Skip to content

Commit 0e0a092

Browse files
shooitshooit
authored
fix(aws-apigateway): cross region authorizer ref (#18444)
Fixes: #18443 *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
1 parent 0e78aeb commit 0e0a092

File tree

5 files changed

+219
-20
lines changed

5 files changed

+219
-20
lines changed

packages/@aws-cdk/aws-apigateway/lib/authorizers/lambda.ts

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
import * as iam from '@aws-cdk/aws-iam';
22
import * as lambda from '@aws-cdk/aws-lambda';
3-
import { Duration, Lazy, Names, Stack } from '@aws-cdk/core';
3+
import { Arn, ArnFormat, Duration, Lazy, Names, Stack } from '@aws-cdk/core';
44
import { Construct } from 'constructs';
55
import { CfnAuthorizer } from '../apigateway.generated';
66
import { Authorizer, IAuthorizer } from '../authorizer';
@@ -254,5 +254,6 @@ export class RequestAuthorizer extends LambdaAuthorizer {
254254
* constructs the authorizerURIArn.
255255
*/
256256
function lambdaAuthorizerArn(handler: lambda.IFunction) {
257-
return `arn:${Stack.of(handler).partition}:apigateway:${Stack.of(handler).region}:lambda:path/2015-03-31/functions/${handler.functionArn}/invocations`;
257+
const { region, partition } = Arn.split( handler.functionArn, ArnFormat.COLON_RESOURCE_NAME);
258+
return `arn:${partition}:apigateway:${region}:lambda:path/2015-03-31/functions/${handler.functionArn}/invocations`;
258259
}

packages/@aws-cdk/aws-apigateway/test/authorizers/integ.request-authorizer.lit.expected.json

Lines changed: 28 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -253,11 +253,37 @@
253253
[
254254
"arn:",
255255
{
256-
"Ref": "AWS::Partition"
256+
"Fn::Select": [
257+
1,
258+
{
259+
"Fn::Split": [
260+
":",
261+
{
262+
"Fn::GetAtt": [
263+
"MyAuthorizerFunction70F1223E",
264+
"Arn"
265+
]
266+
}
267+
]
268+
}
269+
]
257270
},
258271
":apigateway:",
259272
{
260-
"Ref": "AWS::Region"
273+
"Fn::Select": [
274+
3,
275+
{
276+
"Fn::Split": [
277+
":",
278+
{
279+
"Fn::GetAtt": [
280+
"MyAuthorizerFunction70F1223E",
281+
"Arn"
282+
]
283+
}
284+
]
285+
}
286+
]
261287
},
262288
":lambda:path/2015-03-31/functions/",
263289
{

packages/@aws-cdk/aws-apigateway/test/authorizers/integ.token-authorizer-iam-role.expected.json

Lines changed: 28 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -122,11 +122,37 @@
122122
[
123123
"arn:",
124124
{
125-
"Ref": "AWS::Partition"
125+
"Fn::Select": [
126+
1,
127+
{
128+
"Fn::Split": [
129+
":",
130+
{
131+
"Fn::GetAtt": [
132+
"MyAuthorizerFunction70F1223E",
133+
"Arn"
134+
]
135+
}
136+
]
137+
}
138+
]
126139
},
127140
":apigateway:",
128141
{
129-
"Ref": "AWS::Region"
142+
"Fn::Select": [
143+
3,
144+
{
145+
"Fn::Split": [
146+
":",
147+
{
148+
"Fn::GetAtt": [
149+
"MyAuthorizerFunction70F1223E",
150+
"Arn"
151+
]
152+
}
153+
]
154+
}
155+
]
130156
},
131157
":lambda:path/2015-03-31/functions/",
132158
{

packages/@aws-cdk/aws-apigateway/test/authorizers/integ.token-authorizer.lit.expected.json

Lines changed: 28 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -253,11 +253,37 @@
253253
[
254254
"arn:",
255255
{
256-
"Ref": "AWS::Partition"
256+
"Fn::Select": [
257+
1,
258+
{
259+
"Fn::Split": [
260+
":",
261+
{
262+
"Fn::GetAtt": [
263+
"MyAuthorizerFunction70F1223E",
264+
"Arn"
265+
]
266+
}
267+
]
268+
}
269+
]
257270
},
258271
":apigateway:",
259272
{
260-
"Ref": "AWS::Region"
273+
"Fn::Select": [
274+
3,
275+
{
276+
"Fn::Split": [
277+
":",
278+
{
279+
"Fn::GetAtt": [
280+
"MyAuthorizerFunction70F1223E",
281+
"Arn"
282+
]
283+
}
284+
]
285+
}
286+
]
261287
},
262288
":lambda:path/2015-03-31/functions/",
263289
{

packages/@aws-cdk/aws-apigateway/test/authorizers/lambda.test.ts

Lines changed: 132 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -35,11 +35,31 @@ describe('lambda authorizer', () => {
3535
[
3636
'arn:',
3737
{
38-
Ref: 'AWS::Partition',
38+
'Fn::Select': [
39+
1,
40+
{
41+
'Fn::Split': [
42+
':',
43+
{
44+
'Fn::GetAtt': ['myfunction9B95E948', 'Arn'],
45+
},
46+
],
47+
},
48+
],
3949
},
4050
':apigateway:',
4151
{
42-
Ref: 'AWS::Region',
52+
'Fn::Select': [
53+
3,
54+
{
55+
'Fn::Split': [
56+
':',
57+
{
58+
'Fn::GetAtt': ['myfunction9B95E948', 'Arn'],
59+
},
60+
],
61+
},
62+
],
4363
},
4464
':lambda:path/2015-03-31/functions/',
4565
{
@@ -89,11 +109,31 @@ describe('lambda authorizer', () => {
89109
[
90110
'arn:',
91111
{
92-
Ref: 'AWS::Partition',
112+
'Fn::Select': [
113+
1,
114+
{
115+
'Fn::Split': [
116+
':',
117+
{
118+
'Fn::GetAtt': ['myfunction9B95E948', 'Arn'],
119+
},
120+
],
121+
},
122+
],
93123
},
94124
':apigateway:',
95125
{
96-
Ref: 'AWS::Region',
126+
'Fn::Select': [
127+
3,
128+
{
129+
'Fn::Split': [
130+
':',
131+
{
132+
'Fn::GetAtt': ['myfunction9B95E948', 'Arn'],
133+
},
134+
],
135+
},
136+
],
97137
},
98138
':lambda:path/2015-03-31/functions/',
99139
{
@@ -167,11 +207,31 @@ describe('lambda authorizer', () => {
167207
[
168208
'arn:',
169209
{
170-
Ref: 'AWS::Partition',
210+
'Fn::Select': [
211+
1,
212+
{
213+
'Fn::Split': [
214+
':',
215+
{
216+
'Fn::GetAtt': ['myfunction9B95E948', 'Arn'],
217+
},
218+
],
219+
},
220+
],
171221
},
172222
':apigateway:',
173223
{
174-
Ref: 'AWS::Region',
224+
'Fn::Select': [
225+
3,
226+
{
227+
'Fn::Split': [
228+
':',
229+
{
230+
'Fn::GetAtt': ['myfunction9B95E948', 'Arn'],
231+
},
232+
],
233+
},
234+
],
175235
},
176236
':lambda:path/2015-03-31/functions/',
177237
{
@@ -218,11 +278,31 @@ describe('lambda authorizer', () => {
218278
[
219279
'arn:',
220280
{
221-
Ref: 'AWS::Partition',
281+
'Fn::Select': [
282+
1,
283+
{
284+
'Fn::Split': [
285+
':',
286+
{
287+
'Fn::GetAtt': ['myfunction9B95E948', 'Arn'],
288+
},
289+
],
290+
},
291+
],
222292
},
223293
':apigateway:',
224294
{
225-
Ref: 'AWS::Region',
295+
'Fn::Select': [
296+
3,
297+
{
298+
'Fn::Split': [
299+
':',
300+
{
301+
'Fn::GetAtt': ['myfunction9B95E948', 'Arn'],
302+
},
303+
],
304+
},
305+
],
226306
},
227307
':lambda:path/2015-03-31/functions/',
228308
{
@@ -269,11 +349,31 @@ describe('lambda authorizer', () => {
269349
[
270350
'arn:',
271351
{
272-
Ref: 'AWS::Partition',
352+
'Fn::Select': [
353+
1,
354+
{
355+
'Fn::Split': [
356+
':',
357+
{
358+
'Fn::GetAtt': ['myfunction9B95E948', 'Arn'],
359+
},
360+
],
361+
},
362+
],
273363
},
274364
':apigateway:',
275365
{
276-
Ref: 'AWS::Region',
366+
'Fn::Select': [
367+
3,
368+
{
369+
'Fn::Split': [
370+
':',
371+
{
372+
'Fn::GetAtt': ['myfunction9B95E948', 'Arn'],
373+
},
374+
],
375+
},
376+
],
277377
},
278378
':lambda:path/2015-03-31/functions/',
279379
{
@@ -341,11 +441,31 @@ describe('lambda authorizer', () => {
341441
[
342442
'arn:',
343443
{
344-
Ref: 'AWS::Partition',
444+
'Fn::Select': [
445+
1,
446+
{
447+
'Fn::Split': [
448+
':',
449+
{
450+
'Fn::GetAtt': ['myfunction9B95E948', 'Arn'],
451+
},
452+
],
453+
},
454+
],
345455
},
346456
':apigateway:',
347457
{
348-
Ref: 'AWS::Region',
458+
'Fn::Select': [
459+
3,
460+
{
461+
'Fn::Split': [
462+
':',
463+
{
464+
'Fn::GetAtt': ['myfunction9B95E948', 'Arn'],
465+
},
466+
],
467+
},
468+
],
349469
},
350470
':lambda:path/2015-03-31/functions/',
351471
{

0 commit comments

Comments
 (0)