Terraform module to create Route53 resource on AWS for create api gateway with it's basic elements.
We eat, drink, sleep and most importantly love DevOps. We are working towards strategies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy Bigger problems are always solved by breaking them into smaller manageable problems. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller connected yet manageable pieces within the infrastructure.
This module is basically combination of Terraform open source and includes automatation tests and examples. It also helps to create and improve your infrastructure with minimalistic code instead of maintaining the whole infrastructure code yourself.
We have fifty plus terraform modules. A few of them are comepleted and are available for open source usage while a few others are in progress.
This module has a few dependencies:
- Terraform 0.12
- Go
- github.com/stretchr/testify/assert
- github.com/gruntwork-io/terratest/modules/terraform
IMPORTANT: Since the master
branch used in source
varies based on new modifications, we suggest that you use the release versions here.
Here are examples of how you can use this module in your inventory structure:
module "api-gateway" {
source = "git::https://github.com/clouddrove/terraform-aws-api-gateway.git?ref=tags/0.12.2"
name = "api-gateway"
application = "clouddrove"
environment = "test"
label_order = ["environment", "name", "application"]
enabled = true
# Api Gateway Resource
path_parts = ["mytestresource", "mytestresource1"]
# Api Gateway Method
method_enabled = true
http_methods = ["GET", "GET"]
# Api Gateway Integration
integration_types = ["MOCK", "AWS_PROXY"]
integration_http_methods = ["POST", "POST"]
uri = ["", "arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:test/invocations"]
integration_request_parameters = [{
"integration.request.header.X-Authorization" = "'static'"
}, {}]
request_templates = [{
"application/xml" = <<EOF
{
"body" : $input.json('$')
}
EOF
}, {}]
# Api Gateway Method Response
status_codes = [200, 200]
response_models = [{ "application/json" = "Empty" }, {}]
response_parameters = [{ "method.response.header.X-Some-Header" = true }, {}]
# Api Gateway Integration Response
integration_response_parameters = [{ "method.response.header.X-Some-Header" = "integration.response.header.X-Some-Other-Header" }, {}]
response_templates = [{
"application/xml" = <<EOF
#set($inputRoot = $input.path('$'))
<?xml version="1.0" encoding="UTF-8"?>
<message>
$inputRoot.body
</message>
EOF
}, {}]
# Api Gateway Deployment
deployment_enabled = true
stage_name = "deploy"
# Api Gateway Stage
stage_enabled = true
stage_names = ["qa", "dev"]
}
module "api-gateway" {
source = "git::https://github.com/clouddrove/terraform-aws-api-gateway.git?ref=tags/0.12.2"
name = "api-gateway"
application = "clouddrove"
environment = "test"
label_order = ["environment", "name", "application"]
enabled = true
# Api Gateway Resource
path_parts = ["mytestresource", "mytestresource1"]
# Api Gateway Method
method_enabled = true
http_methods = ["GET", "GET"]
# Api Gateway Integration
integration_types = ["MOCK", "AWS_PROXY"]
integration_http_methods = ["POST", "POST"]
uri = ["", "arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:test/invocations"]
integration_request_parameters = [{
"integration.request.header.X-Authorization" = "'static'"
}, {}]
request_templates = [{
"application/xml" = <<EOF
{
"body" : $input.json('$')
}
EOF
}, {}]
# Api Gateway Method Response
status_codes = [200, 200]
response_models = [{ "application/json" = "Empty" }, {}]
response_parameters = [{ "method.response.header.X-Some-Header" = true }, {}]
# Api Gateway Integration Response
integration_response_parameters = [{ "method.response.header.X-Some-Header" = "integration.response.header.X-Some-Other-Header" }, {}]
response_templates = [{
"application/xml" = <<EOF
#set($inputRoot = $input.path('$'))
<?xml version="1.0" encoding="UTF-8"?>
<message>
$inputRoot.body
</message>
EOF
}, {}]
# Api Gateway Deployment
deployment_enabled = true
stage_name = "deploy"
# Api Gateway Stage
stage_enabled = true
stage_names = ["qa", "dev"]
# Api Gateway Client Certificate
cert_enabled = true
cert_description = "clouddrove"
# Api Gateway Authorizer
authorizer_count = 2
authorizer_names = ["test", "test1"]
authorizer_uri = ["arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:test/invocations", "arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:test/invocations"]
authorizer_credentials = ["arn:aws:iam::xxxxxxxxxx:role/lambda-role", "arn:aws:iam::xxxxxxxxxx:role/lambda-role"]
identity_sources = ["method.request.header.Authorization", "method.request.header.Authorization"]
identity_validation_expressions = ["sfdgfhghrfdsdas", ""]
authorizer_types = ["TOKEN", "REQUEST"]
# Api Gateway Gateway Response
gateway_response_count = 2
response_types = ["UNAUTHORIZED", "RESOURCE_NOT_FOUND"]
gateway_status_codes = ["401", "404"]
# Api Gateway Model
model_count = 2
model_names = ["test", "test1"]
content_types = ["application/json", "application/json"]
# Api Gateway Api Key
key_count = 2
key_names = ["test", "test1"]
}
Name | Description | Type | Default | Required |
---|---|---|---|---|
api_key_requireds | Specify if the method requires an API key. | list | <list> |
no |
api_key_source | The source of the API key for requests. Valid values are HEADER (default) and AUTHORIZER. | string | "HEADER" |
no |
api_log_enabled | Whether to enable log for rest api. | bool | "false" |
no |
application | Application (e.g. cd or clouddrove ). |
string | "" |
no |
attributes | Additional attributes (e.g. 1 ). |
list | <list> |
no |
authorization_scopes | The authorization scopes used when the authorization is COGNITO_USER_POOLS. | list | <list> |
no |
authorizations | The type of authorization used for the method (NONE, CUSTOM, AWS_IAM, COGNITO_USER_POOLS). | list | <list> |
no |
authorizer_count | Number of count to create Authorizers for api. | number | "0" |
no |
authorizer_credentials | The credentials required for the authorizer. To specify an IAM Role for API Gateway to assume, use the IAM Role ARN. | list | <list> |
no |
authorizer_ids | The authorizer id to be used when the authorization is CUSTOM or COGNITO_USER_POOLS. | list | <list> |
no |
authorizer_names | The name of the authorizer. | list | <list> |
no |
authorizer_result_ttl_in_seconds | The TTL of cached authorizer results in seconds. Defaults to 300. | list | <list> |
no |
authorizer_types | The type of the authorizer. Possible values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, or COGNITO_USER_POOLS for using an Amazon Cognito user pool. Defaults to TOKEN. | list | <list> |
no |
authorizer_uri | The authorizer's Uniform Resource Identifier (URI). This must be a well-formed Lambda function URI in the form of arn:aws:apigateway:{region}:lambda:path/{service_api}, e.g. arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations. | list | <list> |
no |
binary_media_types | The list of binary media types supported by the RestApi. By default, the RestApi supports only UTF-8-encoded text payloads. | list | <list> |
no |
cache_cluster_enableds | Specifies whether a cache cluster is enabled for the stage. | list | <list> |
no |
cache_cluster_sizes | The size of the cache cluster for the stage, if enabled. Allowed values include 0.5, 1.6, 6.1, 13.5, 28.4, 58.2, 118 and 237. | list | <list> |
no |
cache_key_parameters | A list of cache key parameters for the integration. | list | <list> |
no |
cache_namespaces | The integration's cache namespace. | list | <list> |
no |
cert_description | The description of the client certificate. | string | "" |
no |
cert_enabled | Whether to create client certificate. | bool | "false" |
no |
client_certificate_ids | The identifier of a client certificate for the stage | list | <list> |
no |
connection_ids | The id of the VpcLink used for the integration. Required if connection_type is VPC_LINK. | list | <list> |
no |
connection_types | The integration input's connectionType. Valid values are INTERNET (default for connections through the public routable internet), and VPC_LINK (for private connections between API Gateway and a network load balancer in a VPC). | list | <list> |
no |
content_handlings | Specifies how to handle request payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT. If this property is not defined, the request payload will be passed through from the method request to integration request without modification, provided that the passthroughBehaviors is configured to support payload pass-through. | list | <list> |
no |
content_types | The content type of the model. | list | <list> |
no |
credentials | The credentials required for the integration. For AWS integrations, 2 options are available. To specify an IAM Role for Amazon API Gateway to assume, use the role's ARN. To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. | list | <list> |
no |
delimiter | Delimiter to be used between organization , environment , name and attributes . |
string | "-" |
no |
deploy_description | The description of the deployment. | string | "" |
no |
deployment_enabled | Whether to deploy rest api. | bool | "false" |
no |
description | The description of the REST API | string | "" |
no |
descriptions | The description of the stage. | list | <list> |
no |
destination_arns | ARN of the log group to send the logs to. Automatically removes trailing :* if present. | list | <list> |
no |
documentation_versions | The version of the associated API documentation. | list | <list> |
no |
enabled | Whether to create rest api. | bool | "false" |
no |
enableds | Specifies whether the API key can be used by callers. Defaults to true. | list | <list> |
no |
environment | Environment (e.g. prod , dev , staging ). |
string | "" |
no |
formats | The formatting and values recorded in the logs. | list | <list> |
no |
gateway_response_count | Number of count to create Gateway Response for api. | number | "0" |
no |
gateway_response_parameters | A map specifying the templates used to transform the response body. | list | <list> |
no |
gateway_response_templates | A map specifying the parameters (paths, query strings and headers) of the Gateway Response. | list | <list> |
no |
gateway_status_codes | The HTTP status code of the Gateway Response. | list | <list> |
no |
http_methods | The HTTP Method (GET, POST, PUT, DELETE, HEAD, OPTIONS, ANY). | list | <list> |
no |
identity_sources | The source of the identity in an incoming request. Defaults to method.request.header.Authorization. For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g. "method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName". | list | <list> |
no |
identity_validation_expressions | A validation expression for the incoming identity. For TOKEN type, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response. | list | <list> |
no |
integration_http_methods | The integration HTTP method (GET, POST, PUT, DELETE, HEAD, OPTIONs, ANY, PATCH) specifying how API Gateway will interact with the back end. Required if type is AWS, AWS_PROXY, HTTP or HTTP_PROXY. Not all methods are compatible with all AWS integrations. e.g. Lambda function can only be invoked via POST. | list | <list> |
no |
integration_request_parameters | A map of request query string parameters and headers that should be passed to the backend responder. For example: request_parameters = { "integration.request.header.X-Some-Other-Header" = "method.request.header.X-Some-Header" }. | list | <list> |
no |
integration_response_parameters | A map of response parameters that can be read from the backend response. For example: response_parameters = { "method.response.header.X-Some-Header" = "integration.response.header.X-Some-Other-Header" }. | list | <list> |
no |
integration_types | The integration input's type. Valid values are HTTP (for HTTP backends), MOCK (not calling any real backend), AWS (for AWS services), AWS_PROXY (for Lambda proxy integration) and HTTP_PROXY (for HTTP proxy integration). An HTTP or HTTP_PROXY integration with a connection_type of VPC_LINK is referred to as a private integration and uses a VpcLink to connect API Gateway to a network load balancer of a VPC. | list | <list> |
no |
key_count | Number of count to create key for api gateway. | number | "0" |
no |
key_descriptions | The API key description. Defaults to "Managed by Terraform". | list | <list> |
no |
key_names | The name of the API key. | list | <list> |
no |
label_order | Label order, e.g. name ,application . |
list | <list> |
no |
managedby | ManagedBy, eg 'CloudDrove' or 'AnmolNagpal'. | string | "anmol@clouddrove.com" |
no |
method_enabled | Whether to create stage for rest api. | bool | "false" |
no |
minimum_compression_size | Minimum response size to compress for the REST API. Integer between -1 and 10485760 (10MB). Setting a value greater than -1 will enable compression, -1 disables compression (default). | number | "-1" |
no |
model_count | Number of count to create Model for api. | number | "0" |
no |
model_descriptions | The description of the model. | list | <list> |
no |
model_names | The name of the model. | list | <list> |
no |
name | Name (e.g. app or cluster ). |
string | "" |
no |
passthrough_behaviors | The integration passthrough behavior (WHEN_NO_MATCH, WHEN_NO_TEMPLATES, NEVER). Required if request_templates is used. | list | <list> |
no |
path_parts | The last path segment of this API resource. | list | <list> |
no |
provider_arns | required for type COGNITO_USER_POOLS) A list of the Amazon Cognito user pool ARNs. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}. | list | <list> |
no |
request_models | A map of the API models used for the request's content type where key is the content type (e.g. application/json) and value is either Error, Empty (built-in models) or aws_api_gateway_model's name. | list | <list> |
no |
request_parameters | A map of request query string parameters and headers that should be passed to the integration. For example: request_parameters = {"method.request.header.X-Some-Header" = true "method.request.querystring.some-query-param" = true} would define that the header X-Some-Header and the query string some-query-param must be provided in the request. | list | <list> |
no |
request_templates | A map of the integration's request templates. | list | <list> |
no |
request_validator_ids | The ID of a aws_api_gateway_request_validator. | list | <list> |
no |
response_content_handlings | Specifies how to handle request payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT. If this property is not defined, the response payload will be passed through from the integration response to the method response without modification. | list | <list> |
no |
response_models | A map of the API models used for the response's content type. | list | <list> |
no |
response_parameters | A map of response parameters that can be sent to the caller. For example: response_parameters = { "method.response.header.X-Some-Header" = true } would define that the header X-Some-Header can be provided on the response. | list | <list> |
no |
response_templates | A map specifying the templates used to transform the integration response body. | list | <list> |
no |
response_types | The response type of the associated GatewayResponse. | list | <list> |
no |
schemas | The schema of the model in a JSON form. | list | <list> |
no |
stage_description | The description of the stage. | string | "" |
no |
stage_enabled | Whether to create stage for rest api. | bool | "false" |
no |
stage_name | The name of the stage. If the specified stage already exists, it will be updated to point to the new deployment. If the stage does not exist, a new one will be created and point to this deployment. | string | "" |
no |
stage_names | The name of the stage. | list | <list> |
no |
stage_variables | A map that defines the stage variables. | list | <list> |
no |
status_codes | The HTTP status code. | list | <list> |
no |
tags | Additional tags (e.g. map(BusinessUnit ,XYZ ). |
map | <map> |
no |
target_arns | The list of network load balancer arns in the VPC targeted by the VPC link. Currently AWS only supports 1 target. | list | <list> |
no |
timeout_milliseconds | Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds. | list | <list> |
no |
types | Whether to create rest api. | list | <list> |
no |
uri | The input's URI. Required if type is AWS, AWS_PROXY, HTTP or HTTP_PROXY. For HTTP integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification . For AWS integrations, the URI should be of the form arn:aws:apigateway:{region}:{subdomain.service|service}:{path|action}/{service_api}. region, subdomain and service are used to determine the right endpoint. e.g. arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:012345678901:function:my-func/invocations. | list | <list> |
no |
values | The value of the API key. If not specified, it will be automatically generated by AWS on creation. | list | <list> |
no |
variables | A map that defines variables for the stage. | map | <map> |
no |
vpc_link_count | Number of count to create VPC Link for api. | number | "0" |
no |
vpc_link_descriptions | The description of the VPC link. | list | <list> |
no |
vpc_link_names | The name used to label and identify the VPC link. | list | <list> |
no |
xray_tracing_enabled | A mapping of tags to assign to the resource. | list | <list> |
no |
Name | Description |
---|---|
execution_arn | The Execution ARN of the REST API. |
id | The ID of the REST API. |
tags | A mapping of tags to assign to the resource. |
In this module testing is performed with terratest and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a GO environment in your system.
You need to run the following command in the testing folder:
go test -run Test
If you come accross a bug or have any feedback, please log it in our issue tracker, or feel free to drop us an email at hello@clouddrove.com.
If you have found it worth your time, go ahead and give us a ★ on our GitHub!
At CloudDrove, we offer expert guidance, implementation support and services to help organisations accelerate their journey to the cloud. Our services include docker and container orchestration, cloud migration and adoption, infrastructure automation, application modernisation and remediation, and performance engineering.
We are The Cloud Experts!
We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.