Hey guys do we support this https://docs.aws.amazon.com/cdk/api/latest/docs/aws-apigatewayv2-integrations-readme.html#http-proxy

woah that's cool

this looks awesome, good find, @Frank does

sst.Api

support these integrations, if yes, awesome, if not could you please add it to the roadmap. It would be great to be able to create proxy routes.

@Ashishkumar Pandey I know @Frank recently added the ALB Integration. It would be nice to have them all. The other issue I. am having is with having IAM auth as an authoriser for some of the integrations. I ended up having to secure the endpoint manually for that. I might need to write some function that checks in case we forget to have this protection on our end point if we do it this way.

Hey @Ashishkumar Pandey yeah we will be supporting all of these integrations. Is there a specific integration you need right now? I can prioritize that first.

@geekmidas can you explain me which use-cases would you use this?

@Frank The default authorizer for the HttpApi is of type

IHttpRouteAuthorizer

which does not currently support IAM The support can be found here. This is the same thing when you use

api.addRoutes()

import {
  HttpApi,
} from '@aws-cdk/aws-apigatewayv2';

new HttpApi(this, apiId, {
  defaultAuthorizer // Type IHttpRouteAuthorizer
});

There might be some confusion here. You don’t need an authorizer for IAM. See an example here - https://docs.serverless-stack.com/constructs/Api#adding-auth

@Frank the http proxy and private integrations are of interest to me. These aren’t high priority to me so you could defer these for more important requests but they’re nice to have. The http proxy integration would be to interact with third-party services to fetch and send data and I could match their API spec completely, I’d only have to change the domain name and the root path. The private integration comes into play a bit later when I begin to work for getting security certifications for my APIs, I’d be moving my lambda functions into private VPCs and might need to use ALB to route internet traffic from some public subnet to my private subnet. I’m not sure about this right now, there’s also a possibility of choosing ECS and Fargate with App Mesh instead. If you could look into support for ECS, Fargate, App Mesh that would be great too. Thanks!

@Frank I understand that, this would be great if

sst.Api

supported the proxy integration. It doesn't seem like there is a way to do that with cdk for my current integration.

@Ashishkumar Pandey Got it! I will keep a note of it.

@Adrián Mouly I had a problem with the costs in my private vpc. So I was trying out an architecture that would be a bit cheaper for our

dev

and

staging

environments. So I wanted to have a proxy to my load balancer using the http proxy. I am thinking of just having cognito auth on my load balancer directly. But there are some cases were we needed to have our endpoints protected with IAM instead hence why I asked this.

@geekmidas Right. Just opened an issue here. I will try to put it in this week https://github.com/serverless-stack/serverless-stack/issues/605

Thanks @Frank I must say it has been pleasant being part of this community.

Thanks man! Really motivating to hear that!

@Frank Thanks very much man.