feat: add API endpoint output and permissions for authorizer Lambda function

Author: satyatulasijalandharch

python/amazon-verified-permissions-rest-api/stack/main.py

@@ -1,6 +1,8 @@
 from aws_cdk import (
     Stack,
+    aws_iam,
     aws_lambda as _lambda,
+    CfnOutput,
 )
 from constructs import Construct
 
@@ -37,6 +39,18 @@ def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
                 "TOKEN_TYPE": "accessToken",
             },
         )
+        policy_statement = aws_iam.PolicyStatement(
+            actions=[
+                "verifiedpermissions:isAuthorizedWithToken",
+                "logs:PutLogEvents",
+            ],
+            resources=["*"],
+            effect=aws_iam.Effect.ALLOW,
+        )
+
+        # Grant the Lambda function permissions to call Verified Permissions and write logs
+        authorizer.role.add_to_policy(policy_statement)
+
         # Create Lambda functions
         admin_lambda = _lambda.Function(
             self,
@@ -54,13 +68,19 @@ def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
             handler="main.handler",
         )
 
-
         # Create REST API
-        API(
+        apigw = API(
             self,
             "API",
             authorizer=authorizer,
             admin_lambda=admin_lambda,
             user_lambda=user_lambda,
         )
 
+        # Output the API endpoint
+        CfnOutput(
+            self,
+            "ApiEndpoint",
+            value=apigw.api.url,
+            description="API Gateway endpoint URL",
+        )