├── .gitignore ├── .pre-commit-config.yaml ├── LICENSE ├── README.md ├── main.tf ├── modules ├── api │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── lambda │ ├── main.tf │ ├── outputs.tf │ └── variables.tf └── vpc │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── outputs.tf └── variables.tf /.gitignore: -------------------------------------------------------------------------------- 1 | *.sublime-workspace 2 | *.sublime-project 3 | 4 | # Created by https://www.gitignore.io/api/terraform 5 | 6 | ### Terraform ### 7 | # Terraform - https://terraform.io/ 8 | .terraform 9 | terraform.tfstate 10 | terraform.tfstate.backup 11 | *.tfvars 12 | 13 | # End of https://www.gitignore.io/api/terraform 14 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | repos: 2 | - repo: https://github.com/kintoandar/pre-commit.git 3 | sha: v2.1.0 4 | hooks: 5 | - id: terraform_validate 6 | 7 | - repo: https://github.com/antonbabenko/pre-commit-terraform.git 8 | sha: v1.5.0 9 | hooks: 10 | - id: terraform_fmt 11 | 12 | - repo: git://github.com/pre-commit/pre-commit-hooks 13 | sha: v1.2.0 14 | hooks: 15 | - id: check-added-large-files 16 | - id: check-case-conflict 17 | - id: check-json 18 | - id: check-merge-conflict 19 | - id: check-yaml 20 | - id: debug-statements 21 | - id: detect-private-key 22 | - id: double-quote-string-fixer 23 | - id: forbid-new-submodules 24 | - id: trailing-whitespace 25 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2018, Andrew Griffiths 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | * Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | * Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | * Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Terraform AWS Lambda API Gateway 2 | 3 | ### Features 4 | - Uploads lambda zip bundle to AWS S3 during `terraform apply` 5 | - Creates VPC with private and public subnets 6 | - Deploys lambda function into private subnet (behind NAT Gateway) 7 | 8 | ## Example Usage 9 | ```hcl 10 | module "lambda_api_gateway" { 11 | source = "git@github.com:techjacker/terraform-aws-lambda-api-gateway" 12 | 13 | # tags 14 | project = "todo-mvc" 15 | service = "acme-corp" 16 | owner = "Roadrunner" 17 | costcenter = "acme-abc" 18 | 19 | # vpc 20 | vpc_cidr = "10.0.0.0/16" 21 | public_subnets_cidr = ["10.0.1.0/24", "10.0.2.0/24"] 22 | private_subnets_cidr = ["10.0.3.0/24", "10.0.4.0/24"] 23 | nat_cidr = ["10.0.5.0/24", "10.0.6.0/24"] 24 | igw_cidr = "10.0.8.0/24" 25 | azs = ["eu-west-1a", "eu-west-1b"] 26 | 27 | # lambda 28 | lambda_zip_path = "dist/todo-mvc.zip" 29 | lambda_handler = "entry.run_app" 30 | lambda_runtime = "python3.6" 31 | lambda_function_name = "HttpWebserver" 32 | 33 | # API gateway 34 | region = "eu-west-1" 35 | account_id = "123456789" 36 | } 37 | ``` 38 | 39 | ## Deployment 40 | 1. Run build process to create lambda zip bundle locally 41 | 2. Update terraform variable `lambda_zip_path` with path to zip bundle on local machine 42 | 3. Provide values for other required terraform variables 43 | 4. Create/Select terraform workspace on 1st/subsequent deployments 44 | 5. Deploy with `$ terraform apply` 45 | 46 | ### Example Deployment Script 47 | ```Shell 48 | #!/usr/bin/env bash 49 | 50 | if [[ ! -d .terraform ]]; then 51 | terraform init 52 | fi 53 | if ! terraform workspace list 2>&1 | grep -qi "$ENVIRONMENT"; then 54 | terraform workspace new "$ENVIRONMENT" 55 | fi 56 | terraform workspace select "$ENVIRONMENT" 57 | terraform get 58 | terraform apply \ 59 | -var "lambda_zip_path=$LAMBDA_ZIP_PATH" \ 60 | -var "region=$REGION" \ 61 | -var "account_id=$ACCOUNT_ID" 62 | ``` 63 | 64 | 65 | 66 | 67 | -------------------------------------------------------------------------------- /main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "${var.region}" 3 | } 4 | 5 | #################### 6 | # VPC 7 | #################### 8 | module "vpc_subnets" { 9 | name = "${var.project}-${terraform.env}-vpc" 10 | source = "./modules/vpc" 11 | environment = "${terraform.env}" 12 | enable_dns_support = true 13 | enable_dns_hostnames = true 14 | vpc_cidr = "${var.vpc_cidr}" 15 | public_subnets_cidr = "${var.public_subnets_cidr}" 16 | private_subnets_cidr = "${var.private_subnets_cidr}" 17 | nat_cidr = "${var.nat_cidr}" 18 | igw_cidr = "${var.igw_cidr}" 19 | azs = "${var.azs}" 20 | project = "${var.project}" 21 | service = "${var.service}" 22 | owner = "${var.owner}" 23 | costcenter = "${var.costcenter}" 24 | } 25 | 26 | resource "aws_security_group" "all" { 27 | name = "all" 28 | 29 | ingress { 30 | from_port = 0 31 | to_port = 0 32 | protocol = "-1" 33 | cidr_blocks = ["0.0.0.0/0"] 34 | } 35 | 36 | egress { 37 | from_port = 0 38 | to_port = 0 39 | protocol = "-1" 40 | cidr_blocks = ["0.0.0.0/0"] 41 | } 42 | 43 | vpc_id = "${module.vpc_subnets.vpc_id}" 44 | 45 | tags { 46 | Environment = "${terraform.env}" 47 | Project = "${var.project}" 48 | Owner = "${var.owner}" 49 | CostCenter = "${var.costcenter}" 50 | managed_by = "terraform" 51 | service = "${var.service}" 52 | } 53 | } 54 | 55 | #################### 56 | # API 57 | #################### 58 | module "api" { 59 | name = "${module.lambda.name}" 60 | source = "./modules/api" 61 | method = "ANY" 62 | lambda = "${module.lambda.name}" 63 | lambda_arn = "${module.lambda.arn}" 64 | region = "${var.region}" 65 | account_id = "${var.account_id}" 66 | stage_name = "${terraform.env}" 67 | } 68 | 69 | #################### 70 | # Lambda 71 | #################### 72 | module "lambda" { 73 | source = "./modules/lambda" 74 | s3_bucket = "${aws_s3_bucket.lambda_repo.bucket}" 75 | s3_key = "${var.lambda_zip_path}" 76 | hash = "${data.aws_s3_bucket_object.lambda_dist_hash.etag}" 77 | function_name = "${var.project}-${terraform.env}-${var.lambda_function_name}" 78 | handler = "${var.lambda_handler}" 79 | runtime = "${var.lambda_runtime}" 80 | role = "${aws_iam_role.lambda_role.arn}" 81 | memory = "${var.lambda_memory}" 82 | database_uri = "" 83 | 84 | # database_uri = "${module.rds_instance.url}" 85 | 86 | subnet_ids = ["${module.vpc_subnets.nat_subnet_id}"] 87 | security_group_ids = ["${aws_security_group.all.id}"] 88 | } 89 | 90 | resource "aws_s3_bucket" "lambda_repo" { 91 | bucket = "lambda-repo-${var.project}-${terraform.env}" 92 | region = "${var.region}" 93 | } 94 | 95 | resource "aws_s3_bucket_object" "lambda_dist" { 96 | bucket = "${aws_s3_bucket.lambda_repo.bucket}" 97 | key = "${var.lambda_zip_path}" 98 | source = "${var.lambda_zip_path}" 99 | etag = "${md5(file(var.lambda_zip_path))}" 100 | } 101 | 102 | data "aws_s3_bucket_object" "lambda_dist_hash" { 103 | bucket = "${aws_s3_bucket.lambda_repo.bucket}" 104 | key = "${var.lambda_zip_path}" 105 | depends_on = ["aws_s3_bucket_object.lambda_dist"] 106 | } 107 | 108 | resource "aws_iam_role" "lambda_role" { 109 | name = "${var.project}-${terraform.env}-${var.lambda_function_name}-role" 110 | 111 | assume_role_policy = < GET response 37 | resource "aws_api_gateway_method_response" "response_method" { 38 | rest_api_id = "${aws_api_gateway_rest_api.api.id}" 39 | resource_id = "${aws_api_gateway_resource.proxy.id}" 40 | http_method = "${aws_api_gateway_integration.request_method_integration.http_method}" 41 | status_code = "200" 42 | 43 | response_models = { 44 | "application/json" = "Empty" 45 | } 46 | } 47 | 48 | resource "aws_api_gateway_integration_response" "response_method_integration" { 49 | rest_api_id = "${aws_api_gateway_rest_api.api.id}" 50 | resource_id = "${aws_api_gateway_resource.proxy.id}" 51 | http_method = "${aws_api_gateway_method_response.response_method.http_method}" 52 | status_code = "${aws_api_gateway_method_response.response_method.status_code}" 53 | 54 | response_templates = { 55 | "application/json" = "" 56 | } 57 | } 58 | 59 | resource "aws_lambda_permission" "allow_api_gateway" { 60 | function_name = "${var.lambda_arn}" 61 | statement_id = "AllowExecutionFromApiGateway" 62 | action = "lambda:InvokeFunction" 63 | principal = "apigateway.amazonaws.com" 64 | source_arn = "arn:aws:execute-api:${var.region}:${var.account_id}:${aws_api_gateway_rest_api.api.id}/*/${var.method}${aws_api_gateway_resource.proxy.path}" 65 | depends_on = ["aws_api_gateway_rest_api.api", "aws_api_gateway_resource.proxy"] 66 | } 67 | -------------------------------------------------------------------------------- /modules/api/outputs.tf: -------------------------------------------------------------------------------- 1 | output "http_method" { 2 | value = "${aws_api_gateway_integration_response.response_method_integration.http_method}" 3 | } 4 | 5 | output "api_url" { 6 | value = "${aws_api_gateway_deployment.deployment.invoke_url}" 7 | } 8 | -------------------------------------------------------------------------------- /modules/api/variables.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | description = "The name of the REST API" 3 | } 4 | 5 | variable "stage_name" { 6 | description = "The stage name for the API deployment (production/staging/etc..)" 7 | } 8 | 9 | variable "method" { 10 | description = "The HTTP method" 11 | default = "GET" 12 | } 13 | 14 | variable "lambda" { 15 | description = "The lambda name to invoke" 16 | } 17 | 18 | variable "lambda_arn" { 19 | description = "The lambda arn to invoke" 20 | } 21 | 22 | variable "region" { 23 | description = "The AWS region, e.g., eu-west-1" 24 | } 25 | 26 | variable "account_id" { 27 | description = "The AWS account ID" 28 | } 29 | -------------------------------------------------------------------------------- /modules/lambda/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_lambda_function" "lambda" { 2 | s3_bucket = "${var.s3_bucket}" 3 | s3_key = "${var.s3_key}" 4 | function_name = "${var.function_name}" 5 | role = "${var.role}" 6 | handler = "${var.handler}" 7 | runtime = "${var.runtime}" 8 | source_code_hash = "${var.hash}" 9 | memory_size = "${var.memory}" 10 | 11 | vpc_config { 12 | subnet_ids = ["${var.subnet_ids}"] 13 | security_group_ids = ["${var.security_group_ids}"] 14 | } 15 | 16 | environment { 17 | variables = { 18 | SQLALCHEMY_DATABASE_URI = "${var.database_uri}" 19 | APP_CONFIG_FILE = "${var.app_config}" 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /modules/lambda/outputs.tf: -------------------------------------------------------------------------------- 1 | output "name" { 2 | value = "${aws_lambda_function.lambda.function_name}" 3 | } 4 | 5 | output "arn" { 6 | value = "${aws_lambda_function.lambda.arn}" 7 | } 8 | 9 | output "version" { 10 | value = "${aws_lambda_function.lambda.version}" 11 | } 12 | -------------------------------------------------------------------------------- /modules/lambda/variables.tf: -------------------------------------------------------------------------------- 1 | variable "function_name" { 2 | description = "The name of the lambda function" 3 | } 4 | 5 | variable "runtime" { 6 | description = "The runtime of the lambda to create" 7 | } 8 | 9 | variable "s3_bucket" { 10 | description = "Dist s3 bucket" 11 | } 12 | 13 | variable "s3_key" { 14 | description = "The filename of the lambda zip in s3 bucket" 15 | } 16 | 17 | variable "hash" { 18 | description = "The file hash" 19 | } 20 | 21 | variable "handler" { 22 | description = "The handler name of the lambda function" 23 | } 24 | 25 | variable "memory" { 26 | description = "The memory size of the lambda function" 27 | } 28 | 29 | variable "role" { 30 | description = "IAM role attached to the Lambda Function (ARN)" 31 | } 32 | 33 | variable "database_uri" { 34 | description = "Application database_uri" 35 | } 36 | 37 | variable "app_config" { 38 | description = "Application config url" 39 | default = "../config/env.py" 40 | } 41 | 42 | variable "subnet_ids" { 43 | description = "Which subnets to associate with lambda" 44 | type = "list" 45 | } 46 | 47 | variable "security_group_ids" { 48 | description = "Which security groups to associate with lambda" 49 | type = "list" 50 | } 51 | -------------------------------------------------------------------------------- /modules/vpc/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_vpc" "vpc" { 2 | cidr_block = "${var.vpc_cidr}" 3 | enable_dns_support = "${var.enable_dns_support}" 4 | enable_dns_hostnames = "${var.enable_dns_hostnames}" 5 | 6 | tags { 7 | Name = "${var.project}-${var.environment}-vpc" 8 | Environment = "${terraform.env}" 9 | Project = "${var.project}" 10 | Owner = "${var.owner}" 11 | CostCenter = "${var.costcenter}" 12 | managed_by = "terraform" 13 | service = "${var.service}" 14 | } 15 | } 16 | 17 | resource "aws_internet_gateway" "igw" { 18 | vpc_id = "${aws_vpc.vpc.id}" 19 | 20 | tags { 21 | Name = "${var.project}-${var.environment}-igw" 22 | Environment = "${terraform.env}" 23 | Project = "${var.project}" 24 | Owner = "${var.owner}" 25 | CostCenter = "${var.costcenter}" 26 | managed_by = "terraform" 27 | service = "${var.service}" 28 | } 29 | } 30 | 31 | resource "aws_subnet" "public" { 32 | vpc_id = "${aws_vpc.vpc.id}" 33 | count = "${length(var.public_subnets_cidr)}" 34 | cidr_block = "${element(var.public_subnets_cidr, count.index)}" 35 | availability_zone = "${element(var.azs, count.index)}" 36 | map_public_ip_on_launch = "${var.map_public_ip_on_launch}" 37 | 38 | tags { 39 | Name = "${var.project}-${var.environment}-public-${count.index}" 40 | Environment = "${terraform.env}" 41 | Project = "${var.project}" 42 | Owner = "${var.owner}" 43 | CostCenter = "${var.costcenter}" 44 | managed_by = "terraform" 45 | service = "${var.service}" 46 | } 47 | } 48 | 49 | resource "aws_route_table" "public" { 50 | vpc_id = "${aws_vpc.vpc.id}" 51 | 52 | route { 53 | cidr_block = "0.0.0.0/0" 54 | gateway_id = "${aws_internet_gateway.igw.id}" 55 | } 56 | 57 | tags { 58 | Name = "${var.project}-${var.environment}-public" 59 | Environment = "${terraform.env}" 60 | Project = "${var.project}" 61 | Owner = "${var.owner}" 62 | CostCenter = "${var.costcenter}" 63 | managed_by = "terraform" 64 | service = "${var.project}" 65 | } 66 | } 67 | 68 | resource "aws_route_table_association" "public" { 69 | count = "${length(var.public_subnets_cidr)}" 70 | subnet_id = "${element(aws_subnet.public.*.id, count.index)}" 71 | route_table_id = "${aws_route_table.public.id}" 72 | } 73 | 74 | resource "aws_subnet" "private" { 75 | vpc_id = "${aws_vpc.vpc.id}" 76 | count = "${length(var.private_subnets_cidr)}" 77 | cidr_block = "${element(var.private_subnets_cidr, count.index)}" 78 | availability_zone = "${element(var.azs, count.index)}" 79 | map_public_ip_on_launch = false 80 | 81 | tags { 82 | Name = "${var.project}-${var.environment}-private-${count.index}" 83 | Environment = "${terraform.env}" 84 | Project = "${var.project}" 85 | Owner = "${var.owner}" 86 | CostCenter = "${var.costcenter}" 87 | managed_by = "terraform" 88 | service = "${var.service}" 89 | } 90 | } 91 | 92 | resource "aws_route_table" "private" { 93 | vpc_id = "${aws_vpc.vpc.id}" 94 | 95 | tags { 96 | Name = "${var.project}-${var.environment}-private" 97 | Environment = "${terraform.env}" 98 | Project = "${var.project}" 99 | Owner = "${var.owner}" 100 | CostCenter = "${var.costcenter}" 101 | managed_by = "terraform" 102 | service = "${var.service}" 103 | } 104 | } 105 | 106 | resource "aws_route_table_association" "private" { 107 | count = "${length(var.private_subnets_cidr)}" 108 | subnet_id = "${element(aws_subnet.private.*.id, count.index)}" 109 | route_table_id = "${aws_route_table.private.id}" 110 | } 111 | 112 | resource "aws_subnet" "igw" { 113 | vpc_id = "${aws_vpc.vpc.id}" 114 | cidr_block = "${var.igw_cidr}" 115 | map_public_ip_on_launch = false 116 | 117 | tags { 118 | Name = "${var.project}-${var.environment}-igw" 119 | Environment = "${terraform.env}" 120 | Project = "${var.project}" 121 | Owner = "${var.owner}" 122 | CostCenter = "${var.costcenter}" 123 | managed_by = "terraform" 124 | service = "${var.service}" 125 | } 126 | } 127 | 128 | resource "aws_subnet" "nat" { 129 | vpc_id = "${aws_vpc.vpc.id}" 130 | count = "${length(var.nat_cidr)}" 131 | cidr_block = "${element(var.nat_cidr, count.index)}" 132 | availability_zone = "${element(var.azs, count.index)}" 133 | map_public_ip_on_launch = false 134 | 135 | tags { 136 | Name = "${var.project}-${var.environment}-nat-${count.index}" 137 | Environment = "${terraform.env}" 138 | Project = "${var.project}" 139 | Owner = "${var.owner}" 140 | CostCenter = "${var.costcenter}" 141 | managed_by = "terraform" 142 | service = "${var.service}" 143 | } 144 | } 145 | 146 | resource "aws_eip" "nat" { 147 | vpc = true 148 | } 149 | 150 | resource "aws_nat_gateway" "natgw" { 151 | allocation_id = "${aws_eip.nat.id}" 152 | subnet_id = "${aws_subnet.igw.id}" 153 | } 154 | 155 | resource "aws_route_table" "nat" { 156 | vpc_id = "${aws_vpc.vpc.id}" 157 | 158 | route { 159 | cidr_block = "0.0.0.0/0" 160 | nat_gateway_id = "${aws_nat_gateway.natgw.id}" 161 | } 162 | 163 | tags { 164 | Name = "${var.project}-${var.environment}-nat" 165 | Environment = "${terraform.env}" 166 | Project = "${var.project}" 167 | Owner = "${var.owner}" 168 | CostCenter = "${var.costcenter}" 169 | managed_by = "terraform" 170 | service = "${var.service}" 171 | } 172 | } 173 | 174 | resource "aws_route_table_association" "nat" { 175 | count = "${length(var.nat_cidr)}" 176 | subnet_id = "${element(aws_subnet.nat.*.id, count.index)}" 177 | route_table_id = "${aws_route_table.nat.id}" 178 | } 179 | 180 | resource "aws_route_table" "igw" { 181 | vpc_id = "${aws_vpc.vpc.id}" 182 | 183 | route { 184 | cidr_block = "0.0.0.0/0" 185 | gateway_id = "${aws_internet_gateway.igw.id}" 186 | } 187 | 188 | tags { 189 | Name = "${var.project}-${var.environment}-igw" 190 | Environment = "${terraform.env}" 191 | Project = "${var.project}" 192 | Owner = "${var.owner}" 193 | CostCenter = "${var.costcenter}" 194 | managed_by = "terraform" 195 | service = "${var.service}" 196 | } 197 | } 198 | 199 | resource "aws_route_table_association" "igw" { 200 | subnet_id = "${aws_subnet.igw.id}" 201 | route_table_id = "${aws_route_table.igw.id}" 202 | } 203 | -------------------------------------------------------------------------------- /modules/vpc/outputs.tf: -------------------------------------------------------------------------------- 1 | output "vpc_id" { 2 | value = "${aws_vpc.vpc.id}" 3 | } 4 | 5 | output "public_subnet_ids" { 6 | value = ["${aws_subnet.public.*.id}"] 7 | } 8 | 9 | output "private_subnet_ids" { 10 | value = ["${aws_subnet.private.*.id}"] 11 | } 12 | 13 | output "nat_subnet_cidr" { 14 | value = ["${aws_subnet.nat.*.cidr_block}"] 15 | } 16 | 17 | output "nat_subnet_id" { 18 | value = ["${aws_subnet.nat.*.id}"] 19 | } 20 | 21 | output "cidr" { 22 | value = "${aws_vpc.vpc.cidr_block}" 23 | } 24 | -------------------------------------------------------------------------------- /modules/vpc/variables.tf: -------------------------------------------------------------------------------- 1 | variable "name" { 2 | description = "Name of the VPC." 3 | } 4 | 5 | variable "environment" { 6 | description = "Environment we are working with." 7 | } 8 | 9 | variable "enable_dns_support" { 10 | description = "True if you want to use private DNS within the VPC." 11 | default = true 12 | } 13 | 14 | variable "enable_dns_hostnames" { 15 | description = "Try if you want to use private hostname within the VPC." 16 | default = true 17 | } 18 | 19 | variable "vpc_cidr" { 20 | description = "CIDR for VPC." 21 | default = "10.100.0.0/16" 22 | } 23 | 24 | variable "public_subnets_cidr" { 25 | description = "CIDR for public subnets." 26 | 27 | type = "list" 28 | 29 | default = [ 30 | "10.100.10.0/24", 31 | "10.100.20.0/24", 32 | ] 33 | } 34 | 35 | variable "private_subnets_cidr" { 36 | description = "CIDR for private subnets" 37 | 38 | type = "list" 39 | 40 | default = [ 41 | "10.100.30.0/24", 42 | "10.100.40.0/24", 43 | ] 44 | } 45 | 46 | variable "nat_cidr" { 47 | type = "list" 48 | } 49 | 50 | variable "igw_cidr" {} 51 | 52 | variable "azs" { 53 | description = "Avaialbility Zones for Subnets. Indexes must match `public_subnets_cidr`" 54 | type = "list" 55 | } 56 | 57 | variable "map_public_ip_on_launch" { 58 | description = "Set try if you want to map the public IP on launch." 59 | default = true 60 | } 61 | 62 | variable "service" {} 63 | variable "project" {} 64 | variable "owner" {} 65 | variable "costcenter" {} 66 | -------------------------------------------------------------------------------- /outputs.tf: -------------------------------------------------------------------------------- 1 | output "api_url" { 2 | value = "${module.api.api_url}" 3 | } 4 | 5 | output "lambda_zip" { 6 | value = "${aws_s3_bucket.lambda_repo.bucket}/${var.lambda_zip_path}" 7 | } 8 | 9 | output "vpc_id" { 10 | value = "${module.vpc_subnets.vpc_id}" 11 | } 12 | -------------------------------------------------------------------------------- /variables.tf: -------------------------------------------------------------------------------- 1 | #################### 2 | # Tags 3 | #################### 4 | variable "project" { 5 | description = "Project name for tags and resource naming" 6 | } 7 | 8 | variable "owner" { 9 | description = "Contact person responsible for the resource" 10 | } 11 | 12 | variable "costcenter" { 13 | description = "Cost Center tag" 14 | } 15 | 16 | variable "service" { 17 | description = "Service name" 18 | } 19 | 20 | #################### 21 | # VPC 22 | #################### 23 | variable vpc_cidr { 24 | description = "VPC CIDR" 25 | } 26 | 27 | variable igw_cidr { 28 | description = "VPC Internet Gateway CIDR" 29 | } 30 | 31 | variable public_subnets_cidr { 32 | description = "Public Subnets CIDR" 33 | type = "list" 34 | } 35 | 36 | variable private_subnets_cidr { 37 | description = "Private Subnets CIDR" 38 | type = "list" 39 | } 40 | 41 | variable nat_cidr { 42 | description = "VPC NAT Gateway CIDR" 43 | type = "list" 44 | } 45 | 46 | variable azs { 47 | description = "VPC Availability Zones" 48 | type = "list" 49 | } 50 | 51 | #################### 52 | # Lambda 53 | #################### 54 | variable "lambda_runtime" { 55 | description = "Lambda Function runtime" 56 | } 57 | 58 | variable "lambda_zip_path" { 59 | description = "Lambda Function Zipfile local path for S3 Upload" 60 | } 61 | 62 | variable "lambda_function_name" { 63 | description = "Lambda Function Name" 64 | default = "HttpServer" 65 | } 66 | 67 | variable "lambda_handler" { 68 | description = "Lambda Function Handler" 69 | } 70 | 71 | variable "lambda_memory" { 72 | description = "Lambda memory size, 128 MB to 3,008 MB, in 64 MB increments" 73 | default = "128" 74 | } 75 | 76 | #################### 77 | # API Gateway 78 | #################### 79 | variable "region" { 80 | description = "Region in which to deploy the API" 81 | } 82 | 83 | variable "account_id" { 84 | description = "Account ID needed to construct ARN to allow API Gateway to invoke lambda function" 85 | } 86 | --------------------------------------------------------------------------------