I am trying to integrate swagger with api gateway and lambda using swagger extensions. Swagger file is uploaded in a S3 bucket, I am using Body with transform and include as below
Using BodyS3Location in AWS::ApiGateway::RestApi properties returns error Unable to parse API definition because of a malformed integration for the same integration mentioned above I referred Swagger file with AWS Extensions stored in S3 Bucket for API Creation with Cloudformation.
and modified the template as below for AWS::ApiGateway::RestApi properties
Body:
Fn::Transform:
Name: AWS::Include
Parameters:
Location:
Fn::Sub: "s3://${BucketName}/apiSwaggerSpec.yaml"
For the stack above I have all the permission on cloudformation actions
Below code I have added as swagger extension.
x-amazon-apigateway-auth:
type: "aws_iam"
x-amazon-apigateway-integration:
type: "aws_proxy"
httpMethod: "POST"
passthroughBehavior: "when_no_match"
uri:
Fn::Sub: "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:${accountId}:function:testLambdaFunction/invocations"
credentials:
Fn::Sub: "arn:aws:iam::${accountId}:role/${myRole}"
responses:
default:
statusCode: 200
I am getting permission denied error with message as myrole is not authorized to perform cloudformation:CreateChangeSet on resource: arn:aws:cloudformation:us-east-1:aws:transform/include
Do I need to add special permissions for transform/include. aws documentation says it doesn't need special permissions?
