/terraform-aws-api-gateway

Terraform module to create Route53 resource on AWS for create api gateway with it's basic elements.

Primary LanguageHCLMIT LicenseMIT

Terraform AWS Api Gateway

Terraform module to create Route53 resource on AWS for create api gateway with it's basic elements.

Terraform Licence


We eat, drink, sleep and most importantly love DevOps. We are working towards strategies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy Bigger problems are always solved by breaking them into smaller manageable problems. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller connected yet manageable pieces within the infrastructure.

This module is basically combination of Terraform open source and includes automatation tests and examples. It also helps to create and improve your infrastructure with minimalistic code instead of maintaining the whole infrastructure code yourself.

We have fifty plus terraform modules. A few of them are comepleted and are available for open source usage while a few others are in progress.

Prerequisites

This module has a few dependencies:

Examples

IMPORTANT: Since the master branch used in source varies based on new modifications, we suggest that you use the release versions here.

Here are examples of how you can use this module in your inventory structure:

Basic Example

  module "api-gateway" {
    source                          = "git::https://github.com/clouddrove/terraform-aws-api-gateway.git?ref=tags/0.12.2"
    name        = "api-gateway"
    application = "clouddrove"
    environment = "test"
    label_order = ["environment", "name", "application"]
    enabled     = true

  # Api Gateway Resource
    path_parts = ["mytestresource", "mytestresource1"]

  # Api Gateway Method
    method_enabled = true
    http_methods   = ["GET", "GET"]

  # Api Gateway Integration
    integration_types        = ["MOCK", "AWS_PROXY"]
    integration_http_methods = ["POST", "POST"]
    uri                      = ["", "arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:test/invocations"]
    integration_request_parameters = [{
      "integration.request.header.X-Authorization" = "'static'"
    }, {}]
    request_templates = [{
      "application/xml" = <<EOF
  {
     "body" : $input.json('$')
  }
  EOF
    }, {}]

  # Api Gateway Method Response
    status_codes = [200, 200]
    response_models = [{ "application/json" = "Empty" }, {}]
    response_parameters = [{ "method.response.header.X-Some-Header" = true }, {}]

  # Api Gateway Integration Response
    integration_response_parameters = [{ "method.response.header.X-Some-Header" = "integration.response.header.X-Some-Other-Header" }, {}]
    response_templates = [{
      "application/xml" = <<EOF
  #set($inputRoot = $input.path('$'))
  <?xml version="1.0" encoding="UTF-8"?>
  <message>
      $inputRoot.body
  </message>
  EOF
    }, {}]

  # Api Gateway Deployment
    deployment_enabled = true
    stage_name         = "deploy"

  # Api Gateway Stage
    stage_enabled = true
    stage_names   = ["qa", "dev"]
  }

Complete Example

  module "api-gateway" {
    source                          = "git::https://github.com/clouddrove/terraform-aws-api-gateway.git?ref=tags/0.12.2"
    name        = "api-gateway"
    application = "clouddrove"
    environment = "test"
    label_order = ["environment", "name", "application"]
    enabled     = true

  # Api Gateway Resource
    path_parts = ["mytestresource", "mytestresource1"]

  # Api Gateway Method
    method_enabled = true
    http_methods   = ["GET", "GET"]

  # Api Gateway Integration
    integration_types        = ["MOCK", "AWS_PROXY"]
    integration_http_methods = ["POST", "POST"]
    uri                      = ["", "arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:test/invocations"]
    integration_request_parameters = [{
      "integration.request.header.X-Authorization" = "'static'"
    }, {}]
    request_templates = [{
      "application/xml" = <<EOF
  {
     "body" : $input.json('$')
  }
  EOF
    }, {}]

  # Api Gateway Method Response
    status_codes = [200, 200]
    response_models = [{ "application/json" = "Empty" }, {}]
    response_parameters = [{ "method.response.header.X-Some-Header" = true }, {}]

  # Api Gateway Integration Response
    integration_response_parameters = [{ "method.response.header.X-Some-Header" = "integration.response.header.X-Some-Other-Header" }, {}]
    response_templates = [{
      "application/xml" = <<EOF
  #set($inputRoot = $input.path('$'))
  <?xml version="1.0" encoding="UTF-8"?>
  <message>
      $inputRoot.body
  </message>
  EOF
    }, {}]

  # Api Gateway Deployment
    deployment_enabled = true
    stage_name         = "deploy"

  # Api Gateway Stage
    stage_enabled = true
    stage_names   = ["qa", "dev"]

  # Api Gateway Client Certificate
    cert_enabled     = true
    cert_description = "clouddrove"

  # Api Gateway Authorizer
    authorizer_count                = 2
    authorizer_names                = ["test", "test1"]
    authorizer_uri                  = ["arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:test/invocations", "arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:test/invocations"]
    authorizer_credentials          = ["arn:aws:iam::xxxxxxxxxx:role/lambda-role", "arn:aws:iam::xxxxxxxxxx:role/lambda-role"]
    identity_sources                = ["method.request.header.Authorization", "method.request.header.Authorization"]
    identity_validation_expressions = ["sfdgfhghrfdsdas", ""]
    authorizer_types                = ["TOKEN", "REQUEST"]

  # Api Gateway Gateway Response
    gateway_response_count = 2
    response_types         = ["UNAUTHORIZED", "RESOURCE_NOT_FOUND"]
    gateway_status_codes   = ["401", "404"]

  # Api Gateway Model
    model_count   = 2
    model_names   = ["test", "test1"]
    content_types = ["application/json", "application/json"]

  # Api Gateway Api Key
    key_count = 2
    key_names = ["test", "test1"]
  }

Inputs

Name Description Type Default Required
api_key_requireds Specify if the method requires an API key. list <list> no
api_key_source The source of the API key for requests. Valid values are HEADER (default) and AUTHORIZER. string "HEADER" no
api_log_enabled Whether to enable log for rest api. bool "false" no
application Application (e.g. cd or clouddrove). string "" no
attributes Additional attributes (e.g. 1). list <list> no
authorization_scopes The authorization scopes used when the authorization is COGNITO_USER_POOLS. list <list> no
authorizations The type of authorization used for the method (NONE, CUSTOM, AWS_IAM, COGNITO_USER_POOLS). list <list> no
authorizer_count Number of count to create Authorizers for api. number "0" no
authorizer_credentials The credentials required for the authorizer. To specify an IAM Role for API Gateway to assume, use the IAM Role ARN. list <list> no
authorizer_ids The authorizer id to be used when the authorization is CUSTOM or COGNITO_USER_POOLS. list <list> no
authorizer_names The name of the authorizer. list <list> no
authorizer_result_ttl_in_seconds The TTL of cached authorizer results in seconds. Defaults to 300. list <list> no
authorizer_types The type of the authorizer. Possible values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, or COGNITO_USER_POOLS for using an Amazon Cognito user pool. Defaults to TOKEN. list <list> no
authorizer_uri The authorizer's Uniform Resource Identifier (URI). This must be a well-formed Lambda function URI in the form of arn:aws:apigateway:{region}:lambda:path/{service_api}, e.g. arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations. list <list> no
binary_media_types The list of binary media types supported by the RestApi. By default, the RestApi supports only UTF-8-encoded text payloads. list <list> no
cache_cluster_enableds Specifies whether a cache cluster is enabled for the stage. list <list> no
cache_cluster_sizes The size of the cache cluster for the stage, if enabled. Allowed values include 0.5, 1.6, 6.1, 13.5, 28.4, 58.2, 118 and 237. list <list> no
cache_key_parameters A list of cache key parameters for the integration. list <list> no
cache_namespaces The integration's cache namespace. list <list> no
cert_description The description of the client certificate. string "" no
cert_enabled Whether to create client certificate. bool "false" no
client_certificate_ids The identifier of a client certificate for the stage list <list> no
connection_ids The id of the VpcLink used for the integration. Required if connection_type is VPC_LINK. list <list> no
connection_types The integration input's connectionType. Valid values are INTERNET (default for connections through the public routable internet), and VPC_LINK (for private connections between API Gateway and a network load balancer in a VPC). list <list> no
content_handlings Specifies how to handle request payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT. If this property is not defined, the request payload will be passed through from the method request to integration request without modification, provided that the passthroughBehaviors is configured to support payload pass-through. list <list> no
content_types The content type of the model. list <list> no
credentials The credentials required for the integration. For AWS integrations, 2 options are available. To specify an IAM Role for Amazon API Gateway to assume, use the role's ARN. To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. list <list> no
delimiter Delimiter to be used between organization, environment, name and attributes. string "-" no
deploy_description The description of the deployment. string "" no
deployment_enabled Whether to deploy rest api. bool "false" no
description The description of the REST API string "" no
descriptions The description of the stage. list <list> no
destination_arns ARN of the log group to send the logs to. Automatically removes trailing :* if present. list <list> no
documentation_versions The version of the associated API documentation. list <list> no
enabled Whether to create rest api. bool "false" no
enableds Specifies whether the API key can be used by callers. Defaults to true. list <list> no
environment Environment (e.g. prod, dev, staging). string "" no
formats The formatting and values recorded in the logs. list <list> no
gateway_response_count Number of count to create Gateway Response for api. number "0" no
gateway_response_parameters A map specifying the templates used to transform the response body. list <list> no
gateway_response_templates A map specifying the parameters (paths, query strings and headers) of the Gateway Response. list <list> no
gateway_status_codes The HTTP status code of the Gateway Response. list <list> no
http_methods The HTTP Method (GET, POST, PUT, DELETE, HEAD, OPTIONS, ANY). list <list> no
identity_sources The source of the identity in an incoming request. Defaults to method.request.header.Authorization. For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g. "method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName". list <list> no
identity_validation_expressions A validation expression for the incoming identity. For TOKEN type, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response. list <list> no
integration_http_methods The integration HTTP method (GET, POST, PUT, DELETE, HEAD, OPTIONs, ANY, PATCH) specifying how API Gateway will interact with the back end. Required if type is AWS, AWS_PROXY, HTTP or HTTP_PROXY. Not all methods are compatible with all AWS integrations. e.g. Lambda function can only be invoked via POST. list <list> no
integration_request_parameters A map of request query string parameters and headers that should be passed to the backend responder. For example: request_parameters = { "integration.request.header.X-Some-Other-Header" = "method.request.header.X-Some-Header" }. list <list> no
integration_response_parameters A map of response parameters that can be read from the backend response. For example: response_parameters = { "method.response.header.X-Some-Header" = "integration.response.header.X-Some-Other-Header" }. list <list> no
integration_types The integration input's type. Valid values are HTTP (for HTTP backends), MOCK (not calling any real backend), AWS (for AWS services), AWS_PROXY (for Lambda proxy integration) and HTTP_PROXY (for HTTP proxy integration). An HTTP or HTTP_PROXY integration with a connection_type of VPC_LINK is referred to as a private integration and uses a VpcLink to connect API Gateway to a network load balancer of a VPC. list <list> no
key_count Number of count to create key for api gateway. number "0" no
key_descriptions The API key description. Defaults to "Managed by Terraform". list <list> no
key_names The name of the API key. list <list> no
label_order Label order, e.g. name,application. list <list> no
managedby ManagedBy, eg 'CloudDrove' or 'AnmolNagpal'. string "anmol@clouddrove.com" no
method_enabled Whether to create stage for rest api. bool "false" no
minimum_compression_size Minimum response size to compress for the REST API. Integer between -1 and 10485760 (10MB). Setting a value greater than -1 will enable compression, -1 disables compression (default). number "-1" no
model_count Number of count to create Model for api. number "0" no
model_descriptions The description of the model. list <list> no
model_names The name of the model. list <list> no
name Name (e.g. app or cluster). string "" no
passthrough_behaviors The integration passthrough behavior (WHEN_NO_MATCH, WHEN_NO_TEMPLATES, NEVER). Required if request_templates is used. list <list> no
path_parts The last path segment of this API resource. list <list> no
provider_arns required for type COGNITO_USER_POOLS) A list of the Amazon Cognito user pool ARNs. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}. list <list> no
request_models A map of the API models used for the request's content type where key is the content type (e.g. application/json) and value is either Error, Empty (built-in models) or aws_api_gateway_model's name. list <list> no
request_parameters A map of request query string parameters and headers that should be passed to the integration. For example: request_parameters = {"method.request.header.X-Some-Header" = true "method.request.querystring.some-query-param" = true} would define that the header X-Some-Header and the query string some-query-param must be provided in the request. list <list> no
request_templates A map of the integration's request templates. list <list> no
request_validator_ids The ID of a aws_api_gateway_request_validator. list <list> no
response_content_handlings Specifies how to handle request payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT. If this property is not defined, the response payload will be passed through from the integration response to the method response without modification. list <list> no
response_models A map of the API models used for the response's content type. list <list> no
response_parameters A map of response parameters that can be sent to the caller. For example: response_parameters = { "method.response.header.X-Some-Header" = true } would define that the header X-Some-Header can be provided on the response. list <list> no
response_templates A map specifying the templates used to transform the integration response body. list <list> no
response_types The response type of the associated GatewayResponse. list <list> no
schemas The schema of the model in a JSON form. list <list> no
stage_description The description of the stage. string "" no
stage_enabled Whether to create stage for rest api. bool "false" no
stage_name The name of the stage. If the specified stage already exists, it will be updated to point to the new deployment. If the stage does not exist, a new one will be created and point to this deployment. string "" no
stage_names The name of the stage. list <list> no
stage_variables A map that defines the stage variables. list <list> no
status_codes The HTTP status code. list <list> no
tags Additional tags (e.g. map(BusinessUnit,XYZ). map <map> no
target_arns The list of network load balancer arns in the VPC targeted by the VPC link. Currently AWS only supports 1 target. list <list> no
timeout_milliseconds Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds. list <list> no
types Whether to create rest api. list <list> no
uri The input's URI. Required if type is AWS, AWS_PROXY, HTTP or HTTP_PROXY. For HTTP integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification . For AWS integrations, the URI should be of the form arn:aws:apigateway:{region}:{subdomain.service|service}:{path|action}/{service_api}. region, subdomain and service are used to determine the right endpoint. e.g. arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:012345678901:function:my-func/invocations. list <list> no
values The value of the API key. If not specified, it will be automatically generated by AWS on creation. list <list> no
variables A map that defines variables for the stage. map <map> no
vpc_link_count Number of count to create VPC Link for api. number "0" no
vpc_link_descriptions The description of the VPC link. list <list> no
vpc_link_names The name used to label and identify the VPC link. list <list> no
xray_tracing_enabled A mapping of tags to assign to the resource. list <list> no

Outputs

Name Description
execution_arn The Execution ARN of the REST API.
id The ID of the REST API.
tags A mapping of tags to assign to the resource.

Testing

In this module testing is performed with terratest and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a GO environment in your system.

You need to run the following command in the testing folder:

  go test -run Test

Feedback

If you come accross a bug or have any feedback, please log it in our issue tracker, or feel free to drop us an email at hello@clouddrove.com.

If you have found it worth your time, go ahead and give us a ★ on our GitHub!

About us

At CloudDrove, we offer expert guidance, implementation support and services to help organisations accelerate their journey to the cloud. Our services include docker and container orchestration, cloud migration and adoption, infrastructure automation, application modernisation and remediation, and performance engineering.

We are The Cloud Experts!


We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.