module "api" {
source = "tokarev-artem/rest-api/aws"
api_gateway_name = "api"
environment = "dev"
stage_name = "v1"
endpoint_configuration = {
types = ["EDGE"]
}
integrations = [
{
integration_type = "AWS_PROXY"
uri = "arn:aws:apigateway:eu-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-central-1:123456789101:function:get_users/invocations"
http_method = "GET"
integration_http_method = "POST"
path_part = "user"
},
{
integration_type = "HTTP"
uri = "https://google.com/"
http_method = "GET"
integration_http_method = "GET"
path_part = "group"
request_parameters = {
"integration.request.header.X-Authorization" = "'static'"
"integration.request.header.X-Foo" = "'Bar'"
}
request_templates = {
"application/json" = ""
"application/xml" = "#set($inputRoot = $input.path('$'))\n{ }"
}
passthrough_behavior = "WHEN_NO_MATCH"
content_handling = "CONVERT_TO_TEXT"
authorization = "CUSTOM"
},
{
integration_type = "MOCK"
http_method = "GET"
path_part = "mock"
request_parameters = {
"integration.request.header.X-Authorization" = "'static'"
}
request_templates = {
"application/xml" = <<EOF
{
"body" : $input.json('$')
}
EOF
}
}
]
}| Name | Version |
|---|---|
| aws | n/a |
| Name | Description |
|---|---|
| api_gateway_access_log_group_arn | The Amazon Resource Name (ARN) specifying the log group. Any :* suffix added by the API, denoting all CloudWatch Log Streams under the CloudWatch Log Group, is removed for greater compatibility with other AWS services that do not accept the suffix. |
| api_gateway_authorizer_id | ID of the API Gateway authorizer |
| api_gateway_authorizer_lambda_arn | ARN of the Lambda function used for API Gateway authorizer |
| api_gateway_base_path_mapping_id | ID of the API Gateway base path mapping |
| api_gateway_deployment_id | ID of the API Gateway deployment |
| api_gateway_domain_name | API Gateway custom domain name |
| api_gateway_policy_id | ID of the API Gateway policy |
| aws_api_gateway_rest_api_id | ID of the REST API |
| aws_api_gateway_rest_api_root_resource_id | Resource ID of the REST API's root |
| aws_api_gateway_stage_arn | ARN of the stage |
| aws_api_gateway_stage_execution_arn | Execution ARN to be used in lambda_permission's source_arn when allowing API Gateway to invoke a Lambda function, e.g., arn:aws:execute-api:eu-west-2:123456789012:z4675bid1j/prod |
| aws_api_gateway_stage_id | ID of the stage |
| aws_api_gateway_stage_invoke_url | URL to invoke the API pointing to the stage, e.g., https://z4675bid1j.execute-api.eu-west-2.amazonaws.com/prod |
| integration_resource_ids | Resource's identifier. |
| integration_resource_paths | Complete path for this API resource, including all parent paths. |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| api_gateway_name | API gateway name | string |
n/a | yes |
| environment | Environment name | string |
n/a | yes |
| stage_name | Name of the stage, will be used here: https://api.example.com/{stage_name}/* | string |
n/a | yes |
| api_gateway_policy | API Gateway REST API Policy, here you can restrict access to the API gateway. Documentation: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies.html | string |
null |
no |
| api_gateway_stage_access_log_data_trace_enable | Whether data trace logging is enabled for this method, which effects the log entries pushed to Amazon CloudWatch Logs | bool |
false |
no |
| api_gateway_stage_access_log_enable | Enables access logs for the API stage | bool |
false |
no |
| api_gateway_stage_access_log_format | The access log format for API Gateway | string |
"{\"requestId\":\"$context.requestId\", \"extendedRequestId\":\"$context.extendedRequestId\",\"ip\": \"$context.identity.sourceIp\", \"caller\":\"$context.identity.caller\", \"user\":\"$context.identity.user\", \"requestTime\":\"$context.requestTime\", \"httpMethod\":\"$context.httpMethod\", \"resourcePath\":\"$context.resourcePath\", \"status\":\"$context.status\", \"protocol\":\"$context.protocol\", \"responseLength\":\"$context.responseLength\"}" |
no |
| api_gateway_stage_access_log_level | Logging level for this method, which effects the log entries pushed to Amazon CloudWatch Logs. The available levels are OFF, ERROR, and INFO. | string |
"OFF" |
no |
| api_gateway_stage_access_log_method | Method path defined as {resource_path}/{http_method} for an individual method override, or / for overriding all methods in the stage. | string |
"*/*" |
no |
| authorizer_identity_source | Source of the identity in an incoming request. Defaults to method.request.header.Authorization | string |
"method.request.header.Authorization" |
no |
| authorizer_identity_validation_expression | (Optional) Validation expression for the incoming identity. For TOKEN type, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response. | string |
null |
no |
| authorizer_lambda_name | Lambda name of existing lambda authorizer | string |
null |
no |
| authorizer_name | Name of the authorizer to create | string |
null |
no |
| authorizer_provider_arns | (Optional, required for authorizer_type COGNITO_USER_POOLS) List of the Amazon Cognito user pool ARNs. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}. | list(string) |
[] |
no |
| authorizer_result_ttl_in_seconds | TTL of cached authorizer results in seconds. Defaults to 300. | number |
300 |
no |
| authorizer_type | (Optional) Type of the authorizer. Possible values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, or COGNITO_USER_POOLS for using an Amazon Cognito user pool. Defaults to TOKEN. | string |
"TOKEN" |
no |
| certificate_arn | ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source, required only if create_custom_domain is set to true | string |
null |
no |
| create_authorizer | Determines create API gateway authoriser or not | bool |
false |
no |
| create_custom_domain | Determines a custom domain name for use with AWS API Gateway | bool |
false |
no |
| custom_domain_base_path | A custom path for custom domain mapping, e.g. default behaviour https://api.example.com/v1 -> https://api.example.com, or if defined https://api.example.com/v1 -> https://api.example.com/v1 | string |
null |
no |
| custom_domain_name | API gateway custom domain name | string |
null |
no |
| endpoint_configuration | Configuration block defining API endpoint configuration including endpoint type. | any |
null |
no |
| fail_on_warnings | Whether warnings while API Gateway is creating or updating the resource should return an error or not | bool |
false |
no |
| integrations | List of API Gateway integrations | list(object({ |
[] |
no |
| minimum_compression_size | Minimum response size to compress for the REST API. String containing an integer value between -1 and 10485760 | number |
-1 |
no |
| put_rest_api_mode | Mode of the PutRestApi operation when importing an OpenAPI specification via the body argument (create or update operation). Valid values are merge and overwrite | string |
"merge" |
no |
| rest_api_parameters | Map of customizations for importing the specification in the body argument | map(any) |
null |
no |
| tags | Key-value map of api gateway tags | map(any) |
{} |
no |