updates examples and scopes permissions (#7707)

ykethan · web-flow · commit 63ac325b274c · 2024-06-07T11:55:48.000-07:00
diff --git a/src/pages/[platform]/build-a-backend/add-aws-services/rest-api/set-up-http-api/index.mdx b/src/pages/[platform]/build-a-backend/add-aws-services/rest-api/set-up-http-api/index.mdx
@@ -109,7 +109,6 @@ const httpLambdaIntegration = new HttpLambdaIntegration(
 // create a new HTTP API with IAM as default authorizer
 const httpApi = new HttpApi(apiStack, "HttpApi", {
   apiName: "myHttpApi",
-  defaultAuthorizer: iamAuthorizer,
   corsPreflight: {
     // Modify the CORS settings below to match your specific requirements
     allowMethods: [
@@ -137,7 +136,15 @@ httpApi.addRoutes({
 // add a proxy resource path to the API
 httpApi.addRoutes({
   path: "/items/{proxy+}",
-  methods: [HttpMethod.OPTIONS, HttpMethod.ANY],
+  methods: [HttpMethod.ANY],
+  integration: httpLambdaIntegration,
+  authorizer: iamAuthorizer,
+});
+
+// add the options method to the route
+httpApi.addRoutes({
+  path: "/items/{proxy+}",
+  methods: [HttpMethod.OPTIONS],
   integration: httpLambdaIntegration,
 });
 
@@ -155,8 +162,9 @@ const apiPolicy = new Policy(apiStack, "ApiPolicy", {
     new PolicyStatement({
       actions: ["execute-api:Invoke"],
       resources: [
-        `${httpApi.arnForExecuteApi("items")}`,
-        `${httpApi.arnForExecuteApi("cognito-auth-path")}`,
+        `${httpApi.arnForExecuteApi("*", "/items")}`,
+        `${httpApi.arnForExecuteApi("*", "/items/*")}`,
+        `${httpApi.arnForExecuteApi("*", "/cognito-auth-path")}`,
       ],
     }),
   ],
diff --git a/src/pages/[platform]/build-a-backend/add-aws-services/rest-api/set-up-rest-api/index.mdx b/src/pages/[platform]/build-a-backend/add-aws-services/rest-api/set-up-rest-api/index.mdx
@@ -89,6 +89,9 @@ const apiStack = backend.createStack("api-stack");
 const myRestApi = new RestApi(apiStack, "RestApi", {
   restApiName: "myRestApi",
   deploy: true,
+  deployOptions: {
+    stageName: "dev",
+  },
   defaultCorsPreflightOptions: {
     allowOrigins: Cors.ALL_ORIGINS, // Restrict this to domains you trust
     allowMethods: Cors.ALL_METHODS, // Specify only the methods you need to allow
@@ -138,8 +141,9 @@ const apiRestPolicy = new Policy(apiStack, "RestApiPolicy", {
     new PolicyStatement({
       actions: ["execute-api:Invoke"],
       resources: [
-        `${myRestApi.arnForExecuteApi("items")}`,
-        `${myRestApi.arnForExecuteApi("cognito-auth-path")}`,
+        `${myRestApi.arnForExecuteApi("*", "/items", "dev")}`,
+        `${myRestApi.arnForExecuteApi("*", "/items/*", "dev")}`,
+        `${myRestApi.arnForExecuteApi("*", "/cognito-auth-path", "dev")}`,
       ],
     }),
   ],
