DEV Community

loading...
Cover image for Create (and override) APIKey for an AWS GatewayAPI

Create (and override) APIKey for an AWS GatewayAPI

dvddpl profile image Davide de Paolis ・3 min read

Recently we added the APIKey and UsagePlans to one of our endpoints hit by one of our Mobile Apps so that we can monitor its usage and define throttling for specific (macro)users.
You can learn more about UsagePlans here

Add an API Key / Usage Plan to a GatewayAPI

Deployment was done via AWS CDK:

Create the APIKey

const apiKeyName = "my-api-key"
const apiKey = new apigateway.ApiKey(this, `MyAPIkey`, {
                apiKeyName,
                description: `APIKey used by my api to do awesome stuff`,
                enabled: true,
            })

Create the usagePlan for your specific API and deployment stage, and assign the apikey you have just created to it.

const usagePlanProps: apigateway.UsagePlanProps = {
                name: "MyUsagePlan,
                apiKey,
                apiStages: [{api: myRestApi, stage: myRestApi.deploymentStage}],
                throttle: {burstLimit: 500, rateLimit: 1000}, quota: {limit: 10000000, period: Period.MONTH}
    }

Assign the usage Plan to your RestApi.

myRestApi.addUsagePlan("MyUsagePlan", usagePlanProps)

noice

Add a bad idea

At some point, I decided to give our APIkeys a more meaningful name
and deployed our Dev Environment.

The APKs (bundled android apps) currently being tested by the QA people stopped working!
What happened?
The new named caused CloudFormation to delete the current APIKey and create a new one - with of course a new value!

panic

The devs could quickly change the settings in their local environment, but the bundled APPs could not be modified.
Imagine if this happened in production or while the App was in the approval process from Appstore or Google Apps...

Find a solution

Is it possible to replace/override/set the value of an APIKey?
AWS CLI provides an update-api-key method but unfortunately, that did not allow me to change the value of the key itself (only the name, description and enabled properties are editable - like they are in the UIConsole).

Both in the UIConsole and as AWS CLI command it is though possible to Import API Keys
Just pass in a CSV file and the key will be generated.

Name,key,description,Enabled,usageplanIds
MyFirstApiKey,apikey1234abcdefghij0123456789,An imported key,TRUE,c7y23b' 

I quickly did that in the UIConsole to solve the issue for the QA tester and everything worked again.

Something that is worth noticing, though

  • do not try to use the same name when importing: it would work, no overriding, two keys with different id and same name will be attached to the API, but it will be confusing, and if you decide to remove the old one, then you will have problems with next deployments due to CloudFormation IDs conflicting.

As a general rule it is better not to fiddle too much through console or CLI with Resources created via CloudFormation

Of course, this was just temporary and within the next QA build devs will be using only the new API Key (and possibly reference to it at runtime, not build time), but it has been interesting understanding the process and figuring out some measures in case of emergency.

Hope it helps


Photo by CMDR Shane on Unsplash

Discussion (0)

pic
Editor guide