[wip]

Author: gitName

articles/api-center/TOC.yml

@@ -38,8 +38,12 @@
         href: manage-apis-azure-cli.md
       - name: Import APIs from API Management
         href: import-api-management-apis.md
-      - name: Synchronize APIs from API Management
-        href: synchronize-api-management-apis.md
+      - name: Integrate API sources
+        items:    
+        - name: Synchronize APIs from API Management
+          href: synchronize-api-management-apis.md
+        - name: Synchronize APIs from Amazon API Gateway
+          href: synchronize-aws-gateway-apis.md
       - name: Build and register APIs - VS Code extension
         href: build-register-apis-vscode-extension.md
       - name: Register APIs - GitHub Actions

articles/api-center/includes/configure-managed-identity-kv-secret-user.md

@@ -0,0 +1,79 @@
+---
+title: Include file
+description: Include file
+services: api-center
+author: dlepow
+
+ms.service: azure-api-center
+ms.topic: include
+ms.date: 12/20/2024
+ms.author: danlep
+ms.custom: Include file
+---
+
+To allow import of APIs, assign your API center's managed identity the **Key Vault Secrets User** role in your Azure key vault. You can use the [portal](../../role-based-access-control/role-assignments-portal-managed-identity.yml) or the Azure CLI.
+
+#### [Portal](#tab/portal)
+
+1. In the [portal](https://azure.microsoft.com), navigate to your key vault.
+1. In the left menu, select **Access control (IAM)**.
+1. Select **+ Add role assignment**.
+1. On the **Add role assignment** page, set the values as follows: 
+    1. On the **Role** tab - Select **Key Vault Secrets User**.
+    1. On the **Members** tab, in **Assign access to** - Select **Managed identity** > **+ Select members**.
+    1. On the **Select managed identities** page - Select the system-assigned managed identity of your API center that you added in the previous section. Click **Select**.
+    1. Select **Review + assign**.
+
+#### [Azure CLI](#tab/cli)
+
+1. Get the principal ID of the identity. For a system-assigned identity, use the [az apic show](/cli/azure/apic#az-apic-show) command. 
+
+    ```azurecli
+    #! /bin/bash
+    apicObjID=$(az apic show --name <api-center-name> \
+        --resource-group <resource-group-name> \
+        --query "identity.principalId" --output tsv)
+    ```
+
+    ```azurecli
+    # Formatted for PowerShell
+    $apicObjID=$(az apic show --name <api-center-name> `
+        --resource-group <resource-group-name> `
+        --query "identity.principalId" --output tsv)
+    ```
+
+1. Get the resource ID of your key vault using the [az apim show](/cli/azure/apim#az-apim-show) command. [UPDATE THIS COMMAND]
+ 
+    ```azurecli
+    #! /bin/bash
+    kvID=$(az apim show --name <apim-name> --resource-group <resource-group-name> --query "id" --output tsv)
+    ```
+
+    ```azurecli
+    # Formatted for PowerShell
+    $kvID=$(az apim show --name <apim-name> --resource-group <resource-group-name> --query "id" --output tsv)
+    ```
+
+1. Assign the managed identity the **Key Vault Secrets User** role in your key vault the [az role assignment create](/cli/azure/role/assignment#az-role-assignment-create) command.
+
+    ```azurecli
+    #! /bin/bash
+    scope="${kvID:1}"
+
+    az role assignment create \
+        --role "Key Vault Secrets User \
+        --assignee-object-id $apicObjID \
+        --assignee-principal-type ServicePrincipal \
+        --scope $scope 
+    ```
+    
+    ```azurecli
+    # Formatted for PowerShell
+    $scope=$apimID.substring(1)
+
+    az role assignment create `
+        --role "API Management Service Reader Role" `
+        --assignee-object-id $apicObjID `
+        --assignee-principal-type ServicePrincipal `
+        --scope $scope 
+---

articles/api-center/includes/delete-integration.md

@@ -0,0 +1,25 @@
+---
+title: Include file
+description: Include file
+services: api-center
+author: dlepow
+
+ms.service: azure-api-center
+ms.topic: include
+ms.date: 12/20/2024
+ms.author: danlep
+ms.custom: Include file
+---
+
+## Delete an integration
+
+While an API source is integrated, you can't delete synchronized APIs from your API center. If you need to, you can delete the integration. When you delete an integration:
+
+* The synchronized APIs in your API center inventory are deleted
+* The environment and deployments associated with the API source are deleted
+
+To delete an integration:
+
+1. In the [portal](https://portal.azure.com), navigate to your API center.
+1. Under **Assets**, select **Environments** > **Integration (preview)**.
+1. Select the integration, and then select **Delete** (trash can icon).

articles/api-center/includes/enable-managed-identity.md

@@ -6,12 +6,12 @@ author: dlepow
 
 ms.service: azure-api-center
 ms.topic: include
-ms.date: 10/18/2024
+ms.date: 12/20/2024
 ms.author: danlep
 ms.custom: Include file
 ---
 
-For this scenario, your API center uses a [managed identity](/entra/identity/managed-identities-azure-resources/overview) to access APIs in your API Management instance. Depending on your needs, configure either a system-assigned or one or more user-assigned managed identities. 
+For this scenario, your API center uses a [managed identity](/entra/identity/managed-identities-azure-resources/overview) to access Azure resources. Depending on your needs, configure either a system-assigned or one or more user-assigned managed identities. 
 
 The following examples show how to configure a system-assigned managed identity by using the Azure portal or the Azure CLI. At a high level, configuration steps are similar for a user-assigned managed identity. 
 

articles/api-center/synchronize-aws-gateway-apis.md

@@ -0,0 +1,171 @@
+---
+title: Synchronize APIs from Amazon API Gateway - Azure API Center
+description: Integrate an Amazon API Gateway to Azure API Center for automatic synchronization of APIs to the inventory.
+author: dlepow
+ms.service: azure-api-center
+ms.topic: how-to
+ms.date: 12/20/2024
+ms.author: danlep 
+ms.custom: devx-track-azurecli
+# Customer intent: As an API program manager, I want to integrate my Azure API Management instance with my API center and synchronize API Management APIs to my inventory.
+---
+
+# Synchronize APIs from Amazon API Gateway to Azure API Center (preview)
+
+This article shows how to integrate an Amazon API Gateway so that the gateway's APIs are continuously kept up to date in your [API center](overview.md) inventory. 
+
+## About integrating Amazon API Gateway
+
+Integrating Amazon API Gateway as an API source for your API center enables continuous synchronization so that the API inventory stays up to date.
+
+When you integrate an Amazon API Gateway as an API source, the following happens:
+
+1. APIs, and optionally API definitions (specs), from the API Gateway are added to the API center inventory.
+1. You configure an [environment](key-concepts.md#environment) of type *Amazon API Gateway* in the API center. 
+1. An associated [deployment](key-concepts.md#deployment) is created for each synchronized API definition. 
+
+Synchronization is one-way from Amazon API Gateway to your Azure API center, meaning API updates in the API center aren't synchronized back to the API Gateway.
+
+> [!NOTE]
+> * There are [limits](../azure-resource-manager/management/azure-subscription-service-limits.md?toc=/azure/api-center/toc.json&bc=/azure/api-center/breadcrumb/toc.json#api-center-limits) for the number of integrated API sources.
+> * API updates in Amazon API Gateway synchronize to your API center every hour.
+
+### Entities synchronized from Amazon API Gateway
+
+You can add or update metadata properties and documentation in your API center to help stakeholders discover, understand, and consume the synchronized APIs. Learn more about Azure API Center's [built-in and custom metadata properties](add-metadata-properties.md).
+
+The following table shows entity properties that can be modified in Azure API Center and properties that are determined based on their values in Amazon API Gateway. Also, entities' resource or system identifiers in Azure API Center are generated automatically and can't be modified.
+
+| Entity       | Properties configurable in API Center                     | Properties determined in API Gateway                                           |
+|--------------|-----------------------------------------|-----------------|
+| API          | summary<br/>lifecycleStage<br/>termsOfService<br/>license<br/>externalDocumentation<br/>customProperties    | title<br/>description<br/>kind                   |
+| API version  | lifecycleStage      | title                                                |
+| Environment  | title<br/>description<br/>kind</br>server.managementPortalUri<br/>onboarding<br/>customProperties      | server.type
+| Deployment   |  title<br/>description<br/>server<br/>state<br/>customProperties    |      server.runtimeUri |
+
+For property details, see the [Azure API Center REST API reference](/rest/api/apicenter).
+
+
+## Prerequisites
+
+* An API center in your Azure subscription. If you haven't created one, see [Quickstart: Create your API center](set-up-api-center.md).
+
+* An Azure key vault. If you need to create one, see [Quickstart: Create a key vault using the Azure portal](/azure/key-vault/general/quick-create-portal).
+
+* An [Amazon API Gateway](https://docs.aws.amazon.com/apigateway/). 
+
+* An AWS [IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html) identity with the `AmazonAPIGatewayAdministrator` policy attached.
+
+* For Azure CLI:
+    [!INCLUDE [include](~/reusable-content/azure-cli/azure-cli-prepare-your-environment-no-header.md)]
+
+    [!INCLUDE [install-apic-extension](includes/install-apic-extension.md)]
+
+    > [!NOTE]
+    > Azure CLI command examples in this article can run in PowerShell or a bash shell. Where needed because of different variable syntax, separate command examples are provided for the two shells.
+
+## Add a managed identity in your API center
+
+[!INCLUDE [enable-managed-identity](includes/enable-managed-identity.md)]
+
+
+## Create IAM user access keys
+
+To authenticate your API center with Amazon API Gateway, you need access keys for an AWS IAM user. 
+
+To generate the required access key ID and secret key using the AWS Management Console, see [Create an access key for yourself](https://docs.aws.amazon.com/IAM/latest/UserGuide/access-key-self-managed.html#Using_CreateAccessKey). 
+
+Save your access keys in a safe location. You'll store them in Azure Key Vault in the next steps.
+
+> [!CAUTION]
+> Access keys are long-term credentials and you should manage them as securely as you would a password. Learn more about [securing access keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/securing_access-keys.html)
+
+## Store IAM user access keys in Azure Key Vault
+
+Manually upload and securely store the two IAM user access keys in Azure Key Vault using the configuration in the following table. For more information, see [Quickstart: Set and retrieve a secret from Azure Key Vault using the Azure portal](/azure/key-vault/secrets/quick-create-portal). 
+
+| AWS secret | Upload options | Name | Secret value | 
+
+
+Upload option 
+
+Manual 
+
+Name 
+
+aws-access-key 
+
+Secret value 
+
+Access key retrieved from AWS 
+
+One secret for secret access key: 
+
+Upload option 
+
+Manual 
+
+Name 
+
+aws-secret-access-key 
+
+Secret value 
+
+Secret access key retrieved from AWS 
+
+
+
+
+
+
+
+
+## Add a managed identity in your API center
+
+[!INCLUDE [enable-managed-identity](includes/enable-managed-identity.md)]
+
+## Assign the managed identity the Key Vault Secrets User role
+
+[!INCLUDE [configure-managed-identity-apim-reader](includes/configure-managed-identity-apim-reader.md)]
+
+## Integrate an Amazon API Gateway 
+
+You can integrate an API Gateway using the portal.
+
+1. In the [portal](https://portal.azure.com), navigate to your API center.
+1. Under **Assets**, select **Environments**.
+1. Select **Integrations (preview)** > **+ New integration**.
+1. In the **Link your Azure API Gateway** page:
+    1. TBD...    
+    1. In **Environment details**, enter an **Environment title** (name), **Environment type**, and optional **Environment description**.
+    1. In **API details**, select a **Lifecycle stage** for the synchronized APIs. (You can update this value for your APIs after they're added to your API center.) Also, select whether to synchronize API definitions.
+1. Select **Create**.
+
+<!----
+:::image type="content" source="media/synchronize-api-management-apis/link-api-management-service.png" alt-text="Screenshot of linking an Azure API Management Service in the portal.":::
+
+--->
+The environment is added in your API center. The API Management APIs are imported to the API center inventory.
+
+<!--
+:::image type="content" source="media/synchronize-api-management-apis/environment-link-list.png" alt-text="Screenshot of environment list in the portal.":::
+-->
+
+## Delete an integration
+
+While an API source is integrated, you can't delete synchronized APIs from your API center. If you need to, you can delete the integration. When you delete an integration:
+
+* The synchronized APIs in your API center inventory are deleted
+* The environment and deployments associated with the API source are deleted
+
+To delete an integration:
+
+1. In the [portal](https://portal.azure.com), navigate to your API center.
+1. Under **Assets**, select **Environments** > **Integration (preview)**.
+1. Select the integration, and then select **Delete** (trash can icon). 
+
+## Related content
+ 
+* [Manage API inventory with Azure CLI commands](manage-apis-azure-cli.md)
+* [Import APIs from API Management to your Azure API center](import-api-management-apis.md)
+* [Azure API Management documentation](../api-management/index.yml)