Feature proposal: Use Lambda permissions instead of IAM roles for API gateway CloudFormation template

[emellis]

Context

Zappa currently uses an IAM role to allow ApiGateway to invoke the lambda function. However, according to AWS, Lambda permissions should be used instead in this case (see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apitgateway-method-integration.html#cfn-apigateway-method-integration-credentials). Ultimately I think this would make the CloudFormation template a bit simpler and would no longer require the IAM role ARN to create. I am trying to use Zappa in a CI/CD pipeline and this would definitely make things easier in my case.

Possible Fix

Remove the IAM role credentials from the ApiGateway method integration and replace it with Lambda Permissions in the generated CloudFormation template. I'd be happy to open a PR for this if it is something that you are okay with.

[Miserlou]

Zappa IAM in general needs a massive overhaul, this is definitely a step in the right direction. Happy to review a PR.

Related: https://github.com/Miserlou/Zappa/issues/524 https://github.com/Miserlou/Zappa/issues/244 https://github.com/Miserlou/Zappa/issues/244