https://github.com/obytes/terraform-aws-lambda-apigw
AWS Lambda API Gateway HTTP API
https://github.com/obytes/terraform-aws-lambda-apigw
api-gateway aws aws-lambda lambda rest-api serverless
Last synced: 10 months ago
JSON representation
AWS Lambda API Gateway HTTP API
- Host: GitHub
- URL: https://github.com/obytes/terraform-aws-lambda-apigw
- Owner: obytes
- Created: 2021-10-28T09:04:07.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2021-10-31T09:14:39.000Z (about 4 years ago)
- Last Synced: 2025-01-11T13:50:32.745Z (12 months ago)
- Topics: api-gateway, aws, aws-lambda, lambda, rest-api, serverless
- Language: HCL
- Homepage: https://www.obytes.com/blog/go-serverless-part-3-deploy-http-api-to-aws-lambda-and-expose-it-via-api-gateway
- Size: 4.88 KB
- Stars: 2
- Watchers: 12
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Terraform AWS Lambda API Gateway
A reusable terraform module for provisioning API Gateway HTTP API that integrates with upstream Lambda Functions,
authorize and proxy requests.
## Prerequisites
This module requires:
- A Lambda API built with any Restfull API framework like Flask API and Fast API, and able to adapt a Lambda API Gateway
event into an HTTP Request and HTTP Response into API Gateway Response, you can use this
[Lambda Flask Starter Application](https://github.com/obytes/lambda-flask-api) for demo.
- An alias pointing to the lambda function.
## Usage
```hcl
module "flask_api_gw" {
source = "git::https://github.com/obytes/terraform-aws-lambda-apigw.git//modules/gw"
prefix = local.prefix
common_tags = local.common_tags
stage_name = "mvp"
api_lambda = {
name = aws_lambda_function.function.function_name
arn = aws_lambda_function.function.arn
runtime = aws_lambda_function.function.runtime
alias = aws_lambda_alias.alias.name
invoke_arn = aws_lambda_alias.alias.invoke_arn
}
jwt_authorizer = {
issuer = "https://securetoken.google.com/flask-lambda"
audience = [ "flask-lambda" ]
}
routes_definitions = {
health_check = {
operation_name = "Service Health Check"
route_key = "GET /v1/manage/hc"
}
whoami = {
operation_name = "Get user claims"
route_key = "GET /v1/users/whoami"
# Authorization
api_key_required = false
authorization_type = "JWT"
authorization_scopes = []
}
site_map = {
operation_name = "Get endpoints list"
route_key = "GET /v1/admin/endpoints"
# Authorization
api_key_required = false
authorization_type = "JWT"
authorization_scopes = []
}
}
}
```
## Authorization
For the authorizers the module supports a JWT Authorizer because IN order to leverage a token-based Authentication and
Authorization standard to allow an application to access our API, but the routes can also support **`NONE`** for open
access mode and **IAM** for authorization with STS tokens generated by Cognito Identity Pools.
The JWT **`issuer(iss)`** and **`audience(aud)`** depends on the IaaS provider that you will use. in our case we are
using Firebase. so these are the issuer and audience format:
- **`issuer`** - https://securetoken.google.com/[YOUR_FIREBASE_PROJECT_ID]
- **`audience`** - YOUR_FIREBASE_PROJECT_ID
For AWS Cognito:
- **`issuer`** - https://cognito-idp.[REGION_NAME].amazonaws.com/[YOUR_USER_POOL_ID]
- **`audience`** - COGNITO_APPLICATION_CLIENT_ID
For Auth0:
- **issuer`** - https://[YOUR_AUTH0_DOMAIN]/
- **`audience`** - YOUR_AUTH0_API_ID