Description
When attempting to create a private API with IntrinsicVpceWhitelist, the transform does not seem to include the resource policy I specify on AWS::Serverless::Api. Am I doing something wrong?
Steps to reproduce
Here is a minimal example:
AWSTemplateFormatVersion: 2010-09-09
Description: private api mwe
Transform: AWS::Serverless-2016-10-31
Resources:
MWE:
Type: AWS::Serverless::Api
Properties:
Name: private-api-mwe
StageName: mwe
EndpointConfiguration:
Type: PRIVATE
Auth:
ResourcePolicy:
IntrinsicVpceWhitelist:
vpce-00000000000000000
MethodSettings:
- HttpMethod: "*"
ResourcePath: "/*"Observed result
When I deploy this stack, the following APIGateway error causes a failure creating a AWS::ApiGateway::Deployment resource: "Private REST API doesn't have a resource policy attached to it"
Here is the processed template:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "private api mwe",
"Resources": {
"MWEDeployment5332c373d4": {
"Type": "AWS::ApiGateway::Deployment",
"Properties": {
"Description": "RestApi deployment id: 5332c373d45c69e6c0f562b4a419aa8eb311adc7",
"RestApiId": {
"Ref": "MWE"
},
"StageName": "Stage"
}
},
"MWE": {
"Type": "AWS::ApiGateway::RestApi",
"Properties": {
"Body": {
"info": {
"version": "1.0",
"title": {
"Ref": "AWS::StackName"
}
},
"paths": {},
"swagger": "2.0"
},
"Name": "private-api-mwe",
"Parameters": {
"endpointConfigurationTypes": "PRIVATE"
},
"EndpointConfiguration": {
"Types": [
"PRIVATE"
]
}
}
},
"MWEmweStage": {
"Type": "AWS::ApiGateway::Stage",
"Properties": {
"DeploymentId": {
"Ref": "MWEDeployment5332c373d4"
},
"RestApiId": {
"Ref": "MWE"
},
"StageName": "mwe",
"MethodSettings": [
{
"HttpMethod": "*",
"ResourcePath": "/*"
}
]
}
}
}
}Expected result
I believe ResourcePolicy should appear on the RestApi, and of course deploying the stack should work.
I have used very similar templates successfully in the past, but I see that the ResourcePolicy is not in the processed template of those stacks. Perhaps ApiGateway is more strict than it used to be?
Additional environment details
- OS: linux
- If using the SAM CLI,
sam --version: deployed with my own script, using boto3 1.35.68
- AWS region: us-east-1
Description
When attempting to create a private API with
IntrinsicVpceWhitelist, the transform does not seem to include the resource policy I specify onAWS::Serverless::Api. Am I doing something wrong?Steps to reproduce
Here is a minimal example:
Observed result
When I deploy this stack, the following APIGateway error causes a failure creating a
AWS::ApiGateway::Deploymentresource: "Private REST API doesn't have a resource policy attached to it"Here is the processed template:
{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "private api mwe", "Resources": { "MWEDeployment5332c373d4": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "Description": "RestApi deployment id: 5332c373d45c69e6c0f562b4a419aa8eb311adc7", "RestApiId": { "Ref": "MWE" }, "StageName": "Stage" } }, "MWE": { "Type": "AWS::ApiGateway::RestApi", "Properties": { "Body": { "info": { "version": "1.0", "title": { "Ref": "AWS::StackName" } }, "paths": {}, "swagger": "2.0" }, "Name": "private-api-mwe", "Parameters": { "endpointConfigurationTypes": "PRIVATE" }, "EndpointConfiguration": { "Types": [ "PRIVATE" ] } } }, "MWEmweStage": { "Type": "AWS::ApiGateway::Stage", "Properties": { "DeploymentId": { "Ref": "MWEDeployment5332c373d4" }, "RestApiId": { "Ref": "MWE" }, "StageName": "mwe", "MethodSettings": [ { "HttpMethod": "*", "ResourcePath": "/*" } ] } } } }Expected result
I believe ResourcePolicy should appear on the RestApi, and of course deploying the stack should work.
I have used very similar templates successfully in the past, but I see that the ResourcePolicy is not in the processed template of those stacks. Perhaps ApiGateway is more strict than it used to be?
Additional environment details
sam --version: deployed with my own script, using boto3 1.35.68