diff --git a/lib/plugins/aws/custom-resources/resources/api-gateway-cloud-watch-role/handler.js b/lib/plugins/aws/custom-resources/resources/api-gateway-cloud-watch-role/handler.js index 972471766..d2d253392 100644 --- a/lib/plugins/aws/custom-resources/resources/api-gateway-cloud-watch-role/handler.js +++ b/lib/plugins/aws/custom-resources/resources/api-gateway-cloud-watch-role/handler.js @@ -58,10 +58,7 @@ async function create(event, context) { return (await iam.send(new ListAttachedRolePoliciesCommand({ RoleName: roleName }))) .AttachedPolicies; } catch (error) { - if ( - error.code === 'NoSuchEntity' || - error.message.includes('cannot be found') - ) { + if (error.code === 'NoSuchEntity' || error.message.includes('cannot be found')) { // Role doesn't exist yet, create; await iam.send( new CreateRoleCommand({ diff --git a/lib/plugins/aws/package/compile/events/api-gateway/lib/rest-api.js b/lib/plugins/aws/package/compile/events/api-gateway/lib/rest-api.js index 894fca97e..4668c974c 100644 --- a/lib/plugins/aws/package/compile/events/api-gateway/lib/rest-api.js +++ b/lib/plugins/aws/package/compile/events/api-gateway/lib/rest-api.js @@ -17,10 +17,15 @@ module.exports = { let endpointType = 'EDGE'; let vpcEndpointIds; let BinaryMediaTypes; + let SecurityPolicy; if (apiGateway.binaryMediaTypes) { BinaryMediaTypes = apiGateway.binaryMediaTypes; } + if (apiGateway.securityPolicy) { + SecurityPolicy = apiGateway.securityPolicy; + } + if (this.serverless.service.provider.endpointType) { endpointType = this.serverless.service.provider.endpointType.toUpperCase(); @@ -52,6 +57,7 @@ module.exports = { BinaryMediaTypes, DisableExecuteApiEndpoint, EndpointConfiguration, + SecurityPolicy, }; // Tags diff --git a/lib/plugins/aws/provider.js b/lib/plugins/aws/provider.js index 2bb29e701..eb69f86b0 100644 --- a/lib/plugins/aws/provider.js +++ b/lib/plugins/aws/provider.js @@ -848,6 +848,9 @@ class AwsProvider { type: 'array', items: { type: 'string', pattern: '^\\S+\\/\\S+$' }, }, + securityPolicy: { + type: 'string', + }, description: { type: 'string' }, disableDefaultEndpoint: { type: 'boolean' }, metrics: { type: 'boolean' }, diff --git a/test/unit/lib/plugins/aws/package/compile/events/api-gateway/lib/rest-api.test.js b/test/unit/lib/plugins/aws/package/compile/events/api-gateway/lib/rest-api.test.js index c8b0fe418..118a75fac 100644 --- a/test/unit/lib/plugins/aws/package/compile/events/api-gateway/lib/rest-api.test.js +++ b/test/unit/lib/plugins/aws/package/compile/events/api-gateway/lib/rest-api.test.js @@ -51,6 +51,30 @@ describe('#compileRestApi()', () => { EndpointConfiguration: { Types: ['EDGE'], }, + SecurityPolicy: undefined, + Policy: '', + }, + }); + }); + + it('should create a REST API resource with security policy', () => { + awsCompileApigEvents.serverless.service.provider.apiGateway = { + securityPolicy: 'SecurityPolicy_TLS13_1_3_2025_09', + }; + awsCompileApigEvents.compileRestApi(); + const resources = + awsCompileApigEvents.serverless.service.provider.compiledCloudFormationTemplate.Resources; + + expect(resources.ApiGatewayRestApi).to.deep.equal({ + Type: 'AWS::ApiGateway::RestApi', + Properties: { + BinaryMediaTypes: undefined, + DisableExecuteApiEndpoint: undefined, + Name: 'dev-new-service', + EndpointConfiguration: { + Types: ['EDGE'], + }, + SecurityPolicy: 'SecurityPolicy_TLS13_1_3_2025_09', Policy: '', }, }); @@ -75,6 +99,7 @@ describe('#compileRestApi()', () => { EndpointConfiguration: { Types: ['EDGE'], }, + SecurityPolicy: undefined, Policy: '', Tags: [ { Key: 'tagKey1', Value: 'tagValue1' }, @@ -113,6 +138,7 @@ describe('#compileRestApi()', () => { EndpointConfiguration: { Types: ['EDGE'], }, + SecurityPolicy: undefined, Policy: { Version: '2012-10-17', Statement: [ @@ -148,6 +174,7 @@ describe('#compileRestApi()', () => { Types: ['EDGE'], }, Policy: '', + SecurityPolicy: undefined, }, }); }); @@ -181,6 +208,7 @@ describe('#compileRestApi()', () => { }, Name: 'dev-new-service', Policy: '', + SecurityPolicy: undefined, }, }); });