Create (and override) APIKey for an AWS GatewayAPI

Image for post
Image for post

Recently we added the APIKey and UsagePlans to one of our endpoints hit by one of our Mobile Apps so that we can monitor its usage and define throttling for specific (macro)users.
You can learn more about UsagePlans here

Add an API Key / Usage Plan to a GatewayAPI

Deployment was done via AWS CDK:

Create the APIKey

const apiKeyName = "my-api-key" const apiKey = new apigateway.ApiKey(this, `MyAPIkey`, { apiKeyName, description: `APIKey used by my api to do awesome stuff`, enabled: true, })

Create the usagePlan for your specific API and deployment stage, and assign the apikey you have just created to it.

const usagePlanProps: apigateway.UsagePlanProps = { 
name: "MyUsagePlan,
apiStages: [{api: myRestApi, stage: myRestApi.deploymentStage}], throttle: {burstLimit: 500, rateLimit: 1000}, quota: {limit: 10000000, period: Period.MONTH} }

Assign the usage Plan to your RestApi.

myRestApi.addUsagePlan("MyUsagePlan", usagePlanProps)
Image for post
Image for post

Add a bad idea

At some point, I decided to give our APIkeys a more meaningful name
and deployed our Dev Environment.

The APKs (bundled android apps) currently being tested by the QA people stopped working!
What happened?
The new named caused CloudFormation to delete the current APIKey and create a new one — with of course a new value!

Image for post
Image for post

The devs could quickly change the settings in their local environment, but the bundled APPs could not be modified.
Imagine if this happened in production or while the App was in the approval process from Appstore or Google Apps…

Find a solution

Is it possible to replace/override/set the value of an APIKey?
AWS CLI provides an update-api-key method but unfortunately, that did not allow me to change the value of the key itself (only the name, description and enabled properties are editable — like they are in the UIConsole).

Both in the UIConsole and as AWS CLI command it is though possible to Import API Keys
Just pass in a CSV file and the key will be generated.

Name,key,description,Enabled,usageplanIds MyFirstApiKey,apikey1234abcdefghij0123456789,An imported key,TRUE,c7y23b'

I quickly did that in the UIConsole to solve the issue for the QA tester and everything worked again.

Something that is worth noticing, though

As a general rule it is better not to fiddle too much through console or CLI with Resources created via CloudFormation

Of course, this was just temporary and within the next QA build devs will be using only the new API Key (and possibly reference to it at runtime, not build time), but it has been interesting understanding the process and figuring out some measures in case of emergency.

Hope it helps

Photo by CMDR Shane on Unsplash

Originally published at on February 10, 2020.

Sport addicted, productivity obsessed, avid learner, travel enthusiast, expat, 2 kids. Technical Lead (NodeJs Serverless)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store