├── .deepsource.toml ├── .github ├── CODEOWNERS ├── PULL_REQUEST_TEMPLATE.md ├── dependabot.yml └── workflows │ ├── auto_assignee.yml │ ├── automerge.yml │ ├── changelog.yml │ ├── readme.yml │ ├── tf-checks.yml │ ├── tflint.yml │ └── tfsec.yml ├── .gitignore ├── .pre-commit-config.yaml ├── CHANGELOG.md ├── LICENSE ├── Makefile ├── README.md ├── README.yaml ├── docs └── io.md ├── examples ├── complete │ ├── http-api-gateway │ │ ├── example.tf │ │ ├── outputs.tf │ │ └── version.tf │ ├── lambda_packages │ │ ├── index.py │ │ └── index.zip │ ├── private-rest-api-gateway │ │ ├── example.tf │ │ ├── outputs.tf │ │ └── versions.tf │ └── rest-api-gateway │ │ ├── example.tf │ │ ├── outputs.tf │ │ └── versions.tf ├── http-api-gateway │ ├── example.tf │ ├── outputs.tf │ └── version.tf ├── lambda_packages │ ├── index.py │ └── index.zip ├── private-rest-api-gateway │ ├── example.tf │ ├── outputs.tf │ └── versions.tf ├── rest-api-gateway │ ├── example.tf │ ├── outputs.tf │ └── versions.tf └── vpc_link_api │ ├── example.tf │ ├── lambda-test.zip │ ├── lambda_packages │ └── index.py │ ├── outputs.tf │ └── versions.tf ├── main.tf ├── outputs.tf ├── variables.tf └── versions.tf /.deepsource.toml: -------------------------------------------------------------------------------- 1 | version = 1 2 | 3 | [[analyzers]] 4 | name = "terraform" -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # These owners will be the default owners for everything in the repo. 2 | * @anmolnagpal @clouddrove/approvers @clouddrove-ci 3 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | ## what 2 | * Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?) 3 | * Use bullet points to be concise and to the point. 4 | 5 | ## why 6 | * Provide the justifications for the changes (e.g. business case). 7 | * Describe why these changes were made (e.g. why do these commits fix the problem?) 8 | * Use bullet points to be concise and to the point. 9 | 10 | ## references 11 | * Link to any supporting jira issues or helpful documentation to add some context (e.g. stackoverflow). 12 | * Use `closes #123`, if this PR closes a Jira issue `#123` 13 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | # To get started with Dependabot version updates, you'll need to specify which 2 | # package ecosystems to update and where the package manifests are located. 3 | # Please see the documentation for all configuration options: 4 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 5 | 6 | version: 2 7 | updates: 8 | - package-ecosystem: "terraform" # See documentation for possible values 9 | directory: "/" # Location of package manifests 10 | schedule: 11 | interval: "weekly" 12 | # Add assignees 13 | assignees: 14 | - "clouddrove-ci" 15 | # Add reviewer 16 | reviewers: 17 | - "approvers" 18 | - package-ecosystem: "terraform" # See documentation for possible values 19 | directory: "examples/complete" # Location of package manifests 20 | schedule: 21 | interval: "weekly" 22 | # Add assignees 23 | assignees: 24 | - "clouddrove-ci" 25 | # Add reviewer 26 | reviewers: 27 | - "approvers" 28 | - package-ecosystem: "terraform" # See documentation for possible values 29 | directory: "examples/vpc_link_api" # Location of package manifests 30 | schedule: 31 | interval: "weekly" 32 | # Add assignees 33 | assignees: 34 | - "clouddrove-ci" 35 | # Add reviewer 36 | reviewers: 37 | - "approvers" -------------------------------------------------------------------------------- /.github/workflows/auto_assignee.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Auto Assign PRs 3 | 4 | on: 5 | pull_request: 6 | types: [opened, reopened] 7 | 8 | workflow_dispatch: 9 | jobs: 10 | assign-pr: 11 | uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master 12 | secrets: 13 | GITHUB: ${{ secrets.GITHUB }} 14 | with: 15 | assignees: 'clouddrove-ci' 16 | ... 17 | -------------------------------------------------------------------------------- /.github/workflows/automerge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Auto merge 3 | on: 4 | pull_request: 5 | jobs: 6 | auto-merge: 7 | uses: clouddrove/github-shared-workflows/.github/workflows/auto_merge.yml@master 8 | secrets: 9 | GITHUB: ${{ secrets.GITHUB }} 10 | with: 11 | tfcheck: 'tf-checks-complete-example / Check code format' 12 | ... 13 | -------------------------------------------------------------------------------- /.github/workflows/changelog.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: changelog 3 | permissions: write-all 4 | on: 5 | push: 6 | tags: 7 | - "*" 8 | workflow_dispatch: 9 | jobs: 10 | call-workflow-changelog: 11 | uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master 12 | secrets: inherit 13 | with: 14 | branch: 'master' 15 | ... 16 | -------------------------------------------------------------------------------- /.github/workflows/readme.yml: -------------------------------------------------------------------------------- 1 | name: Readme Workflow 2 | on: 3 | push: 4 | branches: 5 | - master 6 | paths-ignore: 7 | - 'README.md' 8 | - 'docs/**' 9 | workflow_dispatch: 10 | jobs: 11 | README: 12 | uses: clouddrove/github-shared-workflows/.github/workflows/readme.yml@master 13 | secrets: 14 | TOKEN : ${{ secrets.GITHUB }} 15 | SLACK_WEBHOOK_TERRAFORM: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} 16 | -------------------------------------------------------------------------------- /.github/workflows/tf-checks.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: tf-checks 3 | on: 4 | push: 5 | branches: [ master ] 6 | pull_request: 7 | workflow_dispatch: 8 | jobs: 9 | tf-checks-complete-example: 10 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master 11 | with: 12 | working_directory: './examples/' 13 | tf-checks-basic-example: 14 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master 15 | with: 16 | working_directory: './examples/vpc_link_api/' 17 | ... 18 | -------------------------------------------------------------------------------- /.github/workflows/tflint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: tf-lint 3 | on: 4 | push: 5 | branches: [ master ] 6 | pull_request: 7 | workflow_dispatch: 8 | jobs: 9 | tf-lint: 10 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@master 11 | secrets: 12 | GITHUB: ${{ secrets.GITHUB }} 13 | ... 14 | -------------------------------------------------------------------------------- /.github/workflows/tfsec.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: tfsec 3 | permissions: write-all 4 | on: 5 | pull_request: 6 | workflow_dispatch: 7 | jobs: 8 | tfsec: 9 | uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master 10 | secrets: inherit 11 | with: 12 | working_directory: '.' 13 | ... 14 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # ignored files 2 | *.tfstate 3 | *.tfstate.backup 4 | .terraform 5 | .idea 6 | *.iml 7 | go.sum 8 | *.terraform.lock.hcl 9 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | repos: 2 | 3 | - repo: https://github.com/gruntwork-io/pre-commit 4 | rev: v0.1.12 # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases 5 | hooks: 6 | - id: terraform-fmt 7 | - id: shellcheck 8 | - id: tflint 9 | 10 | - repo: git://github.com/pre-commit/pre-commit-hooks 11 | rev: v4.0.1 # Use the ref you want to point at 12 | hooks: 13 | - id: end-of-file-fixer 14 | - id: trailing-whitespace 15 | - id: mixed-line-ending 16 | - id: check-byte-order-marker 17 | - id: check-executables-have-shebangs 18 | - id: check-merge-conflict 19 | - id: debug-statements 20 | - id: check-yaml 21 | - id: check-added-large-files 22 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | All notable changes to this project will be documented in this file. 3 | 4 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), 5 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 6 | 7 | ## [1.5.0] - 2025-03-14 8 | ### :sparkles: New Features 9 | - [`50cf105`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/50cf1051642fb29642d227d51256c37ab8fb4fc6) - Add automerge github shared workflow *(PR [#58](https://github.com/clouddrove/terraform-aws-api-gateway/pull/58) by [@vaibhav7797](https://github.com/vaibhav7797))* 10 | - [`32d8469`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/32d8469e8a30aff35159a5e3e31107eb8bc37df1) - updated example path and readme parameters *(PR [#61](https://github.com/clouddrove/terraform-aws-api-gateway/pull/61) by [@Tanveer143s](https://github.com/Tanveer143s))* 11 | - [`4781229`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/47812297ac350d8d17f77574adcfe49eadb193b7) - updated branch name in uses of workflow *(PR [#62](https://github.com/clouddrove/terraform-aws-api-gateway/pull/62) by [@rakeshclouddevops](https://github.com/rakeshclouddevops))* 12 | 13 | ### :bug: Bug Fixes 14 | - [`2d0cee3`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/2d0cee303784cc3168a3365bd5ca8ff9b37343de) - Error in count condition of HTTP-Api-Gateway *(PR [#60](https://github.com/clouddrove/terraform-aws-api-gateway/pull/60) by [@Aatishsharma77](https://github.com/Aatishsharma77))* 15 | 16 | ### :construction_worker: Build System 17 | - [`01808ac`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/01808acac8afbcf52a156ce5f0125225d419c9ba) - **deps**: bump clouddrove/subnet/aws in /_examples/vpc_link_api *(commit by [@dependabot[bot]](https://github.com/apps/dependabot))* 18 | - [`b2a71c7`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/b2a71c724381371d19f028447ee16529c0c906ed) - **deps**: bump clouddrove/lambda/aws in /_examples/vpc_link_api *(commit by [@dependabot[bot]](https://github.com/apps/dependabot))* 19 | - [`373ad50`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/373ad50f02bac6a35effaa844b65c862a5220b49) - **deps**: bump clouddrove/lambda/aws in /_examples/complete *(commit by [@dependabot[bot]](https://github.com/apps/dependabot))* 20 | 21 | ### :memo: Documentation Changes 22 | - [`c9417b5`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/c9417b5e9985d7b9eab1a9ceeef1135b7be350a9) - update CHANGELOG.md for 1.4.1 *(commit by [@clouddrove-ci](https://github.com/clouddrove-ci))* 23 | 24 | 25 | ## [1.4.1] - 2023-11-15 26 | ### :sparkles: New Features 27 | - [`3264a48`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/3264a489ebdf1664dfcfb101777eb28a5b7c5d50) - Added new vpc tag *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 28 | - [`233d34b`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/233d34bb997fe4cc561ec80bc1a383f27a796992) - custome stage name and auto-deploy variable *(PR [#54](https://github.com/clouddrove/terraform-aws-api-gateway/pull/54) by [@h1manshu98](https://github.com/h1manshu98))* 29 | 30 | ### :construction_worker: Build System 31 | - [`38d53b0`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/38d53b0e1361bc77c09aaca8895cedfdb369651a) - **deps**: bump clouddrove/vpc/aws in /_examples/vpc_link_api *(commit by [@dependabot[bot]](https://github.com/apps/dependabot))* 32 | 33 | ### :memo: Documentation Changes 34 | - [`e9191ea`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/e9191ea607d6d0bba54ad64adf3926d57c75af88) - update CHANGELOG.md for 1.4.0 *(commit by [@clouddrove-ci](https://github.com/clouddrove-ci))* 35 | 36 | 37 | ## [1.4.0] - 2023-07-18 38 | ### :sparkles: New Features 39 | - [`fc7b2c3`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/fc7b2c3ecdbe0dd8d92e6078afbc5368ac60930f) - added changelog.yml file use shared workflow *(commit by [@vibhutigoyal](https://github.com/vibhutigoyal))* 40 | - [`1c7b42f`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/1c7b42fd7e5777e35cfdc99de3f1e0c18db2ad9c) - added depemdabot.yml *(commit by [@vibhutigoyal](https://github.com/vibhutigoyal))* 41 | - [`e995898`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/e995898e6f784868160c8f6f7c2589ac1232aa37) - auto changelog action added *(commit by [@vibhutigoyal](https://github.com/vibhutigoyal))* 42 | - [`5f5472e`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/5f5472e8c5b231de8c21a606f016857abd9a70c7) - added rest api policy and make api private *(commit by [@mamrajyadav](https://github.com/mamrajyadav))* 43 | - [`546fe75`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/546fe756d1709e8b4502f74f0f089ab3ea5b012b) - added api policy in example *(commit by [@mamrajyadav](https://github.com/mamrajyadav))* 44 | - [`0a13fbe`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/0a13fbe0d48fc2df28d302a557b7f6b11d2cc4ac) - add deepsource & added assignees,reviewer in dependabot *(commit by [@Tanveer143s](https://github.com/Tanveer143s))* 45 | - [`a085977`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/a085977168f8013f48c09b5235fd3f5a55ad5439) - add deepsource & added assignees,reviewer in dependabot *(commit by [@Tanveer143s](https://github.com/Tanveer143s))* 46 | - [`58729c9`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/58729c96baa75b7c87da843b41dc3931a6245bc7) - crate apigateway-v2 terraform module *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 47 | - [`5d2ef92`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/5d2ef92e1a19245847519066d42879c62a90fa17) - added output.tf *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 48 | - [`b3b36f7`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/b3b36f7b78ee35471fe089557e2a59cfa0338563) - added lambda function routes *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 49 | - [`20cecef`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/20cecef6798dbfa3d634996b8f57a7f1e287b3f0) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 50 | - [`553312e`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/553312e5240250806b38197bf908239080ec5cd4) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 51 | - [`541a62a`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/541a62af3f7a030f8f6dff0bba2afff3b6096965) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 52 | - [`267242e`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/267242e02762f99f171aec272ed26c5cf53e269b) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 53 | - [`b2c1576`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/b2c1576be72322f3fd3e599d405007d8b3343b25) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 54 | - [`20a8a1f`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/20a8a1f14ee685b3b9f4233105dd12e0ee94654d) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 55 | - [`d36d58c`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/d36d58ce68967ff6e65515ecdd433cfe2b326b42) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 56 | - [`553c2a1`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/553c2a1a7211426c34f06ea22b13e92b16f5477a) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 57 | - [`0b394ce`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/0b394ce106837038d79663a4e337f0528cc029f9) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 58 | - [`26397b1`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/26397b1c2370d056795f180f5517c407e9b57202) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 59 | - [`e453dc5`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/e453dc5b00db9efafdb30b6e20ae843e4fb25794) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 60 | - [`da05e2c`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/da05e2cea4a25d582c51c5be41a24301f245d430) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 61 | - [`0f72292`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/0f72292f3a6084bfa317082396ed6ed8e0dd71f2) - update security group version *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 62 | - [`ac45432`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/ac4543227af68196f2ddaf4623be242dc2fa7879) - update security group version *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 63 | - [`687bc25`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/687bc25bf8a7dcec5e680a4e3160ba90e1c7d468) - update security group version *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* 64 | 65 | ### :bug: Bug Fixes 66 | - [`94b8325`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/94b83252956581f636b0ea3bcef7eb17c36d77aa) - updated outputs.tf *(commit by [@mamrajyadav](https://github.com/mamrajyadav))* 67 | 68 | 69 | ## [1.0.1] - 2022-06-15 70 | ### :bug: Bug Fixes 71 | - [`6245f4b`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/6245f4b6d8706cb609c04d59895417ad71c73f82) - use terraform letast version 72 | - [`44d6b0f`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/44d6b0f89365480a88d4d3cc66576a37edc99265) - Update main.tf 73 | 74 | 75 | ## [0.14.1] - 2021-02-12 76 | ### :bug: Bug Fixes 77 | - [`44d6b0f`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/44d6b0f89365480a88d4d3cc66576a37edc99265) - update main.tf 78 | - [`6245f4b`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/6245f4b6d8706cb609c04d59895417ad71c73f82) - use terraform letast version 79 | - [``e2a43a7](https://github.com/clouddrove/terraform-aws-api-gateway/commit/e2a43a781654347c1cbe2c8b1e37c935e9092c82) - fix vpc_id error and update provider version 80 | 81 | ## [0.14.0] - 2021-01-20 82 | ### :sparkles: New Features 83 | - [`ce3e978`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/ce3e9782f7a0e774b4a9be1b30eee0d91bccbf3a) - update version 84 | - [`44d6b0f`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/44d6b0f89365480a88d4d3cc66576a37edc99265) - update main.tf 85 | 86 | ## [0.13.0] - 2020-10-21 87 | ### :bug: Bug Fixes 88 | - [`4835694`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/48356946a9fefdccc4e721e3b4810fbb9a633e4b) - update terratest 89 | - [`ce3e978`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/ce3e9782f7a0e774b4a9be1b30eee0d91bccbf3a) - update version 90 | - [`44d6b0f`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/44d6b0f89365480a88d4d3cc66576a37edc99265) - Update main.tf 91 | 92 | ## [0.12.2] - 2020-06-18 93 | ### :bug: Bug Fixes 94 | - [`ce3e978`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/ce3e9782f7a0e774b4a9be1b30eee0d91bccbf3a) - update version 95 | - [`9ea3808`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/9ea380849e5384be78050ccdafe7bf3eac059ae6) - fix tfsec error 96 | - [`a9914d3`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/a9914d355f9c487a63f4f65f4d504e7ff9fe2420) - fix version error 97 | 98 | 99 | ## [0.12.1] - 2019-10-22 100 | ### :bug: Bug Fixes 101 | - [`4835694`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/48356946a9fefdccc4e721e3b4810fbb9a633e4b) - update terratest 102 | - [`9ea3808`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/9ea380849e5384be78050ccdafe7bf3eac059ae6) - fix tfsec error 103 | 104 | ## [0.12.0] - 2019-09-28 105 | ### :bug: Bug Fixes 106 | - [`4835694`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/48356946a9fefdccc4e721e3b4810fbb9a633e4b) - update terratest 107 | - [`e2a43a7`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/e2a43a781654347c1cbe2c8b1e37c935e9092c82) - fix vpc_id error and update provider version 108 | 109 | 110 | 111 | [0.15.0]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/0.15.0 112 | [0.12.0]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/0.12.0 113 | [0.12.1]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/0.12.1 114 | [0.12.2]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/0.12.2 115 | [0.13.0]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/0.13.0 116 | [0.14.0]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/0.14.0 117 | [0.14.1]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/0.14.1 118 | [1.0.1]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/1.0.1 119 | 120 | [1.4.0]: https://github.com/clouddrove/terraform-aws-api-gateway/compare/1.0.1...1.4.0 121 | [1.4.1]: https://github.com/clouddrove/terraform-aws-api-gateway/compare/1.4.0...1.4.1 122 | [1.5.0]: https://github.com/clouddrove/terraform-aws-api-gateway/compare/1.4.1...1.5.0 123 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2021 CloudDrove Inc. 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | export GENIE_PATH ?= $(shell 'pwd')/../../../genie 2 | 3 | include $(GENIE_PATH)/Makefile 4 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | [![Banner](https://github.com/clouddrove/terraform-module-template/assets/119565952/67a8a1af-2eb7-40b7-ae07-c94cde9ce062)][website] 3 |

4 | Terraform Module API-GATEWAY-V2 5 |

6 | 7 |

8 | With our comprehensive DevOps toolkit - streamline operations, automate workflows, enhance collaboration and, most importantly, deploy with confidence. 9 |

10 | 11 | 12 |

13 | 14 | 15 | Latest Release 16 | 17 | 18 | tfsec 19 | 20 | 21 | Licence 22 | 23 | 24 | Changelog 25 | 26 | 27 | 28 |

29 |

30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 |

45 |
46 | 47 | 48 | We are a group of DevOps engineers & architects, joining hands in this ever evolving digital landscape. With our strong belief in Automation; just like microservices, always on the lookout to split the the infrastructure into smaller connected resources (database, cluster and more) which could be standardized, are manageable, scalable, secure & follow industry best practices. 49 | 50 | 51 | This module includes Terraform open source, examples, and automation tests (for better understanding), which would help you create and improve your infrastructure with minimalistic coding. 52 | 53 | 54 | 55 | 56 | ## Prerequisites and Providers 57 | 58 | This table contains both Prerequisites and Providers: 59 | 60 | | Description | Name | Version | 61 | |:-------------:|:-------------------------------------------:|:---------:| 62 | | **Prerequisite** | [Terraform](https://learn.hashicorp.com/terraform/getting-started/install.html) | >= 1.6.1 | 63 | | **Provider** | [aws](https://aws.amazon.com/) | >= 5.20.0 | 64 | 65 | 66 | 67 | 68 | 69 | ## Examples 70 | 71 | **IMPORTANT:** Since the master branch used in source varies based on new modifications, we recommend using the [release versions](https://github.com/clouddrove/terraform-aws-api-gateway/releases). 72 | 73 | 📌 For additional usage examples, check the complete list under [`examples/`](./examples) directory. 74 | 75 | 76 | 77 | ## Inputs and Outputs 78 | 79 | Refer to complete documentation: [here](docs/io.md) 80 | 81 | 82 | 93 | 94 | 95 | ## Module Dependencies 96 | 97 | This module has dependencies on: 98 | - [Labels Module](https://github.com/clouddrove/terraform-aws-labels): Provides resource tagging. 99 | 100 | 101 | ## 📑 Changelog 102 | 103 | Refer [here](CHANGELOG.md). 104 | 105 | 106 | 107 | 108 | ## ✨ Contributors 109 | 110 | Big thanks to our contributors for elevating our project with their dedication and expertise! But, we do not wish to stop there, would like to invite contributions from the community in improving these projects and making them more versatile for better reach. Remember, every bit of contribution is immensely valuable, as, together, we are moving in only 1 direction, i.e. forward. 111 | 112 | 113 | 114 | 115 |
116 |
117 | 118 | If you're considering contributing to our project, here are a few quick guidelines that we have been following (Got a suggestion? We are all ears!): 119 | 120 | - **Fork the Repository:** Create a new branch for your feature or bug fix. 121 | - **Coding Standards:** You know the drill. 122 | - **Clear Commit Messages:** Write clear and concise commit messages to facilitate understanding. 123 | - **Thorough Testing:** Test your changes thoroughly before submitting a pull request. 124 | - **Documentation Updates:** Include relevant documentation updates if your changes impact it. 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | ## Feedback 139 | Spot a bug or have thoughts to share with us? Let's squash it together! Log it in our [issue tracker](https://github.com/clouddrove/terraform-aws-api-gateway/issues), feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com). 140 | 141 | Show some love with a ★ on [our GitHub](https://github.com/clouddrove/terraform-aws-api-gateway)! if our work has brightened your day! – your feedback fuels our journey! 142 | 143 | 144 | ## :rocket: Our Accomplishment 145 | 146 | We have [*100+ Terraform modules*][terraform_modules] 🙌. You could consider them finished, but, with enthusiasts like yourself, we are able to ever improve them, so we call our status - improvement in progress. 147 | 148 | - [Terraform Module Registry:](https://registry.terraform.io/namespaces/clouddrove) Discover our Terraform modules here. 149 | 150 | - [Terraform Modules for AWS/Azure Modules:](https://github.com/clouddrove/toc) Explore our comprehensive Table of Contents for easy navigation through our documentation for modules pertaining to AWS, Azure & GCP. 151 | 152 | - [Terraform Modules for Digital Ocean:](https://github.com/terraform-do-modules/toc) Check out our specialized Terraform modules for Digital Ocean. 153 | 154 | 155 | 156 | 157 | ## Join Our Slack Community 158 | 159 | Join our vibrant open-source slack community and embark on an ever-evolving journey with CloudDrove; helping you in moving upwards in your career path. 160 | Join our vibrant Open Source Slack Community and embark on a learning journey with CloudDrove. Grow with us in the world of DevOps and set your career on a path of consistency. 161 | 162 | 🌐💬What you'll get after joining this Slack community: 163 | 164 | - 🚀 Encouragement to upgrade your best version. 165 | - 🌈 Learning companionship with our DevOps squad. 166 | - 🌱 Relentless growth with daily updates on new advancements in technologies. 167 | 168 | Join our tech elites [Join Now][slack] 🚀 169 | 170 | 171 | ## Explore Our Blogs 172 | 173 | Click [here][blog] :books: :star2: 174 | 175 | ## Tap into our capabilities 176 | We provide a platform for organizations to engage with experienced top-tier DevOps & Cloud services. Tap into our pool of certified engineers and architects to elevate your DevOps and Cloud Solutions. 177 | 178 | At [CloudDrove][website], has extensive experience in designing, building & migrating environments, securing, consulting, monitoring, optimizing, automating, and maintaining complex and large modern systems. With remarkable client footprints in American & European corridors, our certified architects & engineers are ready to serve you as per your requirements & schedule. Write to us at [business@clouddrove.com](mailto:business@clouddrove.com). 179 | 180 |

We are The Cloud Experts!

181 |
182 |

We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.

183 | 184 | [website]: https://clouddrove.com 185 | [blog]: https://blog.clouddrove.com 186 | [slack]: https://www.launchpass.com/devops-talks 187 | [github]: https://github.com/clouddrove 188 | [linkedin]: https://cpco.io/linkedin 189 | [twitter]: https://twitter.com/clouddrove/ 190 | [email]: https://clouddrove.com/contact-us.html 191 | [terraform_modules]: https://github.com/clouddrove?utf8=%E2%9C%93&q=terraform-&type=&language= 192 | -------------------------------------------------------------------------------- /README.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # This is the canonical configuration for the `README.md` 4 | # Run `make readme` to rebuild the `README.md` 5 | # 6 | 7 | # Name of this project 8 | name : Terraform Module API-GATEWAY-V2 9 | 10 | # License of this project 11 | license: "APACHE" 12 | 13 | # Canonical GitHub repo 14 | github_repo: clouddrove/terraform-aws-api-gateway 15 | 16 | # Badges to display 17 | badges: 18 | - name: "Latest Release" 19 | image: "https://img.shields.io/github/release/clouddrove/terraform-aws-api-gateway.svg" 20 | url: "https://github.com/clouddrove/terraform-aws-api-gateway/releases/latest" 21 | - name: "tfsec" 22 | image: "https://github.com/clouddrove/terraform-aws-api-gateway/actions/workflows/tfsec.yml/badge.svg" 23 | url: "https://github.com/clouddrove/terraform-aws-api-gateway/actions/workflows/tfsec.yml" 24 | - name: "Licence" 25 | image: "https://img.shields.io/badge/License-APACHE-blue.svg" 26 | url: "LICENSE.md" 27 | - name: "Changelog" 28 | image: "https://img.shields.io/badge/Changelog-blue" 29 | url: "CHANGELOG.md" 30 | 31 | prerequesties: 32 | - name: Terraform 33 | url: https://learn.hashicorp.com/terraform/getting-started/install.html 34 | version: ">= 1.6.1" 35 | 36 | providers: 37 | - name: aws 38 | url: https://aws.amazon.com/ 39 | version: ">= 5.20.0" 40 | 41 | module_dependencies: 42 | - name: Labels Module 43 | url: https://github.com/clouddrove/terraform-aws-labels 44 | description: Provides resource tagging. 45 | 46 | # description of this project 47 | description: |- 48 | Terraform module api-gateway-v2 to create new modules using this as baseline 49 | 50 | # How to use this project 51 | # How to use this project 52 | usage: |- 53 | Here are examples of how you can use this module in your inventory structure: 54 | ### complete Example 55 | ```hcl 56 | module "api-gateway" { 57 | source = "clouddrove/api-gateway/aws" 58 | version = "1.4.0" 59 | 60 | domain_name = "example.cam" 61 | domain_name_certificate_arn = module.acm.arn 62 | integration_uri = module.lambda.arn 63 | zone_id = "1234059QJ345674343" 64 | create_vpc_link_enabled = false 65 | cors_configuration = { 66 | allow_credentials = true 67 | allow_methods = ["GET", "OPTIONS", "POST"] 68 | max_age = 5 69 | } 70 | integrations = { 71 | "ANY /" = { 72 | lambda_arn = module.lambda.arn 73 | payload_format_version = "2.0" 74 | timeout_milliseconds = 12000 75 | } 76 | "GET /some-route-with-authorizer" = { 77 | lambda_arn = module.lambda.arn 78 | payload_format_version = "2.0" 79 | authorizer_key = "cognito" 80 | } 81 | "POST /start-step-function" = { 82 | lambda_arn = module.lambda.arn 83 | payload_format_version = "2.0" 84 | authorizer_key = "cognito" 85 | } 86 | } 87 | } 88 | ``` 89 | ### vpc_link_api Example 90 | ```hcl 91 | module "api-gateway" { 92 | source = "clouddrove/api-gateway/aws" 93 | version = "1.4.0" 94 | 95 | name = "api" 96 | environment = "test" 97 | label_order = ["environment", "name"] 98 | domain_name = "example.cam" 99 | create_vpc_link_enabled = true 100 | zone_id = "1`23456059QJZ25345678" 101 | integration_uri = module.lambda.arn 102 | domain_name_certificate_arn = module.acm.arn 103 | subnet_ids = tolist(module.public_subnets.public_subnet_id) 104 | security_group_ids = [module.security_group.security_group_ids] 105 | cors_configuration = { 106 | allow_credentials = true 107 | allow_methods = ["GET", "OPTIONS", "POST"] 108 | max_age = 5 109 | } 110 | integrations = { 111 | "ANY /" = { 112 | lambda_arn = module.lambda.arn 113 | payload_format_version = "2.0" 114 | timeout_milliseconds = 12000 115 | } 116 | "GET /some-route-with-authorizer" = { 117 | lambda_arn = module.lambda.arn 118 | payload_format_version = "2.0" 119 | authorizer_key = "cognito" 120 | } 121 | "POST /start-step-function" = { 122 | lambda_arn = module.lambda.arn 123 | payload_format_version = "2.0" 124 | authorizer_key = "cognito" 125 | } 126 | } 127 | } 128 | ``` -------------------------------------------------------------------------------- /docs/io.md: -------------------------------------------------------------------------------- 1 | ## Inputs 2 | 3 | | Name | Description | Type | Default | Required | 4 | |------|-------------|------|---------|:--------:| 5 | | access\_log\_settings | Settings for logging access in this stage. | `map(string)` | `{}` | no | 6 | | api\_deployment\_description | flag to manage description of api deployment | `string` | `"test"` | no | 7 | | api\_description | the description of the API. | `string` | `"Manages an Amazon API Gateway Version 2 API."` | no | 8 | | api\_key\_selection\_expression | An API key selection expression. Valid values: $context.authorizer.usageIdentifierKey, $request.header.x-api-key. | `string` | `"$request.header.x-api-key"` | no | 9 | | api\_resources | flag to control of resources path | `map(map(string))` | `{}` | no | 10 | | api\_version | A version identifier for the API | `string` | `null` | no | 11 | | apigatewayv2\_api\_mapping\_enabled | Flag to control the mapping creation. | `bool` | `true` | no | 12 | | authorization | Required The type of authorization used for the method (NONE, CUSTOM, AWS\_IAM, COGNITO\_USER\_POOLS) | `string` | `"NONE"` | no | 13 | | authorizer\_iam\_role | Custome IAMRole for Authorizer Credentials. | `string` | `""` | no | 14 | | authorizer\_result\_ttl\_in\_seconds | TTL of cached authorizer results in seconds. Defaults to 300. | `number` | `300` | no | 15 | | authorizer\_type | The authorizer type. Valid values: JWT, REQUEST. For WebSocket APIs, specify REQUEST for a Lambda function using incoming request parameters. For HTTP APIs, specify JWT to use JSON Web Tokens. | `string` | `"JWT"` | no | 16 | | authorizers | Map of API gateway authorizers | `map(any)` | `{}` | no | 17 | | auto\_deploy | Set this to true to enable stage Auto Deployment | `bool` | `false` | no | 18 | | body | An OpenAPI specification that defines the set of routes and integrations to create as part of the HTTP APIs. Supported only for HTTP APIs. | `string` | `null` | no | 19 | | cache\_cluster\_enabled | Whether a cache cluster is enabled for the stage | `bool` | `false` | no | 20 | | cache\_cluster\_size | Size of the cache cluster for the stage, if enabled. Allowed values include 0.5, 1.6, 6.1, 13.5, 28.4, 58.2, 118 and 237. | `string` | `"0.5"` | no | 21 | | cache\_key\_parameters | List of cache key parameters for the integration. | `list(any)` | `[]` | no | 22 | | cache\_namespace | Integration's cache namespace. | `string` | `""` | no | 23 | | canary\_settings | (optional) describe your variable | `map(any)` | `{}` | no | 24 | | client\_certificate\_id | Identifier of a client certificate for the stage. | `string` | `""` | no | 25 | | connection\_id | ID of the VpcLink used for the integration. Required if connection\_type is VPC\_LINK | `string` | `""` | no | 26 | | connection\_rest\_api\_type | Valid values are INTERNET (default for connections through the public routable internet), and VPC\_LINK (for private connections between API Gateway and a network load balancer in a VPC). | `string` | `"INTERNET"` | no | 27 | | connection\_type | Type of the network connection to the integration endpoint. Valid values: INTERNET, VPC\_LINK. Default is INTERNET. | `string` | `"INTERNET"` | no | 28 | | content\_handling | Supported values are CONVERT\_TO\_BINARY and CONVERT\_TO\_TEXT. If this property is not defined, the request payload will be passed through from the method request to integration request without modification, provided that the passthroughBehaviors is configured to support payload pass-through. | `string` | `"CONVERT_TO_TEXT"` | no | 29 | | cors\_configuration | The cross-origin resource sharing (CORS) configuration. Applicable for HTTP APIs. | `any` | `{}` | no | 30 | | create\_api\_domain\_name\_enabled | Flag to control the domain creation. | `bool` | `true` | no | 31 | | create\_default\_stage\_enabled | Flag to control the stage creation. | `bool` | `true` | no | 32 | | create\_http\_api | Flag to control creation of HTTP api. | `bool` | `false` | no | 33 | | create\_kms\_key | Set this to `false` to provide existing kms key arn in `kms_key_arn` variable. | `bool` | `true` | no | 34 | | create\_rest\_api | Flag to control the rest api creation. | `bool` | `false` | no | 35 | | create\_rest\_api\_deployment | Flag to control the mapping creation. | `bool` | `true` | no | 36 | | create\_rest\_api\_gateway\_authorizer | Flag to control the rest api gateway authorizer creation. | `bool` | `true` | no | 37 | | create\_rest\_api\_gateway\_integration | Flag to control the rest api gateway integration creation. | `bool` | `true` | no | 38 | | create\_rest\_api\_gateway\_integration\_response | Flag to control the rest api gateway integration response creation. | `bool` | `true` | no | 39 | | create\_rest\_api\_gateway\_method | Flag to control the rest api gateway method creation. | `bool` | `true` | no | 40 | | create\_rest\_api\_gateway\_method\_response | Flag to control the rest api gateway stage creation. | `bool` | `true` | no | 41 | | create\_rest\_api\_gateway\_resource | flag to control the rest api gateway resources creation | `bool` | `true` | no | 42 | | create\_rest\_api\_gateway\_stage | Flag to control the rest api gateway stage creation. | `bool` | `true` | no | 43 | | create\_routes\_and\_integrations\_enabled | Whether to create routes and integrations resources | `bool` | `true` | no | 44 | | create\_vpc\_endpoint | VPC endpoint is required to access api gateway url from outside the vpc. Set this to `false` to prevent vpc endpoint creation. | `bool` | `true` | no | 45 | | create\_vpc\_link\_enabled | Whether to create VPC links | `bool` | `true` | no | 46 | | credentials | To specify an IAM Role for Amazon API Gateway to assume, use the role's ARN. To require that the caller's identity be passed through from the request, specify the string | `string` | `""` | no | 47 | | credentials\_arn | Part of quick create. Specifies any credentials required for the integration. Applicable for HTTP APIs. | `string` | `null` | no | 48 | | default\_route\_settings | Default route settings for the stage. | `map(string)` | `{}` | no | 49 | | default\_stage\_access\_log\_destination\_arn | ARN of the CloudWatch Logs log group to receive access logs. | `string` | `null` | no | 50 | | default\_stage\_access\_log\_format | Single line format of the access logs of data. Refer to log settings for HTTP or Websocket. | `string` | `null` | no | 51 | | description\_gateway\_stage | (optional) describe your variable | `string` | `"demo-test"` | no | 52 | | documentation\_version | Version of the associated API documentation | `string` | `""` | no | 53 | | domain\_name | The domain name to use for API gateway | `string` | `null` | no | 54 | | domain\_name\_certificate\_arn | The ARN of an AWS-managed certificate that will be used by the endpoint for the domain name | `string` | `""` | no | 55 | | domain\_name\_ownership\_verification\_certificate\_arn | ARN of the AWS-issued certificate used to validate custom domain ownership (when certificate\_arn is issued via an ACM Private CA or mutual\_tls\_authentication is configured with an ACM-imported certificate.) | `string` | `null` | no | 56 | | enable\_access\_logs | flag to manage of cloudwatch log group creation | `bool` | `true` | no | 57 | | enable\_key\_rotation | Specifies whether key rotation is enabled. Defaults to false. | `bool` | `null` | no | 58 | | enabled | Set this to `false` to prevent resource creation by this terraform module. | `bool` | `true` | no | 59 | | environment | Environment (e.g. `prod`, `dev`, `staging`). | `string` | `"test"` | no | 60 | | gateway\_authorizer | flag to control the gateway authorizer name. | `string` | `"demo"` | no | 61 | | gateway\_integration\_type | flag tp control the gatway integration type. | `string` | `"AWS_PROXY"` | no | 62 | | http\_method | HTTP method (GET, POST, PUT, DELETE, HEAD, OPTION, ANY) when calling the associated resource. | `string` | `"ANY"` | no | 63 | | identity\_source | Source of the identity in an incoming request. Defaults to method.request.header.Authorization. For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variable | `string` | `"method.request.header.Authorization"` | no | 64 | | identity\_sources | The identity sources for which authorization is requested. | `list(string)` | 
[
  "$request.header.Authorization"
]
| no | 65 | | integration\_description | Description of the integration. | `string` | `"Lambda example"` | no | 66 | | integration\_http\_method | flag to control the gateway intergration http method. | `string` | `"POST"` | no | 67 | | integration\_method | Integration's HTTP method. Must be specified if integration\_type is not MOCK. | `string` | `"POST"` | no | 68 | | integration\_response\_parameters | Map of response parameters that can be read from the backend response. For example: response\_parameters = { method.response.header.X-Some-Header = integration.response.header.X-Some-Other-Header }. | `map(string)` | `{}` | no | 69 | | integration\_type | Integration type of an integration. Valid values: AWS (supported only for WebSocket APIs), AWS\_PROXY, HTTP (supported only for WebSocket APIs), HTTP\_PROXY, MOCK (supported only for WebSocket APIs). | `string` | `"AWS_PROXY"` | no | 70 | | integration\_uri | URI of the Lambda function for a Lambda proxy integration, when integration\_type is AWS\_PROXY. For an HTTP integration, specify a fully-qualified URL. | `string` | `""` | no | 71 | | integrations | Map of API gateway routes with integrations | `map(any)` | `{}` | no | 72 | | kms\_key\_arn | Pass existing KMS key arn. Only applicable when `create_kms_key` is set to false. | `string` | `""` | no | 73 | | label\_order | Label order, e.g. `name`,`application`. | `list(any)` | 
[
  "name",
  "environment"
]
| no | 74 | | log\_format | Formatting and values recorded in the logs. For more information on configuring the log format rules visit the AWS documentation | `string` | `" {\n\t\"requestTime\": \"$context.requestTime\",\n\t\"requestId\": \"$context.requestId\",\n\t\"httpMethod\": \"$context.httpMethod\",\n\t\"path\": \"$context.path\",\n\t\"resourcePath\": \"$context.resourcePath\",\n\t\"status\": $context.status,\n\t\"responseLatency\": $context.responseLatency,\n \"xrayTraceId\": \"$context.xrayTraceId\",\n \"integrationRequestId\": \"$context.integration.requestId\",\n\t\"functionResponseStatus\": \"$context.integration.status\",\n \"integrationLatency\": \"$context.integration.latency\",\n\t\"integrationServiceStatus\": \"$context.integration.integrationStatus\",\n \"authorizeResultStatus\": \"$context.authorize.status\",\n\t\"authorizerServiceStatus\": \"$context.authorizer.status\",\n\t\"authorizerLatency\": \"$context.authorizer.latency\",\n\t\"authorizerRequestId\": \"$context.authorizer.requestId\",\n \"ip\": \"$context.identity.sourceIp\",\n\t\"userAgent\": \"$context.identity.userAgent\",\n\t\"principalId\": \"$context.authorizer.principalId\",\n\t\"cognitoUser\": \"$context.identity.cognitoIdentityId\",\n \"user\": \"$context.identity.user\"\n}\n"` | no | 75 | | log\_group\_class | Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT\_ACCESS. | `string` | `"STANDARD"` | no | 76 | | managedby | ManagedBy, eg 'CloudDrove' | `string` | `"hello@clouddrove.com"` | no | 77 | | multi\_region | ndicates whether the KMS key is a multi-Region (true) or regional (false) key. Defaults to false. | `bool` | `false` | no | 78 | | mutual\_tls\_authentication | An Amazon S3 URL that specifies the truststore for mutual TLS authentication as well as version, keyed at uri and version | `map(string)` | `{}` | no | 79 | | name | Name (e.g. `app` or `api`). | `string` | `""` | no | 80 | | passthrough\_behavior | Pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the request\_templates attribute. | `string` | `"WHEN_NO_MATCH"` | no | 81 | | private\_dns\_enabled | AWS services and AWS Marketplace partner services only) Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Most users will want this enabled to allow services within the VPC to automatically use the endpoint. Defaults to false. | `bool` | `false` | no | 82 | | protocol\_type | The API protocol. Valid values: HTTP, WEBSOCKET | `string` | `"HTTP"` | no | 83 | | provider\_arns | required for type COGNITO\_USER\_POOLS) List of the Amazon Cognito user pool ARNs. Each element is of this format: arn:aws:cognito-idp:{region}:{account\_id}:userpool/{user\_pool\_id}. | `set(string)` | `[]` | no | 84 | | repository | Terraform current module repo | `string` | `""` | no | 85 | | request\_parameters | Map of request query string parameters and headers that should be passed to the backend responder | `map(string)` | `null` | no | 86 | | request\_templates | Map of the integration's request templates. | `map(string)` | `null` | no | 87 | | response\_models | A map of the API models used for the response's content type | `map(string)` | 
{
  "application/json": "Empty"
}
| no | 88 | | response\_parameters | Map of response parameters that can be sent to the caller. For example: response\_parameters { method.response.header.X-Some-Header = true } would define that the header X-Some-Header can be provided on the response | `map(bool)` | `{}` | no | 89 | | rest\_api\_assume\_role\_policy | Custome Trust Relationship Policy for Authorizer IAMRole. | `string` | `""` | no | 90 | | rest\_api\_base\_path | Path segment that must be prepended to the path when accessing the API via this mapping. If omitted, the API is exposed at the root of the given domain. | `string` | `""` | no | 91 | | rest\_api\_description | The description of the REST API | `string` | `"test"` | no | 92 | | rest\_api\_endpoint\_type | (Required) List of endpoint types. This resource currently only supports managing a single value. Valid values: EDGE, REGIONAL or PRIVATE. If unspecified, defaults to EDGE. | `string` | `null` | no | 93 | | rest\_api\_resource\_policy | (Optional) custom resource policy for private rest api. | `string` | `""` | no | 94 | | rest\_api\_stage\_name | The name of the stage | `string` | `""` | no | 95 | | rest\_variables | Map to set on the stage managed by the stage\_name argument. | `map(string)` | `{}` | no | 96 | | retention\_in\_days | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. | `number` | `null` | no | 97 | | route\_key | Part of quick create. Specifies any route key. Applicable for HTTP APIs. | `string` | `null` | no | 98 | | route\_selection\_expression | The route selection expression for the API. | `string` | `"$request.method $request.path"` | no | 99 | | route\_settings | Settings for default route | `map(string)` | `{}` | no | 100 | | security\_group\_ids | A list of security group IDs to associate with. | `list(string)` | `[]` | no | 101 | | service\_name | The service name. For AWS services the service name is usually in the form com.amazonaws.. (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker..notebook). | `string` | `""` | no | 102 | | skip\_destroy | Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state. | `bool` | `null` | no | 103 | | stage\_description | Description to set on the stage managed by the stage\_name argument. | `string` | `"test"` | no | 104 | | stage\_name | Stage Name to be used, set to `$default` to use Invoke URL as your default webpage for lambda | `string` | `null` | no | 105 | | stage\_variables | Map that defines the stage variables | `map(string)` | `{}` | no | 106 | | status\_code | flag to control the status code | `string` | `"200"` | no | 107 | | subnet\_ids | A list of VPC Subnet IDs to launch in. | `list(string)` | `[]` | no | 108 | | target | Part of quick create. Quick create produces an API with an integration, a default catch-all route, and a default stage which is configured to automatically deploy changes. For HTTP integrations, specify a fully qualified URL. For Lambda integrations, specify a function ARN. The type of the integration will be HTTP\_PROXY or AWS\_PROXY, respectively. Applicable for HTTP APIs. | `string` | `null` | no | 109 | | timeout\_milliseconds | Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds. | `number` | `null` | no | 110 | | type | Type of the authorizer. Possible values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, or COGNITO\_USER\_POOLS for using an Amazon Cognito user pool. Defaults to TOKEN. | `string` | `"TOKEN"` | no | 111 | | vpc\_endpoint\_id | ID of the vpc endpoint. Only applicable when | `set(string)` | 
[
  ""
]
| no | 112 | | vpc\_endpoint\_type | The VPC endpoint type, Gateway, GatewayLoadBalancer, or Interface. Defaults to Gateway. | `string` | `"Gateway"` | no | 113 | | vpc\_id | The ID of the VPC in which the endpoint will be used. | `string` | `""` | no | 114 | | vpc\_links | Map of VPC Links details to create | `map(any)` | `{}` | no | 115 | | xray\_tracing\_enabled | A flag to indicate whether to enable X-Ray tracing. | `bool` | `true` | no | 116 | | zone\_id | The ID of the hosted zone to contain this record. | `string` | `""` | no | 117 | 118 | ## Outputs 119 | 120 | | Name | Description | 121 | |------|-------------| 122 | | api\_arn | The HTTP API ARN. | 123 | | api\_endpoint | The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com. | 124 | | api\_id | The HTTP Api ID. | 125 | | invoke\_url | URL to invoke the API pointing to the stage | 126 | | rest\_api\_arn | The Rest Api Arn. | 127 | | rest\_api\_execution\_arn | Execution arn of rest api gateway. | 128 | | rest\_api\_id | The ID of the REST API | 129 | | rest\_api\_invoke\_url | The URL to invoke the API pointing to the stage | 130 | 131 | -------------------------------------------------------------------------------- /examples/complete/http-api-gateway/example.tf: -------------------------------------------------------------------------------- 1 | ####---------------------------------------------------------------------------------- 2 | ## PROVIDER 3 | ####---------------------------------------------------------------------------------- 4 | provider "aws" { 5 | region = local.region 6 | } 7 | 8 | ####---------------------------------------------------------------------------------- 9 | ## LOCALS 10 | ####---------------------------------------------------------------------------------- 11 | 12 | locals { 13 | name = "api" 14 | environment = "test" 15 | region = "us-east-1" 16 | domain_name = "clouddrove.ca" 17 | hosted_zone_id = "Z015XXXXXXXXXXXXXXIEP" 18 | } 19 | ####---------------------------------------------------------------------------------- 20 | ## ACM 21 | ####---------------------------------------------------------------------------------- 22 | module "acm" { 23 | source = "clouddrove/acm/aws" 24 | version = "1.4.1" 25 | 26 | name = local.name 27 | environment = local.environment 28 | enable_aws_certificate = true 29 | domain_name = local.domain_name 30 | subject_alternative_names = ["*.${local.domain_name}"] 31 | validation_method = "DNS" 32 | enable_dns_validation = false 33 | } 34 | 35 | ####---------------------------------------------------------------------------------- 36 | ## LAMBDA 37 | ####---------------------------------------------------------------------------------- 38 | module "lambda" { 39 | source = "clouddrove/lambda/aws" 40 | version = "1.3.1" 41 | 42 | name = local.name 43 | environment = local.environment 44 | enable = true 45 | timeout = 60 46 | filename = "../lambda_packages/index.zip" 47 | handler = "index.lambda_handler" 48 | runtime = "python3.8" 49 | iam_actions = [ 50 | "logs:CreateLogStream", 51 | "logs:CreateLogGroup", 52 | "logs:PutLogEvents" 53 | ] 54 | names = [ 55 | "python_layer" 56 | ] 57 | compatible_runtimes = [ 58 | ["python3.8"] 59 | ] 60 | statement_ids = [ 61 | "AllowExecutionFromApiGateway" 62 | ] 63 | actions = [ 64 | "lambda:InvokeFunction" 65 | ] 66 | principals = [ 67 | "apigateway.amazonaws.com" 68 | ] 69 | variables = { 70 | foo = "bar" 71 | } 72 | } 73 | 74 | ####---------------------------------------------------------------------------------- 75 | ## API GATEWAY 76 | ####---------------------------------------------------------------------------------- 77 | module "api_gateway" { 78 | source = "../../../" 79 | 80 | name = local.name 81 | environment = local.environment 82 | domain_name = "api.${local.domain_name}" 83 | domain_name_certificate_arn = module.acm.arn 84 | integration_uri = module.lambda.invoke_arn 85 | zone_id = local.hosted_zone_id 86 | auto_deploy = true 87 | stage_name = "$default" 88 | create_vpc_link_enabled = false 89 | create_http_api = true 90 | cors_configuration = { 91 | allow_credentials = true 92 | allow_methods = ["GET", "OPTIONS", "POST"] 93 | max_age = 5 94 | } 95 | integrations = { 96 | "ANY /" = { 97 | lambda_arn = module.lambda.arn 98 | payload_format_version = "2.0" 99 | timeout_milliseconds = 30000 100 | } 101 | "GET /some-route-with-authorizer" = { 102 | lambda_arn = module.lambda.arn 103 | payload_format_version = "1.0" 104 | authorizer_key = "cognito" 105 | } 106 | "POST /start-step-function" = { 107 | lambda_arn = module.lambda.arn 108 | payload_format_version = "1.0" 109 | authorizer_key = "cognito" 110 | } 111 | } 112 | } -------------------------------------------------------------------------------- /examples/complete/http-api-gateway/outputs.tf: -------------------------------------------------------------------------------- 1 | output "api_id" { 2 | value = module.api_gateway.api_id 3 | description = "The API identifier." 4 | } 5 | 6 | output "api_arn" { 7 | value = module.api_gateway.api_arn 8 | description = "The API arn." 9 | } 10 | 11 | output "api_endpoint" { 12 | value = module.api_gateway.api_endpoint 13 | description = "The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com." 14 | } 15 | 16 | output "invoke_url" { 17 | value = module.api_gateway.invoke_url 18 | description = "URL to invoke the API pointing to the stage" 19 | } 20 | -------------------------------------------------------------------------------- /examples/complete/http-api-gateway/version.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.1" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.20.0" 9 | } 10 | } 11 | } -------------------------------------------------------------------------------- /examples/complete/lambda_packages/index.py: -------------------------------------------------------------------------------- 1 | import json 2 | def lambda_handler(event, context): 3 | print('Lambda function with Python!|') 4 | return { 5 | 'statusCode': 200, 6 | 'body': json.dumps('Hello from Lambda!') 7 | } 8 | -------------------------------------------------------------------------------- /examples/complete/lambda_packages/index.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/clouddrove/terraform-aws-api-gateway/226598b35a0769d30c42fb7c1abdf3a68c583c74/examples/complete/lambda_packages/index.zip -------------------------------------------------------------------------------- /examples/complete/private-rest-api-gateway/example.tf: -------------------------------------------------------------------------------- 1 | ####---------------------------------------------------------------------------------- 2 | ## PROVIDER 3 | ####---------------------------------------------------------------------------------- 4 | 5 | provider "aws" { 6 | region = local.region 7 | } 8 | ####---------------------------------------------------------------------------------- 9 | ## LOCALS 10 | ####---------------------------------------------------------------------------------- 11 | 12 | locals { 13 | name = "api" 14 | environment = "test" 15 | region = "us-east-1" 16 | domain_name = "clouddrove.ca" 17 | hosted_zone_id = "Z015XXXXXXXXXXXXXXIEP" 18 | } 19 | ####---------------------------------------------------------------------------------- 20 | ## ACM 21 | ####---------------------------------------------------------------------------------- 22 | 23 | module "acm" { 24 | source = "clouddrove/acm/aws" 25 | version = "1.4.1" 26 | 27 | name = local.name 28 | environment = local.environment 29 | enable_aws_certificate = true 30 | domain_name = local.domain_name 31 | subject_alternative_names = ["*.${local.domain_name}"] 32 | validation_method = "DNS" 33 | enable_dns_validation = false 34 | } 35 | 36 | ####---------------------------------------------------------------------------------- 37 | ## LAMBDA 38 | ####---------------------------------------------------------------------------------- 39 | 40 | module "lambda" { 41 | source = "clouddrove/lambda/aws" 42 | version = "1.3.1" 43 | 44 | name = local.name 45 | environment = local.environment 46 | enable = true 47 | timeout = 60 48 | filename = "../lambda_packages/index.zip" 49 | handler = "index.lambda_handler" 50 | runtime = "python3.8" 51 | iam_actions = [ 52 | "logs:CreateLogStream", 53 | "logs:CreateLogGroup", 54 | "logs:PutLogEvents" 55 | ] 56 | names = [ 57 | "python_layer" 58 | ] 59 | compatible_runtimes = [ 60 | ["python3.8"] 61 | ] 62 | statement_ids = [ 63 | "AllowExecutionFromApiGateway" 64 | ] 65 | actions = [ 66 | "lambda:InvokeFunction" 67 | ] 68 | principals = [ 69 | "apigateway.amazonaws.com" 70 | ] 71 | variables = { 72 | foo = "bar" 73 | } 74 | } 75 | 76 | 77 | ####---------------------------------------------------------------------------------- 78 | ## VPC 79 | ####---------------------------------------------------------------------------------- 80 | 81 | module "vpc" { 82 | source = "clouddrove/vpc/aws" 83 | version = "2.0.0" 84 | 85 | name = "${local.name}-rest-api-private" 86 | environment = local.environment 87 | enable = true 88 | cidr_block = "10.0.0.0/16" 89 | 90 | } 91 | 92 | ####---------------------------------------------------------------------------------- 93 | ## SUBNETS 94 | ####---------------------------------------------------------------------------------- 95 | #tfsec:ignore:aws-ec2-no-excessive-port-access 96 | #tfsec:ignore:aws-ec2-no-public-ingress-acl 97 | module "subnets" { 98 | source = "clouddrove/subnet/aws" 99 | version = "2.0.1" 100 | 101 | name = "${local.name}-rest-api-private" 102 | environment = local.environment 103 | 104 | nat_gateway_enabled = true 105 | single_nat_gateway = true 106 | availability_zones = ["${local.region}a", "${local.region}b", "${local.region}c"] 107 | vpc_id = module.vpc.vpc_id 108 | type = "public-private" 109 | igw_id = module.vpc.igw_id 110 | cidr_block = module.vpc.vpc_cidr_block 111 | ipv6_cidr_block = module.vpc.ipv6_cidr_block 112 | enable_ipv6 = true 113 | private_inbound_acl_rules = [ 114 | { 115 | rule_number = 100 116 | rule_action = "allow" 117 | from_port = 0 118 | to_port = 0 119 | protocol = "-1" 120 | cidr_block = module.vpc.vpc_cidr_block 121 | } 122 | ] 123 | private_outbound_acl_rules = [ 124 | { 125 | rule_number = 100 126 | rule_action = "allow" 127 | from_port = 0 128 | to_port = 0 129 | protocol = "-1" 130 | cidr_block = module.vpc.vpc_cidr_block 131 | } 132 | ] 133 | public_inbound_acl_rules = [ 134 | { 135 | rule_number = 100 136 | rule_action = "allow" 137 | from_port = 0 138 | to_port = 0 139 | protocol = "-1" 140 | cidr_block = "0.0.0.0/0" 141 | } 142 | ] 143 | public_outbound_acl_rules = [ 144 | { 145 | rule_number = 100 146 | rule_action = "allow" 147 | from_port = 0 148 | to_port = 0 149 | protocol = "-1" 150 | cidr_block = "0.0.0.0/0" 151 | } 152 | ] 153 | 154 | } 155 | 156 | ####---------------------------------------------------------------------------------- 157 | ## SECURITY GROUP 158 | ####---------------------------------------------------------------------------------- 159 | 160 | module "security_group" { 161 | source = "clouddrove/security-group/aws" 162 | version = "2.0.0" 163 | 164 | name = "${local.name}-rest-api-private" 165 | environment = local.environment 166 | 167 | vpc_id = module.vpc.vpc_id 168 | new_sg_ingress_rules_with_cidr_blocks = [ 169 | { 170 | rule_count = 1 171 | from_port = 0 172 | protocol = "-1" 173 | to_port = 0 174 | cidr_blocks = [module.vpc.vpc_cidr_block] 175 | description = "Allow all traffic from ${local.environment} VPC." 176 | } 177 | ] 178 | new_sg_egress_rules_with_cidr_blocks = [ 179 | { 180 | rule_count = 1 181 | from_port = 0 182 | protocol = "-1" 183 | to_port = 0 184 | cidr_blocks = [module.vpc.vpc_cidr_block] 185 | description = "Allow all outbound traffic." 186 | } 187 | ] 188 | } 189 | 190 | 191 | ####---------------------------------------------------------------------------------- 192 | ## REST API PRIVATE 193 | ####---------------------------------------------------------------------------------- 194 | 195 | module "rest_api_private" { 196 | source = "../../../" 197 | 198 | name = "${local.name}-rest-api-private" 199 | environment = local.environment 200 | enabled = true 201 | create_rest_api = true 202 | rest_api_endpoint_type = "PRIVATE" 203 | rest_api_description = "Private REST API for ${module.lambda.name} lambda function" 204 | integration_uri = module.lambda.invoke_arn 205 | rest_api_stage_name = "default" 206 | auto_deploy = true 207 | rest_api_base_path = "test" 208 | domain_name = "api.${local.domain_name}" 209 | zone_id = local.hosted_zone_id 210 | 211 | # -- VPC Endpoint configuration 212 | vpc_id = module.vpc.vpc_id 213 | subnet_ids = module.subnets.private_subnet_id 214 | security_group_ids = [module.security_group.security_group_id] 215 | service_name = "com.amazonaws.${local.region}.execute-api" 216 | vpc_endpoint_type = "Interface" 217 | private_dns_enabled = true 218 | domain_name_certificate_arn = module.acm.arn 219 | 220 | #---access log---- 221 | enable_access_logs = true 222 | retention_in_days = 7 223 | } 224 | 225 | 226 | -------------------------------------------------------------------------------- /examples/complete/private-rest-api-gateway/outputs.tf: -------------------------------------------------------------------------------- 1 | ##------------------------------------------------------------- 2 | # REST API PRIVATE 3 | ##------------------------------------------------------------- 4 | 5 | output "private_rest_api_id" { 6 | value = module.rest_api_private.rest_api_id 7 | description = " The ID of the REST API" 8 | 9 | } 10 | 11 | output "private_rest_api_arn" { 12 | value = module.rest_api_private.rest_api_arn 13 | description = "The Rest api arn" 14 | 15 | } 16 | 17 | output "private_rest_api_invoke_url" { 18 | value = module.rest_api_private.rest_api_invoke_url 19 | description = "The URL to invoke the API pointing to the stage" 20 | 21 | } -------------------------------------------------------------------------------- /examples/complete/private-rest-api-gateway/versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.1" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.20.0" 9 | } 10 | } 11 | } -------------------------------------------------------------------------------- /examples/complete/rest-api-gateway/example.tf: -------------------------------------------------------------------------------- 1 | ####---------------------------------------------------------------------------------- 2 | ## PROVIDER 3 | ####---------------------------------------------------------------------------------- 4 | provider "aws" { 5 | region = local.region 6 | } 7 | 8 | ####---------------------------------------------------------------------------------- 9 | ## LOCALS 10 | ####---------------------------------------------------------------------------------- 11 | 12 | locals { 13 | name = "api" 14 | environment = "test" 15 | region = "us-east-1" 16 | domain_name = "clouddrove.ca" 17 | hosted_zone_id = "Z015XXXXXXXXXXXXXXIEP" 18 | } 19 | ####---------------------------------------------------------------------------------- 20 | ## ACM 21 | ####---------------------------------------------------------------------------------- 22 | module "acm" { 23 | source = "clouddrove/acm/aws" 24 | version = "1.4.1" 25 | 26 | name = local.name 27 | environment = local.environment 28 | enable_aws_certificate = true 29 | domain_name = local.domain_name 30 | subject_alternative_names = ["*.${local.domain_name}"] 31 | validation_method = "DNS" 32 | enable_dns_validation = false 33 | } 34 | 35 | ####---------------------------------------------------------------------------------- 36 | ## LAMBDA 37 | ####---------------------------------------------------------------------------------- 38 | module "lambda" { 39 | source = "clouddrove/lambda/aws" 40 | version = "1.3.1" 41 | 42 | name = local.name 43 | environment = local.environment 44 | enable = true 45 | timeout = 60 46 | filename = "../lambda_packages/index.zip" 47 | handler = "index.lambda_handler" 48 | runtime = "python3.8" 49 | iam_actions = [ 50 | "logs:CreateLogStream", 51 | "logs:CreateLogGroup", 52 | "logs:PutLogEvents" 53 | ] 54 | names = [ 55 | "python_layer" 56 | ] 57 | compatible_runtimes = [ 58 | ["python3.8"] 59 | ] 60 | statement_ids = [ 61 | "AllowExecutionFromApiGateway" 62 | ] 63 | actions = [ 64 | "lambda:InvokeFunction" 65 | ] 66 | principals = [ 67 | "apigateway.amazonaws.com" 68 | ] 69 | variables = { 70 | foo = "bar" 71 | } 72 | } 73 | 74 | 75 | ####---------------------------------------------------------------------------------- 76 | ## REST API 77 | ####---------------------------------------------------------------------------------- 78 | 79 | module "rest_api" { 80 | source = "../../../" 81 | 82 | name = "${local.name}-rest-api" 83 | environment = local.environment 84 | create_rest_api = true 85 | domain_name_certificate_arn = module.acm.arn 86 | domain_name = "api.${local.domain_name}" 87 | zone_id = local.hosted_zone_id 88 | rest_api_description = "REST API for ${module.lambda.name} lambda function" 89 | rest_api_endpoint_type = "REGIONAL" 90 | integration_uri = module.lambda.invoke_arn 91 | rest_api_stage_name = "default" 92 | api_resources = { 93 | users = { 94 | path_part = "users" 95 | http_method = "ANY" 96 | uri = module.lambda.invoke_arn 97 | 98 | }, 99 | cards = { 100 | path_part = "cards" 101 | http_method = "ANY" 102 | uri = module.lambda.invoke_arn 103 | } 104 | } 105 | 106 | #---access log---- 107 | enable_access_logs = true 108 | retention_in_days = 7 109 | } 110 | 111 | 112 | 113 | 114 | 115 | 116 | -------------------------------------------------------------------------------- /examples/complete/rest-api-gateway/outputs.tf: -------------------------------------------------------------------------------- 1 | ##------------------------------------------------------------- 2 | # REST API 3 | ##------------------------------------------------------------- 4 | 5 | output "rest_api_id" { 6 | value = module.rest_api.rest_api_id 7 | description = " The ID of the REST API" 8 | 9 | } 10 | 11 | output "rest_api_arn" { 12 | value = module.rest_api.rest_api_arn 13 | description = "The Rest api arn" 14 | } 15 | 16 | output "rest_api_invoke_url" { 17 | value = module.rest_api.rest_api_invoke_url 18 | description = "The URL to invoke the API pointing to the stage" 19 | 20 | } 21 | 22 | 23 | -------------------------------------------------------------------------------- /examples/complete/rest-api-gateway/versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.1" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.20.0" 9 | } 10 | } 11 | } -------------------------------------------------------------------------------- /examples/http-api-gateway/example.tf: -------------------------------------------------------------------------------- 1 | ####---------------------------------------------------------------------------------- 2 | ## PROVIDER 3 | ####---------------------------------------------------------------------------------- 4 | provider "aws" { 5 | region = local.region 6 | } 7 | 8 | ####---------------------------------------------------------------------------------- 9 | ## LOCALS 10 | ####---------------------------------------------------------------------------------- 11 | 12 | locals { 13 | name = "api" 14 | environment = "test" 15 | region = "us-east-1" 16 | domain_name = "clouddrove.ca" 17 | hosted_zone_id = "Z0xxxxxxxxxxxxxxEP" 18 | } 19 | ####---------------------------------------------------------------------------------- 20 | ## ACM 21 | ####---------------------------------------------------------------------------------- 22 | module "acm" { 23 | source = "clouddrove/acm/aws" 24 | version = "1.4.1" 25 | 26 | name = local.name 27 | environment = local.environment 28 | enable_aws_certificate = true 29 | domain_name = local.domain_name 30 | subject_alternative_names = ["*.${local.domain_name}"] 31 | validation_method = "DNS" 32 | enable_dns_validation = false 33 | } 34 | 35 | ####---------------------------------------------------------------------------------- 36 | ## LAMBDA 37 | ####---------------------------------------------------------------------------------- 38 | module "lambda" { 39 | source = "clouddrove/lambda/aws" 40 | version = "1.3.1" 41 | 42 | name = local.name 43 | environment = local.environment 44 | enable = true 45 | timeout = 60 46 | filename = "../lambda_packages/index.zip" 47 | handler = "index.lambda_handler" 48 | runtime = "python3.8" 49 | iam_actions = [ 50 | "logs:CreateLogStream", 51 | "logs:CreateLogGroup", 52 | "logs:PutLogEvents" 53 | ] 54 | names = [ 55 | "python_layer" 56 | ] 57 | compatible_runtimes = [ 58 | ["python3.8"] 59 | ] 60 | statement_ids = [ 61 | "AllowExecutionFromApiGateway" 62 | ] 63 | actions = [ 64 | "lambda:InvokeFunction" 65 | ] 66 | principals = [ 67 | "apigateway.amazonaws.com" 68 | ] 69 | variables = { 70 | foo = "bar" 71 | } 72 | } 73 | 74 | ####---------------------------------------------------------------------------------- 75 | ## API GATEWAY 76 | ####---------------------------------------------------------------------------------- 77 | module "api_gateway" { 78 | source = "../../." 79 | 80 | name = local.name 81 | environment = local.environment 82 | domain_name = "api.${local.domain_name}" 83 | domain_name_certificate_arn = module.acm.arn 84 | integration_uri = module.lambda.invoke_arn 85 | zone_id = local.hosted_zone_id 86 | auto_deploy = true 87 | stage_name = "$default" 88 | create_vpc_link_enabled = false 89 | create_http_api = true 90 | cors_configuration = { 91 | allow_credentials = true 92 | allow_methods = ["GET", "OPTIONS", "POST"] 93 | max_age = 5 94 | } 95 | integrations = { 96 | "ANY /" = { 97 | lambda_arn = module.lambda.arn 98 | payload_format_version = "2.0" 99 | timeout_milliseconds = 30000 100 | } 101 | "GET /some-route-with-authorizer" = { 102 | lambda_arn = module.lambda.arn 103 | payload_format_version = "1.0" 104 | authorizer_key = "cognito" 105 | } 106 | "POST /start-step-function" = { 107 | lambda_arn = module.lambda.arn 108 | payload_format_version = "1.0" 109 | authorizer_key = "cognito" 110 | } 111 | } 112 | } -------------------------------------------------------------------------------- /examples/http-api-gateway/outputs.tf: -------------------------------------------------------------------------------- 1 | output "api_id" { 2 | value = module.api_gateway.api_id 3 | description = "The API identifier." 4 | } 5 | 6 | output "api_arn" { 7 | value = module.api_gateway.api_arn 8 | description = "The API arn." 9 | } 10 | 11 | output "api_endpoint" { 12 | value = module.api_gateway.api_endpoint 13 | description = "The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com." 14 | } 15 | 16 | output "invoke_url" { 17 | value = module.api_gateway.invoke_url 18 | description = "URL to invoke the API pointing to the stage" 19 | } 20 | -------------------------------------------------------------------------------- /examples/http-api-gateway/version.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.1" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.20.0" 9 | } 10 | } 11 | } -------------------------------------------------------------------------------- /examples/lambda_packages/index.py: -------------------------------------------------------------------------------- 1 | import json 2 | def lambda_handler(event, context): 3 | print('Lambda function with Python!|') 4 | return { 5 | 'statusCode': 200, 6 | 'body': json.dumps('Hello from Lambda!') 7 | } 8 | -------------------------------------------------------------------------------- /examples/lambda_packages/index.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/clouddrove/terraform-aws-api-gateway/226598b35a0769d30c42fb7c1abdf3a68c583c74/examples/lambda_packages/index.zip -------------------------------------------------------------------------------- /examples/private-rest-api-gateway/example.tf: -------------------------------------------------------------------------------- 1 | ####---------------------------------------------------------------------------------- 2 | ## PROVIDER 3 | ####---------------------------------------------------------------------------------- 4 | 5 | provider "aws" { 6 | region = local.region 7 | } 8 | ####---------------------------------------------------------------------------------- 9 | ## LOCALS 10 | ####---------------------------------------------------------------------------------- 11 | 12 | locals { 13 | name = "api" 14 | environment = "test" 15 | region = "us-east-1" 16 | domain_name = "clouddrove.ca" 17 | hosted_zone_id = "Z015XXXXXXXXXXXXXXIEP" 18 | } 19 | ####---------------------------------------------------------------------------------- 20 | ## ACM 21 | ####---------------------------------------------------------------------------------- 22 | 23 | module "acm" { 24 | source = "clouddrove/acm/aws" 25 | version = "1.4.1" 26 | 27 | name = local.name 28 | environment = local.environment 29 | enable_aws_certificate = true 30 | domain_name = local.domain_name 31 | subject_alternative_names = ["*.${local.domain_name}"] 32 | validation_method = "DNS" 33 | enable_dns_validation = false 34 | } 35 | 36 | ####---------------------------------------------------------------------------------- 37 | ## LAMBDA 38 | ####---------------------------------------------------------------------------------- 39 | 40 | module "lambda" { 41 | source = "clouddrove/lambda/aws" 42 | version = "1.3.1" 43 | 44 | name = local.name 45 | environment = local.environment 46 | enable = true 47 | timeout = 60 48 | filename = "../lambda_packages/index.zip" 49 | handler = "index.lambda_handler" 50 | runtime = "python3.8" 51 | iam_actions = [ 52 | "logs:CreateLogStream", 53 | "logs:CreateLogGroup", 54 | "logs:PutLogEvents" 55 | ] 56 | names = [ 57 | "python_layer" 58 | ] 59 | compatible_runtimes = [ 60 | ["python3.8"] 61 | ] 62 | statement_ids = [ 63 | "AllowExecutionFromApiGateway" 64 | ] 65 | actions = [ 66 | "lambda:InvokeFunction" 67 | ] 68 | principals = [ 69 | "apigateway.amazonaws.com" 70 | ] 71 | variables = { 72 | foo = "bar" 73 | } 74 | } 75 | 76 | 77 | ####---------------------------------------------------------------------------------- 78 | ## VPC 79 | ####---------------------------------------------------------------------------------- 80 | 81 | module "vpc" { 82 | source = "clouddrove/vpc/aws" 83 | version = "2.0.0" 84 | 85 | name = "${local.name}-rest-api-private" 86 | environment = local.environment 87 | enable = true 88 | cidr_block = "10.0.0.0/16" 89 | 90 | } 91 | 92 | ####---------------------------------------------------------------------------------- 93 | ## SUBNETS 94 | ####---------------------------------------------------------------------------------- 95 | #tfsec:ignore:aws-ec2-no-excessive-port-access 96 | #tfsec:ignore:aws-ec2-no-public-ingress-acl 97 | module "subnets" { 98 | source = "clouddrove/subnet/aws" 99 | version = "2.0.1" 100 | 101 | name = "${local.name}-rest-api-private" 102 | environment = local.environment 103 | 104 | nat_gateway_enabled = true 105 | single_nat_gateway = true 106 | availability_zones = ["${local.region}a", "${local.region}b", "${local.region}c"] 107 | vpc_id = module.vpc.vpc_id 108 | type = "public-private" 109 | igw_id = module.vpc.igw_id 110 | cidr_block = module.vpc.vpc_cidr_block 111 | ipv6_cidr_block = module.vpc.ipv6_cidr_block 112 | enable_ipv6 = true 113 | private_inbound_acl_rules = [ 114 | { 115 | rule_number = 100 116 | rule_action = "allow" 117 | from_port = 0 118 | to_port = 0 119 | protocol = "-1" 120 | cidr_block = module.vpc.vpc_cidr_block 121 | } 122 | ] 123 | private_outbound_acl_rules = [ 124 | { 125 | rule_number = 100 126 | rule_action = "allow" 127 | from_port = 0 128 | to_port = 0 129 | protocol = "-1" 130 | cidr_block = module.vpc.vpc_cidr_block 131 | } 132 | ] 133 | public_inbound_acl_rules = [ 134 | { 135 | rule_number = 100 136 | rule_action = "allow" 137 | from_port = 0 138 | to_port = 0 139 | protocol = "-1" 140 | cidr_block = "0.0.0.0/0" 141 | } 142 | ] 143 | public_outbound_acl_rules = [ 144 | { 145 | rule_number = 100 146 | rule_action = "allow" 147 | from_port = 0 148 | to_port = 0 149 | protocol = "-1" 150 | cidr_block = "0.0.0.0/0" 151 | } 152 | ] 153 | 154 | } 155 | 156 | ####---------------------------------------------------------------------------------- 157 | ## SECURITY GROUP 158 | ####---------------------------------------------------------------------------------- 159 | 160 | module "security_group" { 161 | source = "clouddrove/security-group/aws" 162 | version = "2.0.0" 163 | 164 | name = "${local.name}-rest-api-private" 165 | environment = local.environment 166 | 167 | vpc_id = module.vpc.vpc_id 168 | new_sg_ingress_rules_with_cidr_blocks = [ 169 | { 170 | rule_count = 1 171 | from_port = 0 172 | protocol = "-1" 173 | to_port = 0 174 | cidr_blocks = [module.vpc.vpc_cidr_block] 175 | description = "Allow all traffic from ${local.environment} VPC." 176 | } 177 | ] 178 | new_sg_egress_rules_with_cidr_blocks = [ 179 | { 180 | rule_count = 1 181 | from_port = 0 182 | protocol = "-1" 183 | to_port = 0 184 | cidr_blocks = [module.vpc.vpc_cidr_block] 185 | description = "Allow all outbound traffic." 186 | } 187 | ] 188 | } 189 | 190 | 191 | ####---------------------------------------------------------------------------------- 192 | ## REST API PRIVATE 193 | ####---------------------------------------------------------------------------------- 194 | 195 | module "rest_api_private" { 196 | source = "../../." 197 | 198 | name = "${local.name}-rest-api-private" 199 | environment = local.environment 200 | enabled = true 201 | create_rest_api = true 202 | rest_api_endpoint_type = "PRIVATE" 203 | rest_api_description = "Private REST API for ${module.lambda.name} lambda function" 204 | integration_uri = module.lambda.invoke_arn 205 | rest_api_stage_name = "default" 206 | auto_deploy = true 207 | rest_api_base_path = "test" 208 | domain_name = "api.${local.domain_name}" 209 | zone_id = local.hosted_zone_id 210 | 211 | # -- VPC Endpoint configuration 212 | vpc_id = module.vpc.vpc_id 213 | subnet_ids = module.subnets.private_subnet_id 214 | security_group_ids = [module.security_group.security_group_id] 215 | service_name = "com.amazonaws.${local.region}.execute-api" 216 | vpc_endpoint_type = "Interface" 217 | private_dns_enabled = true 218 | domain_name_certificate_arn = module.acm.arn 219 | 220 | #---access log---- 221 | enable_access_logs = true 222 | retention_in_days = 7 223 | } 224 | 225 | 226 | -------------------------------------------------------------------------------- /examples/private-rest-api-gateway/outputs.tf: -------------------------------------------------------------------------------- 1 | ##------------------------------------------------------------- 2 | # REST API PRIVATE 3 | ##------------------------------------------------------------- 4 | 5 | output "private_rest_api_id" { 6 | value = module.rest_api_private.rest_api_id 7 | description = " The ID of the REST API" 8 | 9 | } 10 | 11 | output "private_rest_api_arn" { 12 | value = module.rest_api_private.rest_api_arn 13 | description = "The Rest api arn" 14 | 15 | } 16 | 17 | output "private_rest_api_invoke_url" { 18 | value = module.rest_api_private.rest_api_invoke_url 19 | description = "The URL to invoke the API pointing to the stage" 20 | 21 | } -------------------------------------------------------------------------------- /examples/private-rest-api-gateway/versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.1" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.20.0" 9 | } 10 | } 11 | } -------------------------------------------------------------------------------- /examples/rest-api-gateway/example.tf: -------------------------------------------------------------------------------- 1 | ####---------------------------------------------------------------------------------- 2 | ## PROVIDER 3 | ####---------------------------------------------------------------------------------- 4 | provider "aws" { 5 | region = local.region 6 | } 7 | 8 | ####---------------------------------------------------------------------------------- 9 | ## LOCALS 10 | ####---------------------------------------------------------------------------------- 11 | 12 | locals { 13 | name = "api" 14 | environment = "test" 15 | region = "us-east-1" 16 | domain_name = "clouddrove.ca" 17 | hosted_zone_id = "Z015XXXXXXXXXXXXXXIEP" 18 | } 19 | ####---------------------------------------------------------------------------------- 20 | ## ACM 21 | ####---------------------------------------------------------------------------------- 22 | module "acm" { 23 | source = "clouddrove/acm/aws" 24 | version = "1.4.1" 25 | 26 | name = local.name 27 | environment = local.environment 28 | enable_aws_certificate = true 29 | domain_name = local.domain_name 30 | subject_alternative_names = ["*.${local.domain_name}"] 31 | validation_method = "DNS" 32 | enable_dns_validation = false 33 | } 34 | 35 | ####---------------------------------------------------------------------------------- 36 | ## LAMBDA 37 | ####---------------------------------------------------------------------------------- 38 | module "lambda" { 39 | source = "clouddrove/lambda/aws" 40 | version = "1.3.1" 41 | 42 | name = local.name 43 | environment = local.environment 44 | enable = true 45 | timeout = 60 46 | filename = "../lambda_packages/index.zip" 47 | handler = "index.lambda_handler" 48 | runtime = "python3.8" 49 | iam_actions = [ 50 | "logs:CreateLogStream", 51 | "logs:CreateLogGroup", 52 | "logs:PutLogEvents" 53 | ] 54 | names = [ 55 | "python_layer" 56 | ] 57 | compatible_runtimes = [ 58 | ["python3.8"] 59 | ] 60 | statement_ids = [ 61 | "AllowExecutionFromApiGateway" 62 | ] 63 | actions = [ 64 | "lambda:InvokeFunction" 65 | ] 66 | principals = [ 67 | "apigateway.amazonaws.com" 68 | ] 69 | variables = { 70 | foo = "bar" 71 | } 72 | } 73 | 74 | 75 | ####---------------------------------------------------------------------------------- 76 | ## REST API 77 | ####---------------------------------------------------------------------------------- 78 | 79 | module "rest_api" { 80 | source = "../../." 81 | 82 | name = "${local.name}-rest-api" 83 | environment = local.environment 84 | create_rest_api = true 85 | domain_name_certificate_arn = module.acm.arn 86 | domain_name = "api.${local.domain_name}" 87 | zone_id = local.hosted_zone_id 88 | rest_api_description = "REST API for ${module.lambda.name} lambda function" 89 | rest_api_endpoint_type = "REGIONAL" 90 | integration_uri = module.lambda.invoke_arn 91 | rest_api_stage_name = "default" 92 | api_resources = { 93 | users = { 94 | path_part = "users" 95 | http_method = "ANY" 96 | uri = module.lambda.invoke_arn 97 | 98 | }, 99 | cards = { 100 | path_part = "cards" 101 | http_method = "ANY" 102 | uri = module.lambda.invoke_arn 103 | } 104 | } 105 | 106 | #---access log---- 107 | enable_access_logs = true 108 | retention_in_days = 7 109 | } 110 | 111 | 112 | 113 | 114 | 115 | 116 | -------------------------------------------------------------------------------- /examples/rest-api-gateway/outputs.tf: -------------------------------------------------------------------------------- 1 | ##------------------------------------------------------------- 2 | # REST API 3 | ##------------------------------------------------------------- 4 | 5 | output "rest_api_id" { 6 | value = module.rest_api.rest_api_id 7 | description = " The ID of the REST API" 8 | 9 | } 10 | 11 | output "rest_api_arn" { 12 | value = module.rest_api.rest_api_arn 13 | description = "The Rest api arn" 14 | } 15 | 16 | output "rest_api_invoke_url" { 17 | value = module.rest_api.rest_api_invoke_url 18 | description = "The URL to invoke the API pointing to the stage" 19 | 20 | } 21 | 22 | 23 | -------------------------------------------------------------------------------- /examples/rest-api-gateway/versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.1" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.20.0" 9 | } 10 | } 11 | } -------------------------------------------------------------------------------- /examples/vpc_link_api/example.tf: -------------------------------------------------------------------------------- 1 | ####---------------------------------------------------------------------------------- 2 | ## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS. 3 | ####---------------------------------------------------------------------------------- 4 | provider "aws" { 5 | region = "eu-west-1" 6 | } 7 | 8 | locals { 9 | vpc_cidr_block = module.vpc.vpc_cidr_block 10 | additional_cidr_block = "172.16.0.0/16" 11 | name = "api" 12 | environment = "test" 13 | } 14 | ####---------------------------------------------------------------------------------- 15 | ## A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center. 16 | ####---------------------------------------------------------------------------------- 17 | module "vpc" { 18 | source = "clouddrove/vpc/aws" 19 | version = "2.0.0" 20 | 21 | name = local.name 22 | environment = local.environment 23 | cidr_block = "172.16.0.0/16" 24 | } 25 | 26 | ####---------------------------------------------------------------------------------- 27 | ## A subnet is a range of IP addresses in your VPC. 28 | ####---------------------------------------------------------------------------------- 29 | #tfsec:ignore:aws-ec2-no-public-ip-subnet 30 | module "public_subnets" { 31 | source = "clouddrove/subnet/aws" 32 | version = "2.0.1" 33 | 34 | name = local.name 35 | environment = local.environment 36 | availability_zones = ["eu-west-1b", "eu-west-1c"] 37 | vpc_id = module.vpc.vpc_id 38 | cidr_block = module.vpc.vpc_cidr_block 39 | type = "public" 40 | igw_id = module.vpc.igw_id 41 | ipv6_cidr_block = module.vpc.ipv6_cidr_block 42 | } 43 | 44 | ##---------------------------------------------------------------------------------- 45 | ## Below module will create SECURITY-GROUP and its components. 46 | ##---------------------------------------------------------------------------------- 47 | 48 | # ################################################################################ 49 | # Security Groups module call 50 | ################################################################################ 51 | 52 | module "ssh" { 53 | source = "clouddrove/security-group/aws" 54 | version = "2.0.0" 55 | 56 | name = local.name 57 | environment = local.environment 58 | vpc_id = module.vpc.vpc_id 59 | new_sg_ingress_rules_with_cidr_blocks = [{ 60 | rule_count = 1 61 | from_port = 22 62 | protocol = "tcp" 63 | to_port = 22 64 | cidr_blocks = [local.vpc_cidr_block, local.additional_cidr_block] 65 | description = "Allow ssh traffic." 66 | }] 67 | 68 | ## EGRESS Rules 69 | new_sg_egress_rules_with_cidr_blocks = [{ 70 | rule_count = 1 71 | from_port = 22 72 | protocol = "tcp" 73 | to_port = 22 74 | cidr_blocks = [local.vpc_cidr_block, local.additional_cidr_block] 75 | description = "Allow ssh outbound traffic." 76 | }] 77 | } 78 | 79 | #tfsec:ignore:aws-ec2-no-public-egress-sgr 80 | module "http_https" { 81 | source = "clouddrove/security-group/aws" 82 | version = "2.0.0" 83 | 84 | name = local.name 85 | environment = local.environment 86 | vpc_id = module.vpc.vpc_id 87 | ## INGRESS Rules 88 | new_sg_ingress_rules_with_cidr_blocks = [{ 89 | rule_count = 1 90 | from_port = 22 91 | protocol = "tcp" 92 | to_port = 22 93 | cidr_blocks = [local.vpc_cidr_block] 94 | description = "Allow ssh traffic." 95 | }, 96 | { 97 | rule_count = 2 98 | from_port = 80 99 | protocol = "tcp" 100 | to_port = 80 101 | cidr_blocks = [local.vpc_cidr_block] 102 | description = "Allow http traffic." 103 | }, 104 | { 105 | rule_count = 3 106 | from_port = 443 107 | protocol = "tcp" 108 | to_port = 443 109 | cidr_blocks = [local.vpc_cidr_block] 110 | description = "Allow https traffic." 111 | }, 112 | { 113 | rule_count = 3 114 | from_port = 3306 115 | protocol = "tcp" 116 | to_port = 3306 117 | cidr_blocks = [local.vpc_cidr_block] 118 | description = "Allow https traffic." 119 | } 120 | ] 121 | 122 | ## EGRESS Rules 123 | new_sg_egress_rules_with_cidr_blocks = [{ 124 | rule_count = 1 125 | from_port = 0 126 | protocol = "-1" 127 | to_port = 0 128 | cidr_blocks = ["0.0.0.0/0"] 129 | ipv6_cidr_blocks = ["::/0"] 130 | description = "Allow all traffic." 131 | } 132 | ] 133 | } 134 | 135 | ####---------------------------------------------------------------------------------- 136 | ## This terraform module is designed to generate consistent label names and tags for resources. 137 | ####---------------------------------------------------------------------------------- 138 | module "acm" { 139 | source = "clouddrove/acm/aws" 140 | version = "1.4.1" 141 | 142 | name = local.name 143 | environment = local.environment 144 | enable_aws_certificate = true 145 | domain_name = "clouddrove.ca" 146 | subject_alternative_names = ["*.clouddrove.ca"] 147 | validation_method = "DNS" 148 | enable_dns_validation = false 149 | } 150 | 151 | ####---------------------------------------------------------------------------------- 152 | ## This terraform module is designed to generate consistent label names and tags for resources. 153 | ####---------------------------------------------------------------------------------- 154 | module "lambda" { 155 | source = "clouddrove/lambda/aws" 156 | version = "1.3.1" 157 | 158 | name = local.name 159 | environment = local.environment 160 | enable = true 161 | timeout = 60 162 | filename = "./lambda_packages" 163 | handler = "index.lambda_handler" 164 | runtime = "python3.8" 165 | iam_actions = [ 166 | "logs:CreateLogStream", 167 | "logs:CreateLogGroup", 168 | "logs:PutLogEvents" 169 | ] 170 | names = [ 171 | "python_layer" 172 | ] 173 | layer_filenames = ["./lambda-test.zip"] 174 | compatible_runtimes = [ 175 | ["python3.8"] 176 | ] 177 | statement_ids = [ 178 | "AllowExecutionFromCloudWatch" 179 | ] 180 | actions = [ 181 | "lambda:InvokeFunction" 182 | ] 183 | principals = [ 184 | "events.amazonaws.com" 185 | ] 186 | source_arns = [module.api_gateway.api_arn] 187 | variables = { 188 | foo = "bar" 189 | } 190 | } 191 | 192 | ####---------------------------------------------------------------------------------- 193 | ## This terraform module is designed to generate consistent label names and tags for resources with vpc_link. 194 | ####---------------------------------------------------------------------------------- 195 | module "api_gateway" { 196 | source = "./../../" 197 | 198 | name = local.name 199 | environment = local.environment 200 | domain_name = "clouddrove.ca" 201 | create_vpc_link_enabled = true 202 | zone_id = "1`23456059QJZ25345678" 203 | integration_uri = module.lambda.arn 204 | domain_name_certificate_arn = module.acm.arn 205 | subnet_ids = tolist(module.public_subnets.public_subnet_id) 206 | security_group_ids = [module.ssh.security_group_id, module.http_https.security_group_id] 207 | cors_configuration = { 208 | allow_credentials = true 209 | allow_methods = ["GET", "OPTIONS", "POST"] 210 | max_age = 5 211 | } 212 | integrations = { 213 | "ANY /" = { 214 | lambda_arn = module.lambda.arn 215 | payload_format_version = "2.0" 216 | timeout_milliseconds = 12000 217 | } 218 | "GET /some-route-with-authorizer" = { 219 | lambda_arn = module.lambda.arn 220 | payload_format_version = "2.0" 221 | authorizer_key = "cognito" 222 | } 223 | "POST /start-step-function" = { 224 | lambda_arn = module.lambda.arn 225 | payload_format_version = "2.0" 226 | authorizer_key = "cognito" 227 | } 228 | } 229 | } -------------------------------------------------------------------------------- /examples/vpc_link_api/lambda-test.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/clouddrove/terraform-aws-api-gateway/226598b35a0769d30c42fb7c1abdf3a68c583c74/examples/vpc_link_api/lambda-test.zip -------------------------------------------------------------------------------- /examples/vpc_link_api/lambda_packages/index.py: -------------------------------------------------------------------------------- 1 | import os 2 | import json 3 | 4 | def lambda_handler(event, context): 5 | json_region = os.environ['AWS_REGION'] 6 | return { 7 | "statusCode": 200, 8 | "headers": { 9 | "Content-Type": "application/json" 10 | }, 11 | "body": json.dumps({ 12 | "Region ": json_region 13 | }) 14 | } 15 | -------------------------------------------------------------------------------- /examples/vpc_link_api/outputs.tf: -------------------------------------------------------------------------------- 1 | output "api_id" { 2 | value = join("", module.api_gateway[*].api_id) 3 | description = "The API identifier." 4 | } 5 | 6 | output "api_arn" { 7 | value = join("", module.api_gateway[*].api_arn) 8 | description = "The API arn." 9 | } 10 | 11 | output "api_endpoint" { 12 | value = join("", module.api_gateway[*].api_endpoint) 13 | description = "The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com." 14 | } 15 | 16 | output "invoke_url" { 17 | value = join("", module.api_gateway[*].invoke_url) 18 | description = "URL to invoke the API pointing to the stage" 19 | } -------------------------------------------------------------------------------- /examples/vpc_link_api/versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.1" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.20.0" 9 | } 10 | } 11 | } -------------------------------------------------------------------------------- /main.tf: -------------------------------------------------------------------------------- 1 | ##---------------------------------------------------------------------------------- 2 | ## Labels module callled that will be used for naming and tags. 3 | ##---------------------------------------------------------------------------------- 4 | module "labels" { 5 | source = "clouddrove/labels/aws" 6 | version = "1.3.0" 7 | 8 | name = var.name 9 | environment = var.environment 10 | managedby = var.managedby 11 | label_order = var.label_order 12 | repository = var.repository 13 | } 14 | 15 | ##---------------------------------------------------------------------------------- 16 | ## Below resource will Manages an Amazon API Gateway Version 2 API. 17 | ##---------------------------------------------------------------------------------- 18 | resource "aws_apigatewayv2_api" "default" { 19 | count = var.enabled && var.create_http_api ? 1 : 0 20 | 21 | name = module.labels.id 22 | description = var.api_description 23 | protocol_type = var.protocol_type 24 | version = var.api_version 25 | body = var.body 26 | route_selection_expression = var.route_selection_expression 27 | api_key_selection_expression = var.api_key_selection_expression 28 | route_key = var.route_key 29 | credentials_arn = var.credentials_arn 30 | target = var.target 31 | dynamic "cors_configuration" { 32 | for_each = length(keys(var.cors_configuration)) == 0 ? [] : [var.cors_configuration] 33 | content { 34 | allow_credentials = try(cors_configuration.value.allow_credentials, null) 35 | allow_headers = try(cors_configuration.value.allow_headers, null) 36 | allow_methods = try(cors_configuration.value.allow_methods, null) 37 | allow_origins = try(cors_configuration.value.allow_origins, null) 38 | expose_headers = try(cors_configuration.value.expose_headers, null) 39 | max_age = try(cors_configuration.value.max_age, null) 40 | } 41 | } 42 | tags = module.labels.tags 43 | } 44 | 45 | ##---------------------------------------------------------------------------------- 46 | ## Below resource will Manages an Amazon API Gateway Version 2 domain name. 47 | ##---------------------------------------------------------------------------------- 48 | resource "aws_apigatewayv2_domain_name" "default" { 49 | count = var.enabled && var.create_api_domain_name_enabled && (var.create_http_api || var.create_rest_api) ? 1 : 0 50 | 51 | domain_name = var.domain_name 52 | domain_name_configuration { 53 | certificate_arn = var.domain_name_certificate_arn 54 | ownership_verification_certificate_arn = var.domain_name_ownership_verification_certificate_arn 55 | endpoint_type = "REGIONAL" 56 | security_policy = "TLS_1_2" 57 | } 58 | 59 | dynamic "mutual_tls_authentication" { 60 | for_each = var.mutual_tls_authentication 61 | content { 62 | truststore_uri = mutual_tls_authentication.value.truststore_uri 63 | truststore_version = lookup(mutual_tls_authentication.value.truststore_version, null) 64 | } 65 | } 66 | 67 | tags = module.labels.tags 68 | } 69 | 70 | ##---------------------------------------------------------------------------------- 71 | ## Below Provides a Route53 record resource. 72 | ##---------------------------------------------------------------------------------- 73 | resource "aws_route53_record" "default" { 74 | count = var.enabled && (var.create_http_api || var.create_rest_api) && var.rest_api_endpoint_type != "PRIVATE" ? 1 : 0 75 | 76 | name = join("", aws_apigatewayv2_domain_name.default[*].domain_name) 77 | type = "A" 78 | zone_id = var.zone_id 79 | alias { 80 | name = join("", aws_apigatewayv2_domain_name.default[*].domain_name_configuration[0].target_domain_name) 81 | zone_id = join("", aws_apigatewayv2_domain_name.default[*].domain_name_configuration[0].hosted_zone_id) 82 | evaluate_target_health = false 83 | } 84 | } 85 | 86 | ##---------------------------------------------------------------------------------- 87 | ## Below Manages an Amazon API Gateway Version 2 stage. 88 | ##---------------------------------------------------------------------------------- 89 | #tfsec:ignore:aws-api-gateway-enable-access-logging 90 | resource "aws_apigatewayv2_stage" "default" { 91 | count = var.enabled && var.create_default_stage_enabled && var.create_http_api ? 1 : 0 92 | 93 | api_id = aws_apigatewayv2_api.default[0].id 94 | name = var.stage_name != null ? var.stage_name : format("%s-stage", module.labels.id) 95 | auto_deploy = var.auto_deploy 96 | 97 | dynamic "access_log_settings" { 98 | for_each = var.access_log_settings 99 | content { 100 | destination_arn = var.default_stage_access_log_destination_arn 101 | format = var.default_stage_access_log_format 102 | } 103 | } 104 | 105 | dynamic "default_route_settings" { 106 | for_each = var.default_route_settings 107 | 108 | content { 109 | data_trace_enabled = lookup(default_route_settings.value.data_trace_enabled, false) 110 | logging_level = lookup(default_route_settings.value.logging_level, null) 111 | 112 | detailed_metrics_enabled = lookup(default_route_settings.value.detailed_metrics_enabled, false) 113 | throttling_burst_limit = lookup(default_route_settings.value.throttling_burst_limit, null) 114 | throttling_rate_limit = lookup(default_route_settings.value.throttling_rate_limit, null) 115 | } 116 | } 117 | 118 | dynamic "route_settings" { 119 | for_each = var.route_settings 120 | content { 121 | route_key = route_settings.key 122 | data_trace_enabled = lookup(route_settings.value, "data_trace_enabled", false) 123 | logging_level = lookup(route_settings.value, "logging_level", null) 124 | detailed_metrics_enabled = lookup(route_settings.value, "detailed_metrics_enabled", false) 125 | throttling_burst_limit = lookup(route_settings.value, "throttling_burst_limit", null) 126 | throttling_rate_limit = lookup(route_settings.value, "throttling_rate_limit", null) 127 | } 128 | } 129 | 130 | tags = module.labels.tags 131 | } 132 | 133 | ##---------------------------------------------------------------------------------- 134 | ## Below resource will Manages an Amazon API Gateway Version 2 API mapping. 135 | ##---------------------------------------------------------------------------------- 136 | resource "aws_apigatewayv2_api_mapping" "default" { 137 | count = var.enabled && var.apigatewayv2_api_mapping_enabled && var.create_http_api ? 1 : 0 138 | 139 | api_id = join("", aws_apigatewayv2_api.default[*].id) 140 | domain_name = join("", aws_apigatewayv2_domain_name.default[*].id) 141 | stage = join("", aws_apigatewayv2_stage.default[*].id) 142 | } 143 | 144 | ##---------------------------------------------------------------------------------- 145 | ## Below resource will Manages an Amazon API Gateway Version 2 route. 146 | ##---------------------------------------------------------------------------------- 147 | resource "aws_apigatewayv2_route" "default" { 148 | for_each = var.enabled && var.create_routes_and_integrations_enabled && var.create_http_api ? var.integrations : {} 149 | 150 | api_id = aws_apigatewayv2_api.default[0].id 151 | route_key = each.key 152 | 153 | api_key_required = try(each.value.api_key_required, null) 154 | authorization_scopes = try(split(",", each.value.authorization_scopes), null) 155 | authorization_type = try(each.value.authorization_type, "NONE") 156 | authorizer_id = try(aws_apigatewayv2_authorizer.default[each.value.authorizer_key].id, each.value.authorizer_id, null) 157 | model_selection_expression = try(each.value.model_selection_expression, null) 158 | operation_name = try(each.value.operation_name, null) 159 | route_response_selection_expression = try(each.value.route_response_selection_expression, null) 160 | target = "integrations/${(aws_apigatewayv2_integration.default[each.key].id)}" 161 | } 162 | 163 | ##---------------------------------------------------------------------------------- 164 | ## Below resource will Manages an Amazon API Gateway Version 2 integration. 165 | ##---------------------------------------------------------------------------------- 166 | 167 | resource "aws_apigatewayv2_integration" "default" { 168 | for_each = var.enabled && var.create_routes_and_integrations_enabled && var.create_http_api ? var.integrations : {} 169 | 170 | api_id = join("", aws_apigatewayv2_api.default[*].id) 171 | integration_type = var.integration_type 172 | connection_type = var.connection_type 173 | description = var.integration_description 174 | integration_method = var.integration_method 175 | integration_uri = var.integration_uri 176 | passthrough_behavior = var.passthrough_behavior 177 | payload_format_version = try(each.value.payload_format_version, null) 178 | } 179 | 180 | ##---------------------------------------------------------------------------------- 181 | ## Below resource will Manages an Amazon API Gateway Version 2 authorizer. 182 | ##---------------------------------------------------------------------------------- 183 | resource "aws_apigatewayv2_authorizer" "default" { 184 | for_each = var.enabled && var.create_routes_and_integrations_enabled && var.create_http_api ? var.authorizers : {} 185 | 186 | api_id = aws_apigatewayv2_api.default[0].id 187 | authorizer_type = lookup(each.value.authorizer_type, null) 188 | identity_sources = lookup(flatten([each.value.identity_sources]), null) 189 | name = lookup(each.value.name, null) 190 | authorizer_uri = lookup(each.value.authorizer_uri, null) 191 | authorizer_payload_format_version = lookup(each.value.authorizer_payload_format_version, null) 192 | authorizer_result_ttl_in_seconds = lookup(each.value.authorizer_result_ttl_in_seconds, null) 193 | authorizer_credentials_arn = lookup(each.value.authorizer_credentials_arn, null) 194 | enable_simple_responses = lookup(each.value.enable_simple_responses, null) 195 | } 196 | 197 | ##---------------------------------------------------------------------------------- 198 | ## Below resource will Manages an Amazon API Gateway Version 2 VPC Link. 199 | ##---------------------------------------------------------------------------------- 200 | resource "aws_apigatewayv2_vpc_link" "default" { 201 | for_each = var.enabled && var.create_vpc_link_enabled && var.create_http_api ? var.vpc_links : {} 202 | 203 | name = format("%s", module.labels.id) 204 | security_group_ids = var.security_group_ids 205 | subnet_ids = var.subnet_ids 206 | tags = module.labels.tags 207 | 208 | } 209 | 210 | ##---------------------------------------------------------------------------------- 211 | ## Below resource will Manages an Amazon API Gateway Version 2 authorizer. 212 | ##---------------------------------------------------------------------------------- 213 | resource "aws_apigatewayv2_authorizer" "some_authorizer" { 214 | count = var.enabled && var.create_routes_and_integrations_enabled && var.create_http_api ? 1 : 0 215 | 216 | api_id = aws_apigatewayv2_api.default[0].id 217 | authorizer_type = var.authorizer_type 218 | identity_sources = var.identity_sources 219 | name = module.labels.id 220 | jwt_configuration { 221 | audience = ["example"] 222 | issuer = "https://${aws_cognito_user_pool.default.endpoint}" 223 | } 224 | } 225 | 226 | ##---------------------------------------------------------------------------------- 227 | ## Below resource will Provides a Cognito User Pool resource. 228 | ##---------------------------------------------------------------------------------- 229 | resource "aws_cognito_user_pool" "default" { 230 | name = module.labels.id 231 | } 232 | 233 | ##---------------------------------------------------------------------------------- 234 | ## Below resource will Provides a REST API resource. 235 | ##---------------------------------------------------------------------------------- 236 | resource "aws_api_gateway_rest_api" "rest_api" { 237 | count = var.enabled && var.create_rest_api ? 1 : 0 238 | 239 | name = module.labels.id 240 | description = var.rest_api_description 241 | tags = module.labels.tags 242 | 243 | endpoint_configuration { 244 | types = [var.rest_api_endpoint_type] 245 | vpc_endpoint_ids = var.rest_api_endpoint_type == "PRIVATE" ? (var.create_vpc_endpoint ? [aws_vpc_endpoint.rest_api_private[0].id] : var.vpc_endpoint_id) : null 246 | } 247 | } 248 | 249 | ##-------------------------------------------------------------------------------- 250 | # Resource Policy for [aws_api_gateway_rest_api.rest_api] 251 | ##-------------------------------------------------------------------------------- 252 | resource "aws_api_gateway_rest_api_policy" "rest_api_resource_policy" { 253 | count = var.enabled && var.create_rest_api && var.rest_api_endpoint_type == "PRIVATE" ? 1 : 0 254 | 255 | rest_api_id = aws_api_gateway_rest_api.rest_api[0].id 256 | policy = var.rest_api_resource_policy != "" ? var.rest_api_resource_policy : <