-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathr_api_gateway.tf
102 lines (83 loc) · 3.38 KB
/
r_api_gateway.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
resource "aws_apigatewayv2_api" "this" {
name = var.name
protocol_type = "HTTP"
description = "HTTP API for moot, a serverless release dashboard"
cors_configuration {
allow_credentials = true
allow_headers = ["Content-Type", "Authorization", "X-Session-Id"]
allow_methods = ["GET", "OPTIONS", "POST"]
allow_origins = [var.hosted_zone_name != "" && var.fqdn_alias != "" ? "https://${var.fqdn_alias}" : "https://${module.cloudfront.cloudfront_distribution_domain_name}"]
max_age = 600
}
tags = var.tags
}
resource "aws_apigatewayv2_stage" "this" {
name = "$default"
api_id = aws_apigatewayv2_api.this.id
auto_deploy = true
dynamic "access_log_settings" {
for_each = var.enable_api_gateway_access_logs ? [var.enable_api_gateway_access_logs] : []
content {
destination_arn = aws_cloudwatch_log_group.api_gateway[0].arn
format = jsonencode({
"requestId" : "$context.requestId",
"ip" : "$context.identity.sourceIp",
"requestTime" : "$context.requestTime",
"httpMethod" : "$context.httpMethod",
"routeKey" : "$context.routeKey",
"status" : "$context.status",
"protocol" : "$context.protocol",
"responseLength" : "$context.responseLength",
"integrationError " : "$context.integrationErrorMessage"
})
}
}
tags = var.tags
}
resource "aws_apigatewayv2_domain_name" "this" {
count = var.hosted_zone_name != "" && var.fqdn_alias != "" ? 1 : 0
depends_on = [aws_acm_certificate_validation.this[0]]
domain_name = var.fqdn_alias
domain_name_configuration {
certificate_arn = aws_acm_certificate.this[0].arn
endpoint_type = "REGIONAL"
security_policy = "TLS_1_2"
}
tags = var.tags
}
resource "aws_apigatewayv2_authorizer" "this" {
name = var.name
api_id = aws_apigatewayv2_api.this.id
authorizer_type = "JWT"
identity_sources = ["$request.header.Authorization"]
jwt_configuration {
audience = [aws_cognito_user_pool_client.this.id]
issuer = "https://${aws_cognito_user_pool.this.endpoint}"
}
}
resource "aws_apigatewayv2_integration" "this" {
for_each = local.lambda_integrations
api_id = aws_apigatewayv2_api.this.id
integration_type = "AWS_PROXY"
connection_type = "INTERNET"
integration_method = each.value.method
integration_uri = aws_lambda_function.this[each.value.lambda_key].arn
timeout_milliseconds = 10500
payload_format_version = "2.0"
}
resource "aws_apigatewayv2_route" "this" {
for_each = local.lambda_integrations
api_id = aws_apigatewayv2_api.this.id
route_key = "${each.value.method} ${each.value.route}"
authorization_type = each.value.authorizer ? "JWT" : "NONE"
authorizer_id = each.value.authorizer ? aws_apigatewayv2_authorizer.this.id : null
target = "integrations/${aws_apigatewayv2_integration.this[each.key].id}"
}
resource "aws_apigatewayv2_route" "proxy" {
for_each = local.lambda_integrations
api_id = aws_apigatewayv2_api.this.id
route_key = "OPTIONS ${each.value.route}/{proxy+}"
authorization_type = each.value.authorizer ? "JWT" : "NONE"
authorizer_id = each.value.authorizer ? aws_apigatewayv2_authorizer.this.id : null
target = "integrations/${aws_apigatewayv2_integration.this[each.key].id}"
}