This terraform module is an all-in-one solution for setting up Spacelift webhooks on a given stack, receiving them, and persisting the data.
The architecture consists of a webhook integration created in Spacelift which calls AWS API Gateway.
The API Gateway is a proxy to AWS Lambda without any authorizor.
Lambda handles validation by parsing the x-signature-256 header from the request and comparing against it against the body of the request. See Spacelift documentation for more information.
If validation is successful, the lambda persists the event to a DynamoDB table.
This module also handles creation of the necessary AWS roles, policies, CloudWatch logs and metrics, as well as the webhook secret used for validating requests between Spacelift and AWS.
See the examples directory for usage examples of this module. You can also find each each variable for the module documented in the variables.tf file.