Feature request: Support for 'SecurityPolicy' property to 'AWS::Serverless::Api'

[arbzkhan]

Describe the feature

Currently, while creating the resource 'AWS::Serverless::Api'[1], there is no property to set a Security policy. Instead, we have a sub-property under 'DomainConfiguration' that creates a separate resource 'AWS::ApiGateway::DomainName'[2]. That said, we could directly add a new 'SecurityPolicy' property under 'AWS::Serverless::Api', which would apply the Security policy similar to console/API usage for the REST API resource 'AWS::ApiGateway::RestApi'.

[1] https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-api.html
[2] https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-api.html#sam-api-domain

Replication:

Since this property doesn't exist, we will get the following expected error with 'sam build':

---

Error: [InvalidResourceException('property SecurityPolicy not defined for resource of type AWS::Serverless::Api')]

---

Workarounds:

1. Import the resource 'AWS::ApiGateway::RestApi' into the stack.
2. Create the REST API resource 'AWS::ApiGateway::RestApi' directly in the SAM template to use the 'SecurityPolicy' property.

Proposed Solution:

Add a new property 'SecurityPolicy' to resource 'AWS::Serverless::Api' which will add the Security policy similar to console/API usage to the REST API resource directly 'AWS::ApiGateway::RestApi'.

[ryanwdale]

I'm also affected by this issue

Adding the documentation for the corresponding fields on the AWS::ApiGateway::RestApi CFN resource:

• SecurityPolicy field defined here https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-apigateway-restapi.html#aws-resource-apigateway-restapi-properties
• https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-securitypolicy