ReadonlyadminRoles which will be provided Admin access to the KMS key, and KeyPair secrets.
ReadonlyallowedIPv4 CIDR blocks permitted to access the API. All other IPs are denied by the WAF WebACL IP set rule.
Use cases: Corporate network restrictions; IP-based API access control
AWS: WAF WebACL IP set for API Gateway access filtering
Validation: Required; array of valid CIDR blocks (e.g. 10.0.0.0/8)
Optional ReadonlyappList of Cognito app clients to be created.
ReadonlyconcurrencyReserved concurrency limit for the API integration Lambda function. Prevents resource exhaustion and ensures predictable API performance.
Use cases: API throttling; Cost control; Predictable Lambda scaling
AWS: Lambda reserved concurrency for API Gateway integration
Validation: Required; positive integer
Optional ReadonlyeventSpecified fields will be mapped from the request into the metadata persisted in S3 for each upload request. The key is the destination key in the metadata, and the value is the event source key in dot notation such as "requestContext.requestTime".
Optional ReadonlyintegrationIf specified, the integration Lambda function will run as this role. If not specified, one will be generated
Optional ReadonlykmsSpecific key to use to encrypt CloudWatch logs. If not specifed, one will be created.
Optional ReadonlymetadataIdentifies the target prefix for metadata within the bucket. If not specified, will default to targetPrefix.
Optional ReadonlyrequestMap of accepted request parameter names to boolean indicating if they are required. If specified, API gateway will validate that: 1) each provided parameter is accepted; and 2) all required parameters have been provided.
Optional ReadonlysetIf true (default false), the API Gateway Cloudwatch role will be set at the account/region level. This should be done only once per account/region.
Optional ReadonlystageAPI Gateway deployment stage name (e.g. dev, staging, prod).
Use cases: Environment separation; Multi-stage API deployment
AWS: API Gateway deployment stage
Validation: Optional; valid API Gateway stage name
ReadonlytargetS3 bucket name where API operations read/write data.
Use cases: Data lake target for API-driven ingestion and retrieval
AWS: S3 bucket for Lambda integration data operations
Validation: Required; must be existing S3 bucket name
ReadonlytargetRequired. Identifies the target prefix within the bucket
Optional ReadonlywafArns of WAF to be applied to API.
REST API configuration for machine-to-machine data lake access. Deploys API Gateway with Cognito client credentials auth, WAF WebACL with CIDR-based IP filtering, and Lambda integration for S3 data operations. A default WAF is always generated; additional WAFs can be attached via wafArns.
Use cases: Automated data lake ingestion; Service-to-service data operations; Programmatic S3 access via REST API
AWS: API Gateway REST API, Cognito User Pool, WAF WebACL, Lambda integration
Validation: adminRoles, targetBucketName, targetPrefix, allowedCidrs, and concurrencyLimit required