111 lines
2.8 KiB
HCL
111 lines
2.8 KiB
HCL
module "apigw" {
|
|
source = "../../modules/ApplicationIntegration/apigw-lambda"
|
|
|
|
apigw-type = "regional"
|
|
apigw-security-group-id = "sg-04ec154cb0f516e76"
|
|
apigw-subnet-ids = ["subnet-0d1e0e378cbcd7295", "subnet-0d86aa4c05033dea8"]
|
|
apigw-vpc-id = "vpc-01a10b033169f89a8"
|
|
create-vpc-link = false
|
|
description = "test apigw-lambda module"
|
|
lambda-archive-file = "${path.module}/lambda_function.zip"
|
|
name = "ken2026-test"
|
|
lambda-main-function-name = "main"
|
|
cwl-cmk-key-id = aws_kms_key.cwl-key.arn
|
|
resources = {
|
|
"foo" : {
|
|
"method" : "POST",
|
|
"authorization" : "NONE",
|
|
"integration-type" : "AWS"
|
|
"content-handling" : "CONVERT_TO_TEXT"
|
|
}
|
|
"bar" : {
|
|
"method" : "POST",
|
|
"authorization" : "NONE",
|
|
"integration-type" : "AWS",
|
|
"content-handling" : "CONVERT_TO_TEXT"
|
|
}
|
|
}
|
|
stages = {
|
|
"dev" : {
|
|
"description" : "Dev stage"
|
|
"variables" : {
|
|
"var1" : "foo"
|
|
}
|
|
}
|
|
"prd" : {
|
|
"description" : "Prd stage"
|
|
"variables" : {
|
|
"var1" : "bar"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
data "archive_file" "lambda" {
|
|
source_dir = "function"
|
|
output_path = "lambda_function.zip"
|
|
type = "zip"
|
|
}
|
|
|
|
resource "aws_kms_key" "cwl-key" {
|
|
enable_key_rotation = true
|
|
deletion_window_in_days = 7
|
|
policy = jsonencode(
|
|
{
|
|
"Version" : "2012-10-17",
|
|
"Id" : "key-default-1",
|
|
"Statement" : [
|
|
{
|
|
"Sid" : "Enable IAM User Permissions",
|
|
"Effect" : "Allow",
|
|
"Principal" : {
|
|
"AWS" : "arn:aws:iam::040216112220:root"
|
|
},
|
|
"Action" : "kms:*",
|
|
"Resource" : "*"
|
|
},
|
|
{
|
|
"Sid" : "Allow cloudwatch log service",
|
|
"Effect" : "Allow",
|
|
"Principal" : {
|
|
"Service" : [
|
|
"logs.ap-east-1.amazonaws.com",
|
|
"apigateway.ap-east-1.amazonaws.com"
|
|
]
|
|
},
|
|
"Action" : "kms:*",
|
|
"Resource" : "*"
|
|
}
|
|
]
|
|
}
|
|
)
|
|
}
|
|
|
|
|
|
# apigateway account settings, needed for first apigateway deployment only
|
|
resource "aws_api_gateway_account" "settings" {
|
|
cloudwatch_role_arn = aws_iam_role.apigw-logging-role.arn
|
|
}
|
|
|
|
resource "aws_iam_role" "apigw-logging-role" {
|
|
name = "ApiGatewayLoggingRole"
|
|
assume_role_policy = data.aws_iam_policy_document.apigw-logging-role.json
|
|
}
|
|
|
|
data "aws_iam_policy_document" "apigw-logging-role" {
|
|
statement {
|
|
effect = "Allow"
|
|
|
|
principals {
|
|
type = "Service"
|
|
identifiers = ["apigateway.amazonaws.com"]
|
|
}
|
|
|
|
actions = ["sts:AssumeRole"]
|
|
}
|
|
}
|
|
|
|
resource "aws_iam_role_policy_attachment" "apigw-cloudwatch" {
|
|
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs"
|
|
role = aws_iam_role.apigw-logging-role.id
|
|
} |