https://github.com/rhythmictech/terraform-aws-api-gateway

API Gateway, Domain, Logging, and optional authorizer. Methods, Stage, and Deployment sold separately.
https://github.com/rhythmictech/terraform-aws-api-gateway

api-gateway aws cognito-user-pool terraform terraform-module

Last synced: 4 months ago
JSON representation

API Gateway, Domain, Logging, and optional authorizer. Methods, Stage, and Deployment sold separately.

• Host: GitHub
• URL: https://github.com/rhythmictech/terraform-aws-api-gateway
• Owner: rhythmictech
• License: mit
• Created: 2020-06-11T18:36:07.000Z (almost 6 years ago)
• Default Branch: master
• Last Pushed: 2022-04-06T20:29:28.000Z (about 4 years ago)
• Last Synced: 2025-01-28T14:07:20.899Z (about 1 year ago)
• Topics: api-gateway, aws, cognito-user-pool, terraform, terraform-module
• Language: HCL
• Homepage: https://registry.terraform.io/modules/rhythmictech/api-gateway/aws
• Size: 63.5 KB
• Stars: 1
• Watchers: 2
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

          
# terraform-aws-api-gateway [![](https://github.com/rhythmictech/terraform-aws-api-gateway/workflows/pre-commit-check/badge.svg)](https://github.com/rhythmictech/terraform-aws-api-gateway/actions) 

Creates an API Gateway with:

- CloudWatch logging

- Regional Domain Name

- Optional Authorizer

## About

AWS API Gateway is commonly used to publicly expose a series of AWS Lambdas or ECS Services. It enables all sorts of goodies like a Web Application Firewall (WAF), access logging, and authentication. API Gateway deployments have a few main steps:

0. Create the Actual APIs. Do this in whatever language you want, just make sure they're documented with swagger/OpenAPI

1. Create the API Gateway (this module)

2. Populate the API Methods. You can do this just by uploading a swagger file

3. Deploy to a stage of the API

## Example

Here's what using the module will look like. See the [examples](examples) for more.

```hcl

module "example" {

  source  = "rhythmictech/api-gateway/aws

  version = "1.0.0"

  name                     = "test"

  domain_name              = "test-api.sblack.rocks"

  regional_certificate_arn = "arn:aws:acm:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:certificate/6e8becd7-349e-48bf-b11b-97f4c7e901c8"

  tags = {

    delete_me   = "please"

    Environment = "sandbox"

    whodunnit   = "@sblack4"

  }

}

```

## Requirements

| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 0.12.20 |

|  [aws](#requirement\_aws) | >= 2.48.0 |

## Providers

| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | >= 2.48.0 |

## Modules

No modules.

## Resources

| Name | Type |

|------|------|

| [aws_api_gateway_authorizer.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_authorizer) | resource |

| [aws_api_gateway_domain_name.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_domain_name) | resource |

| [aws_api_gateway_rest_api.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_rest_api) | resource |

| [aws_cloudwatch_log_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |

| [aws_route53_record.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [api\_key\_source](#input\_api\_key\_source) | The source of the API key for requests. Valid values are HEADER (default) and AUTHORIZER. | `string` | `"HEADER"` | no |

|  [binary\_media\_types](#input\_binary\_media\_types) | The list of binary media types supported by the RestApi. By default, the RestApi supports only UTF-8-encoded text payloads. | `list(any)` | 
[
  "UTF-8-encoded"
]
 | no |

|  [description](#input\_description) | Description for the API Gateway. | `string` | `""` | no |

|  [domain\_name](#input\_domain\_name) | The fully-qualified domain name to register | `string` | n/a | yes |

|  [endpoint\_configuration](#input\_endpoint\_configuration) | API gateway endpoint config. REGIONAL or EDGE | `string` | `"EDGE"` | no |

|  [identity\_source](#input\_identity\_source) | The source of the identity in an incoming request.
For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g.
`"method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName,stageVariables.SomeStageVariableName"` | `string` | `"method.request.header.x-api-key"` | no |

|  [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | Days to retain apigateway logs | `number` | `30` | no |

|  [minimum\_compression\_size](#input\_minimum\_compression\_size) | Minimum response size to compress for the REST API. Integer between -1 and 10485760 (10MB). Setting a value greater than -1 will enable compression, -1 disables compression (default). | `number` | `-1` | no |

|  [name](#input\_name) | Moniker to apply to all resources in the module | `string` | n/a | yes |

|  [provider\_arns](#input\_provider\_arns) | A list of the Amazon Cognito user pool ARNs. Each element is of this format:
`arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}`. | `list(string)` | `[]` | no |

|  [regional\_certificate\_arn](#input\_regional\_certificate\_arn) | The ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. | `string` | n/a | yes |

|  [route53\_evaluate\_target\_health](#input\_route53\_evaluate\_target\_health) | Bool for Route 53 alias target health eval | `bool` | `true` | no |

|  [route53\_zone\_id](#input\_route53\_zone\_id) | Zone ID for Route 53 DNS entry | `string` | n/a | yes |

|  [security\_policy](#input\_security\_policy) | The Transport Layer Security (TLS) version + cipher suite for this DomainName. The valid values are TLS\_1\_0 and TLS\_1\_2. Must be configured to perform drift detection. | `string` | `"TLS_1_2"` | no |

|  [tags](#input\_tags) | User-Defined tags | `map(string)` | `{}` | no |

|  [types](#input\_types) | A list of endpoint types. This resource currently only supports managing a single value.
Valid values: EDGE, REGIONAL or PRIVATE. If unspecified, defaults to EDGE. Must be declared as REGIONAL in non-Commercial partitions.
Refer to the documentation for more information on the difference between edge-optimized and regional APIs. | `list(string)` | 
[
  "EDGE"
]
 | no |


## Outputs

| Name | Description |

|------|-------------|

|  [api\_gateway\_authorizer\_id](#output\_api\_gateway\_authorizer\_id) | The ID of the Authorizer |

|  [api\_gateway\_rest\_api\_arn](#output\_api\_gateway\_rest\_api\_arn) | Amazon Resource Name (ARN) |

|  [api\_gateway\_rest\_api\_id](#output\_api\_gateway\_rest\_api\_id) | The ID of the REST API |

|  [cloudwatch\_log\_group\_arn](#output\_cloudwatch\_log\_group\_arn) | The Amazon Resource Name (ARN) specifying the log group. |

|  [domain\_name](#output\_domain\_name) | aws\_api\_gateway\_domain\_name resource |

|  [domain\_name\_arn](#output\_domain\_name\_arn) | Amazon Resource Name (ARN) |

|  [domain\_name\_id](#output\_domain\_name\_id) | The internal id assigned to this domain name by API Gateway. |

|  [route53\_entry](#output\_route53\_entry) | aws\_route53\_record A for aws\_api\_gateway\_domain\_name |

## The Giants underneath this module

- pre-commit.com/

- terraform.io/

- github.com/tfutils/tfenv

- github.com/segmentio/terraform-docs