Skip to content

A terraform module for creating an instance of AWS API Gateway.

Notifications You must be signed in to change notification settings

facet-tech/terraform-module-aws-api-gateway

Repository files navigation

terraform-module-aws-api-gateway

A Terraform module for creating aws api gateway dynamically. Creates rest api, authorizer, methods and lambda integratyion, and stages.

Code Example

module "api_gateway" {
  source              = "git@github.com:facets-io/terraform-module-aws-api-gateway.git?ref=0.0.2"
  name                = "my-api-gateway"
  environment         = "dev"
  description         = "This is my API"
  ip_whitelist        = "0.0.0.0/0"
  versioned_directory = "."
  deploy_live_stage   = true

  authorizers = [
    {
      name          = "embed-id"
      provider_arns = "arn:aws:cognito-idp:us-west-2:527490985582:my-user-pool/us-west-2_48d8d388"
    }]

  method_default = {
    method               = module.api_gateway.constants.GET
    authorization        = "COGNITO_USER_POOLS"
    authorizer_id        = "real-time-service-embed-id-my-authorizer"
    authorization_scopes = "MyScope/Scope"
    api_key_required     = false
    request_models       = {}
    request_validator_id = ""
    request_parameters   = {
      "method.request.header.my_authentication_header" = true
    }
  }

  endpoints = [
    {
      path    = "/authentication_token"
      methods = [
        {
          method               = module.api_gateway.constants.POST
          integration          = {
            uri                  = "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:0000000000:function:my-function-1/invocations"
            passthrough_behavior = "WHEN_NO_MATCH"
            request_templates    = null
          }
          authorization        = "NONE"
          authorizer_id        = ""
          authorization_scopes = []
          request_parameters   = null
        }
      ]
    },
    {
      path    = "/path1/endpoint1"
      methods = [
        {
          method             = module.api_gateway.constants.GET
          integration        = {
            uri               = "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:0000000000:function:my-function-2/invocations"
            request_templates = {
              "application/json" = "{\"param_1\":\"$input.params('param_1')\"}"
            }
          }
          request_parameters = {
            "method.request.querystring.param_1" = true
            "method.request.querystring.param_2" = true
          }          
        }
      ]
    }
  ]
}

Providers

Name Version
aws 2.47.0
external 1.2

Inputs

Name Description Type Default Required
authorizers n/a any n/a yes
binary_media_types n/a list(string) n/a yes
body n/a string n/a yes
description n/a string n/a yes
endpoint_configuration_vpc_endpoint_ids n/a list(string) n/a yes
endpoints n/a any n/a yes
environment n/a string n/a yes
lambda_permission_event_source_token (Optional) The Event Source Token to validate. Used with Alexa Skills. string n/a yes
lambda_permission_qualifier (Optional) Query parameter to specify function version or alias name. The permission will then apply to the specific qualified ARN. e.g. arn:aws:lambda:aws-region:acct-id:function:function-name:2 string n/a yes
lambda_permission_source_account (Optional) This parameter is used for S3 and SES. The AWS account ID (without a hyphen) of the source owner. string n/a yes
lambda_permission_source_arn (Optional) When granting Amazon S3 or CloudWatch Events permission to invoke your function, you should specify this field with the Amazon Resource Name (ARN) for the S3 Bucket or CloudWatch Events Rule as its value. This ensures that only events generated from the specified bucket or rule can invoke the function. API Gateway ARNs have a unique structure described here. string n/a yes
name n/a string n/a yes
versioned_directory If set, hash all files in directory to generate version number. If hash changes terraform will redploy the api gateway stages (deployment). any n/a yes
api_key_source n/a string "HEADER" no
authorizer_default n/a
object({
authorizer_uri = string
authorizer_credentials = string
authorizer_result_ttl_in_seconds = number
identity_source = string
type = string
identity_validation_expression = string
})
{
"authorizer_credentials": "",
"authorizer_result_ttl_in_seconds": 300,
"authorizer_uri": "",
"identity_source": "method.request.header.Authentication",
"identity_validation_expression": "",
"type": "COGNITO_USER_POOLS"
}
no
aws_api_gateway_stage_default n/a
object({
stage_name = string
access_log_settings = object({
destination_arn = string
format = string
})
cache_cluster_enabled = bool
cache_cluster_size = number
description = string
documentation_version = number
variables = map(string)
xray_tracing_enabled = bool
})
{
"access_log_settings": {
"destination_arn": null,
"format": null
},
"cache_cluster_enabled": false,
"cache_cluster_size": 0.5,
"description": "test",
"documentation_version": null,
"stage_name": "live",
"variables": {},
"xray_tracing_enabled": false
}
no
constants n/a
object({
GET = string
PUT = string
POST = string
DELETE = string
HEAD = string
PATCH = string
})
{
"DELETE": "DELETE",
"GET": "GET",
"HEAD": "HEAD",
"PATCH": "PATCH",
"POST": "POST",
"PUT": "PUT"
}
no
deploy_live_stage n/a bool false no
deploy_test_stage n/a bool true no
endpoint_configuration_types n/a list(string)
[
"REGIONAL"
]
no
force_deploy_live_stage n/a bool false no
force_deploy_test_stage n/a bool false no
integration_default n/a
object({
integration_http_method = string
type = string
connection_type = string
connection_id = string
credentials = string
request_templates = map(string)
request_parameters = map(string)
passthrough_behavior = string
cache_key_parameters = list(string)
cache_namespace = string
content_handling = string
timeout_milliseconds = number
uri = string
})
{
"cache_key_parameters": [],
"cache_namespace": "",
"connection_id": "",
"connection_type": "INTERNET",
"content_handling": "CONVERT_TO_TEXT",
"credentials": "",
"integration_http_method": "POST",
"passthrough_behavior": "WHEN_NO_TEMPLATES",
"request_parameters": {},
"request_templates": {
"application/json": ""
},
"timeout_milliseconds": "29000",
"type": "AWS_PROXY",
"uri": "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:696666127573:function:CognitoAuth/invocations"
}
no
ip_whitelist n/a list(string)
[
"0.0.0.0/0"
]
no
lambda_permission_action (Required if assigning a resource policy) The AWS Lambda action you want to allow in this statement. (e.g. lambda:InvokeFunction) string "lambda:InvokeFunction" no
lambda_permission_principal (Required if assigning a resource policy) The principal who is getting this permission. e.g. s3.amazonaws.com, an AWS account ID, or any valid AWS service principal such as events.amazonaws.com or sns.amazonaws.com. string "apigateway.amazonaws.com" no
lambda_permission_statement_id (Optional) A unique statement identifier. By default generated by Terraform. string "AllowInvokeFromApiGateway" no
live_stage_name n/a string "live" no
method_default n/a
object({
method = string
authorization = string
authorizer_id = string
authorization_scopes = list(string)
api_key_required = bool
request_models = map(string)
request_validator_id = string
request_parameters = map(string)
})
{
"api_key_required": false,
"authorization": "NONE",
"authorization_scopes": [],
"authorizer_id": null,
"method": "GET",
"request_models": {},
"request_parameters": {},
"request_validator_id": ""
}
no
minimum_compression_size n/a number 2048 no
response_default n/a
map(object({
status_code = number
response_models = map(string)
response_parameters = map(string)
}))
{
"200": {
"response_models": {
"application/json": "Empty"
},
"response_parameters": {},
"status_code": "200"
},
"500": {
"response_models": {
"application/json": "Error"
},
"response_parameters": null,
"status_code": "500"
}
}
no
response_intergration_default n/a
map(object({
selection_pattern = string
response_templates = map(string)
response_parameters = map(string)
content_handling = string
}))
{
"200": {
"content_handling": null,
"response_parameters": {},
"response_templates": {
"application/json": ""
},
"selection_pattern": ""
},
"500": {
"content_handling": null,
"response_parameters": {},
"response_templates": {
"application/json": ""
},
"selection_pattern": "Error"
}
}
no
stages n/a list(any)
[
{
"stage_name": "live"
},
{
"stage_name": "dude"
}
]
no
tags n/a map(string) {} no
test_stage_name n/a string "test" no

Outputs

Name Description
constants n/a
endpoints n/a
rest_api n/a
rest_api_execution_arn n/a
tags n/a

About

A terraform module for creating an instance of AWS API Gateway.

Resources

Stars

Watchers

Forks

Packages

No packages published