Please consult the examples directory for reference example configurations. If you find a bug, please open an issue with supporting configuration to reproduce.
- Minimum supported Terraform version increased to
v1.3to support Terraform statemovedblocks as well as other advanced features - The
apigatewayv2_anddefault_apigatewayv2_prefixes has been removed from the output names - When a custom domain is used, the execution endpoint is disabled automatically; this is to ensure that requests are sent via the custom domain
- For
authorizers, theaudienceandissuerproperties are now nested underjwt_configurationto better match the upstream API
- Minimum supported Terraform AWS provider raised to
v5.37.0to support recent bug fixes in the provider - Default values for
api_key_selection_expression,route_selection_expressionvariables set tonull(still matches prior value v4.x version but is set asnullnow) - The input data structure for
routes(wasintegrations) has been updated and now uses optional inputs
- Support for creating a websocket API endpoint
- Support for creating Route53 alias records for custom domain names w/ support for multiple sub-domains using a wildcard API Gateway custom domain name
- Support for creating ACM certificate for custom domain
- Support for automatically deploying the stage when updates have been made (for Websocket, HTTP is always auto-deployed by the API)
- Stage access log group settings are now embedded into the
stage_access_log_settingsvariable - API mapping is created automatically when using a custom domain
- Default values of 500 and 1000 have been set for
throttling_burst_limitandthrottling_rate_limitrespectively to ensure users do not face errors when deploying APIs for the first time and not configuring these - Default values for the log group name (
"/aws/apigateway/${var.name}/${var.stage_name}") and retention period (30) have been provided for the stage access logs log group
- None
-
Removed variables:
create_api_gatewaycreate_default_stage_api_mappingcreate_default_stage_access_log_group-> replaced bycreate_log_groupset withinstage_access_log_settingsdefault_stage_access_log_*-> replaced by setting values withinstage_access_log_settingscreate_vpc_linkdefault_stage_access_log_destination_arndomain_name_tags
-
Renamed variables:
integrations->routescreate_default_stage->create_stagecreate_api_domain_name->create_domain_namedefault_route_settings->stage_default_route_settingsdefault_stage_tags->stage_tags
-
Added variables:
create_domain_namecreate_domain_recordssubdomainscreate_certificatestage_access_log_settingsstage_client_certificate_idstage_descriptionstage_namestage_variablesdeploy_stage
-
Removed outputs:
default_apigatewayv2_stage_domain_nameaws_apigatewayv2_api_mappingapigatewayv2_vpc_link_id-> replaced byvpc_linksapigatewayv2_vpc_link_arn-> replaced byvpc_linksapigatewayv2_authorizer_id-> replaced byauthorizers
-
Renamed outputs:
apigatewayv2_api_-> prefix replaced withapi_default_apigatewayv2_stage_prefix replaced withstage_apigatewayv2_domain_prefix replaced withdomain_
-
Added outputs:
acm_certificate_arnintegrationsroutesstage_access_logs_cloudwatch_log_group_namestage_access_logs_cloudwatch_log_group_arn
module "apigateway_v2" {
source = "terraform-aws-modules/apigateway-v2/aws"
- version = "~> 4.0"
+ version = "~> 5.0"
- create_default_stage_access_log_group = true
- default_stage_access_log_format = "$context.identity.sourceIp"
+ stage_access_log_settings = {
+ create_log_group = true
+ format = "$context.identity.sourceIp"
+ }
authorizers = {
"cognito" = {
authorizer_type = "JWT"
identity_sources = "$request.header.Authorization"
name = "cognito"
- audience = ["d6a38afd-45d6-4874-d1aa-3c5c558aqcc2"]
- issuer = "https://${aws_cognito_user_pool.this.endpoint}"
jwt_configuration = {
+ audience = ["d6a38afd-45d6-4874-d1aa-3c5c558aqcc2"]
+ issuer = "https://${aws_cognito_user_pool.this.endpoint}"
}
}
}
- integrations = {
+ routes = {
"POST /start-step-function" = {
- integration_type = "AWS_PROXY"
- integration_subtype = "StepFunctions-StartExecution"
- credentials_arn = module.step_function.role_arn
- request_parameters = jsonencode({
- StateMachineArn = module.step_function.state_machine_arn
- })
- payload_format_version = "1.0"
- timeout_milliseconds = 12000
+ integration = {
+ type = "AWS_PROXY"
+ subtype = "StepFunctions-StartExecution"
+ credentials_arn = module.step_function.role_arn
+ request_parameters = {
+ StateMachineArn = module.step_function.state_machine_arn
+ }
+ payload_format_version = "1.0"
+ timeout_milliseconds = 12000
+ }
}
"GET /some-route-with-authorizer-and-scope" = {
- lambda_arn = module.lambda_function.lambda_function_arn
- payload_format_version = "2.0"
- authorization_type = "JWT"
- authorizer_key = "cognito"
- authorization_scopes = "tf/something.relevant.read,tf/something.relevant.write"
+ authorization_type = "JWT"
+ authorizer_key = "cognito"
+ authorization_scopes = ["tf/something.relevant.read", "tf/something.relevant.write"]
+ integration = {
+ uri = module.lambda_function.lambda_function_arn
+ payload_format_version = "2.0"
+ }
}
"$default" = {
- lambda_arn = module.lambda_function.lambda_function_arn
- tls_config = jsonencode({
- server_name_to_verify = local.domain_name
- })
- response_parameters = jsonencode([
- {
- status_code = 500
- mappings = {
- "append:header.header1" = "$context.requestId"
- "overwrite:statuscode" = "403"
- }
- },
- {
- status_code = 404
- mappings = {
- "append:header.error" = "$stageVariables.environmentId"
- }
- }
- ])
+ integration = {
+ uri = module.lambda_function.lambda_function_arn
+ tls_config = jsonencode({
+ server_name_to_verify = local.domain_name
+ })
+ response_parameters = [
+ {
+ status_code = 500
+ mappings = {
+ "append:header.header1" = "$context.requestId"
+ "overwrite:statuscode" = "403"
+ }
+ },
+ {
+ status_code = 404
+ mappings = {
+ "append:header.error" = "$stageVariables.environmentId"
+ }
+ }
+ ]
+ }
}
}
}