@liflig/cdk
    Preparing search index...

    Class ApiGateway<AuthScopesT>

    This construct tries to simplify the creation of an API Gateway for a service, by collecting most of the common setup here.

    The approach followed in this construct is:

    1. One API-GW per service
    2. One subdomain per API-GW / service
    3. Use HTTP API, not REST
    4. Use a $default stage with autodeploy
    5. Support multiple routes (with possible /{proxy+} to let all sub-paths through)
    6. Allow custom integration/authorizer for each route, or defaults for the whole gateway

    The route integration is one of these:

    • ALB private integration with VPC Link using HTTPS to the ALB
    • Lambda integration
    • SQS integration

    Note that the load balancer used in an AlbIntegrationProps must allow outbound HTTPS traffic to its SecurityGroup. Otherwise, the VPC Link used by the API-GW can't get traffic from the ALB.

    const loadBalancerSecurityGroup = new ec2.SecurityGroup(..., {
      allowAllOutbound: false,
    })

    loadBalancerSecurityGroup.addEgressRule(
      loadBalancerSecurityGroup,
      ec2.Port.tcp(443),
      "Outbound to self for ALB to API-GW VPC-Link",
    )

    const loadBalancer = new lifligLoadBalancer.LoadBalancer(...,
      {
        overrideLoadBalancerProps: {
          securityGroup: loadBalancerSecurityGroup,
        },
      },
    )

    Kristian Rekstad kre@capraconsulting.no

    Hermann Mørkrid hem@liflig.no

    Type Parameters

    • AuthScopesT extends string = string

      This type parameter allows you to improve type safety on the requiredScope field on CognitoUserPoolOrBasicAuthAuthorizerProps, by narrowing the type to specific strings. You can then extend the ApiGateway with this type to enforce those scopes across the application. Remember that auth scopes must be on the format {resource server identifier}/{scope name}.

      Example:

      type AuthScopes = "external/read_users" | "internal/create_users"

      export class MyProjectApiGateway extends ApiGateway<AuthScopes> {}

      TypeScript will then enforce that requiredScope is one of AuthScopes, and provide auto-complete.

    Hierarchy

    • Construct
      • ApiGateway
    Index

    Constructors

    constructor

    Properties

    domain httpApi logGroup node routes

    Methods

    grantInvoke toString isConstruct

    Constructors

    Properties

    domain: string

    The domain which consumers must use.

    httpApi: HttpApi

    The API Gateway HTTP API. This is the main construct for API-GW.

    logGroup: LogGroup

    Access log group.

    node: Node

    The tree node.

    routes: HttpRoute[] = []

    The routes which connect the httpApi to the backend integration(s).

    Methods

    • Returns a string representation of this construct.

      Returns string

    • Checks if x is a construct.

      Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

      Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

      Parameters

      • x: any

        Any object

      Returns x is Construct

      true if x is an object created from a class which extends Construct.

    Settings

    Member Visibility

    On This Page

    Load Balancer Security Group
    Constructors
    Properties
    Methods