Connection with AWS Gateways

This page describes how to integrate your Sensedia solutions (Adaptive Governance and Developer Portal) with AWS gateways, allowing for the import and governance of APIs (native connections) published in Amazon API Gateway.

See in this page:

Supported API Versions and Types

The Amazon API Gateway is structured into two main infrastructures (v1 and v2). API import through native AWS connections supports both.

  • REST API (v1). The traditional version of API Gateway, providing the most comprehensive set of API management features. View official documentation

  • HTTP API (v2). The newer Amazon API Gateway infrastructure, optimized for lower latency and reduced cost, focused on high-performance HTTP APIs and simplified integrations with AWS services. View official documentation

For a detailed comparison between these two versions, see: Differences between REST APIs and HTTP APIs

The table below summarizes the main characteristics of the supported API types:

Feature REST API (v1) HTTP API (v2)

Primary focus

Advanced API management features

High performance and lower cost

Portal Apps support

Yes

No (limitation of the AWS HTTP API model)

Import via native connection

Yes

Yes

  • The creation of the native connection with AWS and the configuration of credentials is identical for both versions. The distinction occurs only at the time of API import.

  • Currently, our solutions only support APIs of types REST (v1) and HTTP (v2). APIs of type WebSocket are not supported in this integration flow.

Access credentials

To create a connection for AWS API Gateway, you must enter your AWS credentials on the Connections screen.

These credentials must be obtained from the AWS side.

Access the AWS Management Console and follow the steps below to:

  1. Create a user.

  2. Add an access policy.

  3. Create credentials.

Refer to the AWS documentation for more details.

To list and import your APIs, ensure that your access policy in AWS grants permission to the correct apigateway service resources, depending on the gateway version:

  • For v1 gateways (REST): The policy must allow access to resources under the /restapis namespace.

  • For v2 gateways (HTTP): The policy must allow access to resources under the /apis namespace.

If your policy only allows one of these resource sets, you will only see the corresponding APIs. If there is no permission for either of them, an error will be displayed on the import screen.

Creating a User

There are several ways to create an IAM user in your AWS account.

Follow the steps below to create a user through the AWS Management Console:

  1. At the top of the AWS Management Console, in the search bar, search for and select IAM.
    screenshot of the search screen in AWS Management Console showing the IAM result

  2. In the left menu, under Access management, select Users.
    screenshot of the AWS management dashboard highlighting the Users option

  3. Click the Create user button in the top-right corner of the screen.

  4. In the User name field, enter the value: adaptive_governance_integration_aws and click Next.
    screenshot of the AWS management panel with emphasis on the user name field

  5. Under Permissions options, select Attach policies directly and click Next.
    screenshot of the AWS panel highlighting the option to add <em>policies</em>

    Under Permissions policies, DO NOT select Policy name.

  6. Under Review and Create, review the information and click Create user.


Adding an Access Policy

  1. In the user list, select adaptive_governance_integration_aws
    screenshot showing the created user in the user list

  2. In the Permissions tab, under Permissions policies, click the Add Permissions button, and then click Create inline policy.
    screenshot showing the Permissions tab and Add Permissions button

  3. In the Policy editor, select the JSON tab.
    screenshot showing the JSON tab in the policy editor

  4. Copy and paste the code below into the editor.

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "apigateway:GET"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

ou

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "apigateway:GET"
            ],
            "Resource": [
                "arn:aws:apigateway:*::/restapis",
                "arn:aws:apigateway:*::/restapis/*",
                "arn:aws:apigateway:*::/restapis/*/stages",
                "arn:aws:apigateway:*::/restapis/*/deployments",
                "arn:aws:apigateway:*::/restapis/*/deployments/*",

                "arn:aws:apigateway:*::/apis",
                "arn:aws:apigateway:*::/apis/*",

                "arn:aws:apigateway:*::/apikeys",
                "arn:aws:apigateway:*::/usageplans"
            ]
        }
    ]
}
    Depending on your business needs, there are some policy templates that can be used.

  5. Click Next.

  6. In the Policy name field, enter the value adaptive_governance-aws and click Create policy.
    screenshot showing the Create and Review screen


Creating the Credentials

  1. In the user list, select adaptive_governance_integration_aws and click the Security credentials tab.
    aws security credentials

  2. Scroll down to Access keys and click Create access key.
    aws create access key

  3. Select the option Application running on an AWS compute service.
    screenshot showing the option for Application running

    Check the confirmation box at the bottom of the page.
    confirmation box

  4. Click Next.

  5. You will see your access key and secret access key.
    Make a note of these credentials to use when registering the AWS connection in Adaptive Governance.
    screenshot showing the Retrieve access keys screen

  6. Click Done.

Creating a New Connection

Follow the steps below to create a new connection.

  1. Access the Connections screen by clicking the left-side menu or the card on the home screen.

  2. Click the + CREATE CONNECTION button located at the top-right of the screen.
    screenshot of the connections screen highlighting the create connection button

  3. Select the connection provider and click CREATE CONNECTION.
    screenshot of the connection creation screen step 1

  4. Select the connection mode: whether it is native (data updated directly with the provider) or not (manual upload).
    screen with connection options

Non-native connection:

  • Define a name for the connection and click NEXT.
    screen with field for connection name

  • Confirm the information and click SAVE.

Native connection:

  • Define a name for the connection and click NEXT.
    screen with field for connection name

  • Select a connection mode: Access Key or IAM (Role ).
    screen with authentication options

    • For Access Key, provide:

      • AWS Access Key Id: the key for your AWS resource.

      • AWS Secret Access Key Id: the AWS key secret.
        detail of the configuration screen with fields for AWS Access Key Id and AWS Secret Access Key Id

      • Review the information and click SAVE.

    • For IAM:

      • Configure your role: copy the example code shown in this section and use it in your AWS provider to create a role:

        • Steps in the AWS Console:

          • Go to IAM > Roles and click the "Create role" button.

          • Select "Custom trust policy" and paste the copied code.

          • Add the policy generated in the Adding an access policy step.

          • Complete the role creation, adding the necessary information, such as tags.

          • After creating the role, copy the Role ARN generated by AWS.

      • Role ARN: paste the generated Role ARN here.

      • Review the information and click SAVE.

        detail of the configuration screen with fields for Configure your role and Role ARN

Importing APIs

Importing APIs through a native AWS connection supports multiple types of API Gateways.

The supported API types are:

  • REST — APIs originating from AWS REST API Gateway (v1).

  • HTTP — APIs originating from AWS HTTP API Gateway (v2).

See more details about each type.

These types are displayed in the Protocol Type column during the import process.

To import APIs, follow the steps below:

  1. Access the Connections screen by clicking on the left side menu or the card on the home screen.

  2. Find the connection you want to edit and click the icon icon view 2.
    If necessary, use the search bar to locate the desired connection.

  3. In the API Imports screen, click the + IMPORT API button located just below General Info and above API Imports.
    screenshot of the API import screen

  4. Select the region of the APIs you want to import.
    screenshot of the API import screen for AWS gateways

  5. In the API list, use the Type column to identify the protocol (REST or HTTP). Select the desired APIs and click SAVE.
    Import list showing the Type column with REST and HTTP

Credential generation (App creation) in the Developer Portal is currently not supported for HTTP (v2) type APIs, due to an inherent limitation of this version of the AWS Gateway.

In these cases, the Enable Apps registration option remains disabled in the API Docs settings of the Portal Manager.

The Discovery feature also automatically identifies and unifies APIs from both versions (REST and HTTP), provided that the IAM user’s access permissions cover the necessary resources. If you have permission for only one of the versions, only the corresponding APIs will be listed.

Whenever an API is updated, click refresh icon.
detail with the refresh imported APIs button
Thanks for your feedback!
EDIT

Share your suggestions with us!
Click here and then [+ Submit idea]