aws_api_gateway_integration
Provides an HTTP Method Integration for an API Gateway Integration.
Example Usage
resource "aws_api_gateway_rest_api" "MyDemoAPI" {
name = "MyDemoAPI"
description = "This is my API for demonstration purposes"
}
resource "aws_api_gateway_resource" "MyDemoResource" {
rest_api_id = "${aws_api_gateway_rest_api.MyDemoAPI.id}"
parent_id = "${aws_api_gateway_rest_api.MyDemoAPI.root_resource_id}"
path_part = "mydemoresource"
}
resource "aws_api_gateway_method" "MyDemoMethod" {
rest_api_id = "${aws_api_gateway_rest_api.MyDemoAPI.id}"
resource_id = "${aws_api_gateway_resource.MyDemoResource.id}"
http_method = "GET"
authorization = "NONE"
}
resource "aws_api_gateway_integration" "MyDemoIntegration" {
rest_api_id = "${aws_api_gateway_rest_api.MyDemoAPI.id}"
resource_id = "${aws_api_gateway_resource.MyDemoResource.id}"
http_method = "${aws_api_gateway_method.MyDemoMethod.http_method}"
type = "MOCK"
cache_key_parameters = ["method.request.path.param"]
cache_namespace = "foobar"
request_parameters = {
"integration.request.header.X-Authorization" = "'static'"
}
# Transforms the incoming XML request to JSON
request_templates {
"application/xml" = <<EOF
{
"body" : $input.json('$')
}
EOF
}
}
Lambda integration
# Variables
variable "myregion" {}
variable "accountId" {}
# API Gateway
resource "aws_api_gateway_rest_api" "api" {
name = "myapi"
}
resource "aws_api_gateway_resource" "resource" {
path_part = "resource"
parent_id = "${aws_api_gateway_rest_api.api.root_resource_id}"
rest_api_id = "${aws_api_gateway_rest_api.api.id}"
}
resource "aws_api_gateway_method" "method" {
rest_api_id = "${aws_api_gateway_rest_api.api.id}"
resource_id = "${aws_api_gateway_resource.resource.id}"
http_method = "GET"
authorization = "NONE"
}
resource "aws_api_gateway_integration" "integration" {
rest_api_id = "${aws_api_gateway_rest_api.api.id}"
resource_id = "${aws_api_gateway_resource.resource.id}"
http_method = "${aws_api_gateway_method.method.http_method}"
integration_http_method = "POST"
type = "AWS_PROXY"
uri = "arn:aws:apigateway:${var.myregion}:lambda:path/2015-03-31/functions/${aws_lambda_function.lambda.arn}/invocations"
}
# Lambda
resource "aws_lambda_permission" "apigw_lambda" {
statement_id = "AllowExecutionFromAPIGateway"
action = "lambda:InvokeFunction"
function_name = "${aws_lambda_function.lambda.arn}"
principal = "apigateway.amazonaws.com"
# More: http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.html
source_arn = "arn:aws:execute-api:${var.myregion}:${var.accountId}:${aws_api_gateway_rest_api.api.id}/*/${aws_api_gateway_method.method.http_method}${aws_api_gateway_resource.resource.path}"
}
resource "aws_lambda_function" "lambda" {
filename = "lambda.zip"
function_name = "mylambda"
role = "${aws_iam_role.role.arn}"
handler = "lambda.lambda_handler"
runtime = "python2.7"
source_code_hash = "${base64sha256(file("lambda.zip"))}"
}
# IAM
resource "aws_iam_role" "role" {
name = "myrole"
assume_role_policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
POLICY
}
VPC Link
variable "name" {}
variable "subnet_id" {}
resource "aws_lb" "test" {
name = "${var.name}"
internal = true
load_balancer_type = "network"
subnets = ["${var.subnet_id}"]
}
resource "aws_api_gateway_vpc_link" "test" {
name = "${var.name}"
target_arns = ["${aws_lb.test.arn}"]
}
resource "aws_api_gateway_rest_api" "test" {
name = "${var.name}"
}
resource "aws_api_gateway_resource" "test" {
rest_api_id = "${aws_api_gateway_rest_api.test.id}"
parent_id = "${aws_api_gateway_rest_api.test.root_resource_id}"
path_part = "test"
}
resource "aws_api_gateway_method" "test" {
rest_api_id = "${aws_api_gateway_rest_api.test.id}"
resource_id = "${aws_api_gateway_resource.test.id}"
http_method = "GET"
authorization = "NONE"
request_models = {
"application/json" = "Error"
}
}
resource "aws_api_gateway_integration" "test" {
rest_api_id = "${aws_api_gateway_rest_api.test.id}"
resource_id = "${aws_api_gateway_resource.test.id}"
http_method = "${aws_api_gateway_method.test.http_method}"
request_templates = {
"application/json" = ""
"application/xml" = "#set($inputRoot = $input.path('$'))\n{ }"
}
request_parameters = {
"integration.request.header.X-Authorization" = "'static'"
"integration.request.header.X-Foo" = "'Bar'"
}
type = "HTTP"
uri = "https://www.google.de"
integration_http_method = "GET"
passthrough_behavior = "WHEN_NO_MATCH"
content_handling = "CONVERT_TO_TEXT"
connection_type = "VPC_LINK"
connection_id = "${aws_api_gateway_vpc_link.test.id}"
}
Argument Reference
The following arguments are supported:
-
rest_api_id- (Required) The ID of the associated REST API. -
resource_id- (Required) The API resource ID. -
http_method- (Required) The HTTP method (GET,POST,PUT,DELETE,HEAD,OPTION,ANY) when calling the associated resource. -
integration_http_method- (Optional) The integration HTTP method (GET,POST,PUT,DELETE,HEAD,OPTION) specifying how API Gateway will interact with the back end. Required iftypeisAWS,AWS_PROXY,HTTPorHTTP_PROXY. Not all methods are compatible with allAWSintegrations. e.g. Lambda function can only be invoked viaPOST. -
type- (Required) The integration input's type. Valid values areHTTP(for HTTP backends),MOCK(not calling any real backend),AWS(for AWS services),AWS_PROXY(for Lambda proxy integration) andHTTP_PROXY(for HTTP proxy integration). AnHTTPorHTTP_PROXYintegration with aconnection_typeofVPC_LINKis referred to as a private integration and uses a VpcLink to connect API Gateway to a network load balancer of a VPC. -
connection_type- (Optional) The integration input's connectionType. Valid values areINTERNET(default for connections through the public routable internet), andVPC_LINK(for private connections between API Gateway and a network load balancer in a VPC). -
connection_id- (Optional) The id of the VpcLink used for the integration. Required ifconnection_typeisVPC_LINK -
uri- (Optional) The input's URI (HTTP, AWS). Required iftypeisHTTPorAWS. For HTTP integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification . For AWS integrations, the URI should be of the formarn:aws:apigateway:{region}:{subdomain.service|service}:{path|action}/{service_api}.region,subdomainandserviceare used to determine the right endpoint. e.g.arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:012345678901:function:my-func/invocations -
credentials- (Optional) The credentials required for the integration. ForAWSintegrations, 2 options are available. To specify an IAM Role for Amazon API Gateway to assume, use the role's ARN. To require that the caller's identity be passed through from the request, specify the stringarn:aws:iam::\*:user/\*. -
request_templates- (Optional) A map of the integration's request templates. -
request_parameters- (Optional) A map of request query string parameters and headers that should be passed to the backend responder. For example:request_parameters = { "integration.request.header.X-Some-Other-Header" = "method.request.header.X-Some-Header" } -
passthrough_behavior- (Optional) The integration passthrough behavior (WHEN_NO_MATCH,WHEN_NO_TEMPLATES,NEVER). Required ifrequest_templatesis used. -
cache_key_parameters- (Optional) A list of cache key parameters for the integration. -
cache_namespace- (Optional) The integration's cache namespace. -
request_parameters_in_json- Deprecated, userequest_parametersinstead. -
content_handling- (Optional) Specifies how to handle request payload content type conversions. Supported values areCONVERT_TO_BINARYandCONVERT_TO_TEXT. If this property is not defined, the request payload will be passed through from the method request to integration request without modification, provided that the passthroughBehaviors is configured to support payload pass-through.
© 2018 HashiCorpLicensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/aws/r/api_gateway_integration.html