generated from clowdhaus/terraform-aws-module-template
-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
135 lines (111 loc) · 5.13 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
data "aws_region" "current" {}
data "aws_partition" "current" {}
data "aws_caller_identity" "current" {}
################################################################################
# API Gateway
################################################################################
locals {
# This sets defaults if user specific are not provided
# and also sets the ARN of the lambda function generated by this module
api_routes = { for k, v in var.api_routes : k => {
for route, config in v : route => merge(
{
payload_format_version = "2.0"
uri = module.lambda_function.lambda_function_arn
},
config
) }
}
}
module "api_gateway" {
source = "terraform-aws-modules/apigateway-v2/aws"
version = "5.1.3"
create = var.create && var.create_api
# API Gateway
cors_configuration = var.api_cors_configuration
credentials_arn = var.api_credentials_arn
description = coalesce(var.api_description, var.description)
disable_execute_api_endpoint = var.api_disable_execute_api_endpoint
fail_on_warnings = var.api_fail_on_warnings
name = coalesce(var.api_name, var.name)
body = var.api_body
protocol_type = "HTTP"
route_key = var.api_route_key
route_selection_expression = var.api_route_selection_expression
target = var.api_target
api_version = var.api_version
api_mapping_key = var.api_mapping_key
# Authorizer(s)
authorizers = var.api_authorizers
# Domain Name
create_domain_name = var.create_api_domain_name
domain_name = var.api_domain_name
domain_name_certificate_arn = var.api_domain_name_certificate_arn
domain_name_ownership_verification_certificate_arn = var.api_domain_name_ownership_verification_certificate_arn
# Domain - Route53 Records
create_domain_records = var.create_api_domain_records
subdomains = var.api_subdomains
# Domain - Certificate
create_certificate = var.create_api_certificate
# Route(s) & Integration(s)
routes = local.api_routes
# Stage
stage_access_log_settings = var.api_stage_access_log_settings
stage_default_route_settings = var.api_stage_default_route_settings
stage_description = var.api_stage_description
stage_name = var.api_stage_name
stage_variables = var.api_stage_variables
stage_tags = var.api_stage_tags
# VPC Link
vpc_links = var.api_vpc_links
# TODO - share subnets and SGs with lambda function
vpc_link_tags = var.api_vpc_link_tags
tags = merge(var.tags, var.api_tags)
}
################################################################################
# Lambda Function
################################################################################
module "lambda_function" {
source = "terraform-aws-modules/lambda/aws"
version = "7.8.1"
create = var.create && var.create_api && var.create_lambda
function_name = coalesce(var.lambda_name, var.name)
description = coalesce(var.lambda_description, var.description)
handler = "lambda.handler"
runtime = var.lambda_runtime
architectures = var.lambda_architectures
publish = true
source_path = "${path.module}/lambda.py"
kms_key_arn = var.lambda_kms_key_arn
memory_size = var.lambda_memory_size
reserved_concurrent_executions = var.lambda_reserved_concurrent_executions
provisioned_concurrent_executions = var.lambda_provisioned_concurrent_executions
timeout = var.lambda_timeout
tracing_mode = var.lambda_tracing_mode
attach_tracing_policy = var.lambda_attach_tracing_policy
create_role = var.create_lambda_role
lambda_role = var.lambda_role
role_description = coalesce(var.lambda_role_description, var.description)
role_permissions_boundary = var.lambda_role_permissions_boundary
role_maximum_session_duration = var.lambda_role_maximum_session_duration
vpc_subnet_ids = var.lambda_vpc_subnet_ids
vpc_security_group_ids = var.lambda_vpc_security_group_ids
attach_network_policy = var.lambda_attach_network_policy
use_existing_cloudwatch_log_group = !var.create_lambda_cloudwatch_log_group
cloudwatch_logs_retention_in_days = var.lambda_cloudwatch_logs_retention_in_days
cloudwatch_logs_kms_key_id = var.lambda_cloudwatch_logs_kms_key_id
cloudwatch_logs_log_group_class = var.lambda_cloudwatch_logs_log_group_class
allowed_triggers = {
AllowExecutionFromAPIGateway = {
service = "apigateway"
source_arn = "${coalesce(module.api_gateway.api_execution_arn, "X")}/*/*"
}
}
environment_variables = merge(
{
AWS_ECR_DEFAULT_REGISTRY_URL = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${data.aws_region.current.name}.${data.aws_partition.current.dns_suffix}"
},
var.lambda_environment_variables,
)
tags = merge(var.tags, var.lambda_tags)
}