Keep Lambda execution role independent from API Gateway

Author: kris-szlapa

packages/cdk/resources/RestApiGateway/LambdaEndpoint.ts

@@ -4,6 +4,7 @@ import {HttpMethod} from "aws-cdk-lib/aws-lambda"
 import {IRole} from "aws-cdk-lib/aws-iam"
 import {LambdaFunction} from "../LambdaFunction"
 
+// Props for constructing an API Gateway endpoint backed by a Lambda function.
 export interface LambdaEndpointProps {
   readonly parentResource: IResource
   readonly resourceName: string
@@ -12,20 +13,23 @@ export interface LambdaEndpointProps {
   readonly lambdaFunction: LambdaFunction
 }
 
+// Creates an API Gateway resource and method integrated with a Lambda function.
 export class LambdaEndpoint extends Construct {
   public readonly resource: IResource
 
   constructor(scope: Construct, id: string, props: LambdaEndpointProps) {
     super(scope, id)
 
+    // Add a new resource to the parent resource
     const resource = props.parentResource.addResource(props.resourceName)
 
-    resource.addMethod(props.method, new LambdaIntegration(props.lambdaFunction.function, {
-      credentialsRole: props.restApiGatewayRole
-    }))
+    // Add a method to the resource, integrated with the Lambda function.
+    resource.addMethod(props.method, new LambdaIntegration(props.lambdaFunction.function))
 
-    props.restApiGatewayRole.addManagedPolicy(props.lambdaFunction.executionPolicy)
+    // Grant API Gateway's role permission to invoke the Lambda function.
+    props.lambdaFunction.function.grantInvoke(props.restApiGatewayRole)
 
+    // Expose the resource for potential further use.
     this.resource = resource
   }
 }