(aws-apigateway): `StepFunctionsRestApi` does not pass on `path`

[maiksensi]

Describe the bug

The construct StepFunctionsRestApi seems to be buggy regarding path handling.

Expected Behavior

When using StepFunctionsRestApi with path: true I expect my underlying Step Function to receive the path.

Current Behavior

Passing a path (also tried different depths combinations like: ...prod/users/4 or .../prod/12) leads to a {"message":"Missing Authentication Token"}

see: curl -X GET "https://XXXXXXXX.execute-api.eu-central-1.amazonaws.com/prod/123" {"message":"Missing Authentication Token"}

Reproduction Steps

deploy this (almost) minimal example:

    const successState = new Pass(this, "SuccessState");

    const stateMachine = new StateMachine(this, "CrudStateMachine", {
      definitionBody: DefinitionBody.fromChainable(successState),
      timeout: Duration.minutes(5),
      stateMachineType: StateMachineType.EXPRESS,
      comment: "This state machine returns an employee entry from DynamoDB",
      logs: {
        destination: new LogGroup(this, "StateMachineLogs", {
          retention: RetentionDays.ONE_DAY,
        }),
        level: LogLevel.ALL,
        includeExecutionData: true,
      },
    });

    new StepFunctionsRestApi(this, "StepFunctionsRestApi", {
      stateMachine,
      path: true,
      requestContext: {
        httpMethod: true,
      },
    });

and send a similar request to the created API: curl -X GET "https://${apigatewayid}.execute-api.eu-central-1.amazonaws.com/prod/123"

Possible Solution

No response

Additional Information/Context

I can workaround the problem by creating a proxy integration manually on the API but I guess that is not the idea here.

see

const sfnApi = new StepFunctionsRestApi(this, 'StepFunctionsRestApi', {
      deploy: true,
      stateMachine: sfn,
    });

    sfnApi.root.addProxy({
      defaultIntegration: StepFunctionsIntegration.startExecution(sfn, {
        path: true,
        querystring: true,
      }),
      anyMethod: true,
    });

    sfnApi.root.addResource('testpath').addProxy({
      defaultIntegration: StepFunctionsIntegration.startExecution(sfn, {
        path: true,
        querystring: true,
      }),
      anyMethod: true,
    });

Does the current implementation on the vtl packages/@aws-cdk/aws-apigateway/lib/integrations/stepfunctions.vtl only work for key value pairs (regarding paths)?

CDK CLI Version

2.97.0

Framework Version

2.97.0

Node.js Version

v18.14.0

OS

macos 14 (also happened on 13)

Language

Typescript

Language Version

^4.8.3

Other information

No response

[indrora]

Two questions:

• Does this work when you pass -X POST to cURL?
• Can you make calls to this API from the API Gateway Console?

[maiksensi]

A post request goes through if the root is used: curl -X POST https://XXXXX.execute-api.eu-central-1.amazonaws.com/prod/ -H 'Content-Type: application/json' -d '{"name":"Leo","age":26}' {"body": {"name":"Leo","age":26}, "querystring":{ }, "path":{ }, "requestContext": {"httpMethod":"POST"}}

If a specific path is used it doesn't work: curl -X POST https://XXXX.execute-api.eu-central-1.amazonaws.com/prod/123 -H 'Content-Type: application/json' -d '{"name":"Leo","age":26}' {"message":"Missing Authentication Token"}

Making calls via API Gateway Console works just the same as with curl:

• I can make a GET request, but cannot pass a path param (as non is defined...)
• I can make a POST request and it is returned successfully on the root.