:
Version: 2012-10-17
Statement:
- Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Effect: Allow
Resource:
- !Sub arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/lambda/${lambdaFunctionName}:*
PolicyName: lambda
lambdaLogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub /aws/lambda/${lambdaFunctionName}
RetentionInDays: 90
Outputs:
ApiGatewayRestApi:
Description: API Gateway RestApi
Value: !Ref ApiGatewayRestApi
ApiGatewayInvokeURL:
Description: API Gateway Invoke URL
Value: !Sub https://${ApiGatewayDomainName}/Prod/${PathPart}
lambdaArn:
Value: !GetAtt LambdaFunction.Arn
* Change the Parameters to match your needs.
Conclusion
For developers and DevOps engineers looking to elevate their cloud infrastructure with efficiency, security, and scalability, this CloudFormation template is your gateway to magic. It transforms complex cloud setups into a simple, magical process, letting you focus on what truly matters — creating incredible applications.
Harness the power of cloud magic today and watch as your serverless architecture takes flight, all with the wave of your magical CloudFormation wand!
Related Projects and Blog Posts
