Error reason: The ARN isn't valid. Failing to construct the correct ARN string of my REST API for my CfnWebACLAssociation function

Question

I can see in the AWS Console that the ARN for the REST endpoints being created in the API Gateway have the pattern:
```
arn:aws:execute-api:us-east-1:553710216655:2hi1wdf6j2/*/OPTIONS/users/*
```
and my string construction is like so:
```
const apiArn = `arn:aws:execute-api:${this.region}:${this.account}:${api.restApiId}/*/*/*`;
```
I'm using /*/*/* because I want to be able to have multiple endpoints in the API.

Also I'm creating the API using the `apigateway.LambdaRestApi(...)` function so I know I'm creating a REST API and not an HTTP API.

I've also tried formatArn() with no avail:
```
const apiArn = this.formatArn({
  service: 'execute-api',
  resource: `${api.restApiId}`,
  resourceName: '*/*/*',
  arnFormat: ArnFormat.SLASH_RESOURCE_NAME,
});
```

Accepted Answer

Solution: the issue was that for a WAF association with an API Gateway we need to associate with the API Stage, not individual endpoints. The stage ARN as @MikelDelTio mentioned is of the format: arn: *partition* :apigateway: *region* ::/restapis/ *api-id* /stages/ *stage-name*.
I kept trying to hook it up per endpoint which has the format: arn:partition:execute-api:region:account-id:api-id/stage/http-method/resource-path.

Answer

Hi,

According to the [CDK documentation](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_wafv2.CfnWebACLAssociation.html), the ARN must be in the following format for the Amazon API Gateway REST API: `arn: *partition* :apigateway: *region* ::/restapis/ *api-id* /stages/ *stage-name*`. Could this be the problem?

Error reason: The ARN isn't valid. Failing to construct the correct ARN string of my REST API for my CfnWebACLAssociation function

Relevant content