From 3ef58b3130fb21402941c9b25f5c4b52f08c9ca2 Mon Sep 17 00:00:00 2001 From: yadavprakash Date: Fri, 2 Jul 2021 21:17:27 +0530 Subject: [PATCH 01/82] update github-action,module tags and update in 0.15 --- _example/complete/example.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/_example/complete/example.tf b/_example/complete/example.tf index 94c0a69..7fbf4bc 100644 --- a/_example/complete/example.tf +++ b/_example/complete/example.tf @@ -6,7 +6,6 @@ module "api-gateway" { source = "../../" name = "api-gateway" - repository = "https://registry.terraform.io/modules/clouddrove/api-gateway/aws/0.14.0" environment = "test" label_order = ["name", "environment"] enabled = true From d14260865b6fc13ece35d490fdeef01f0437c579 Mon Sep 17 00:00:00 2001 From: yadavprakash Date: Fri, 2 Jul 2021 21:17:49 +0530 Subject: [PATCH 02/82] update github-action,module tags and update in 0.15 --- .github/workflows/readme.yml | 11 +++-- .github/workflows/terraform.yml | 86 ++++++++++++++++++++++++++++----- .github/workflows/terratest.yml | 21 +++++--- .pre-commit-config.yaml | 3 +- README.md | 10 ++-- README.yaml | 4 +- _example/basic/example.tf | 1 - main.tf | 3 +- variables.tf | 2 +- 9 files changed, 108 insertions(+), 33 deletions(-) diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index a91e47b..26a6fee 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -12,29 +12,30 @@ jobs: - name: 'Checkout' uses: actions/checkout@v2.3.4 - - name: Set up Python 3.7. + - name: 'Set up Python 3.7' uses: actions/setup-python@v2 with: python-version: '3.x' - name: 'create readme' - uses: 'clouddrove/github-actions@v6.0' + uses: 'clouddrove/github-actions@v8.0' with: actions_subcommand: 'readme' github_token: '${{ secrets.GITHUB}}' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} - - name: pre-commit check errors + + - name: 'pre-commit check errors' uses: pre-commit/action@v2.0.0 continue-on-error: true - - name: pre-commit fix erros + - name: 'pre-commit fix errors' uses: pre-commit/action@v2.0.0 continue-on-error: true - name: 'push readme' - uses: 'clouddrove/github-actions@v6.0' + uses: 'clouddrove/github-actions@v8.0' continue-on-error: true with: actions_subcommand: 'push' diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index ddc67cb..3552a30 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -13,16 +13,18 @@ jobs: uses: actions/checkout@v2.3.4 - name: 'Terraform Format' - uses: 'clouddrove/github-actions@v6.0' + uses: 'clouddrove/github-actions@v8.0' + with: + actions_subcommand: 'fmt' + - name: 'Terraform Format' + uses: 'clouddrove/github-actions@v8.0' with: actions_subcommand: 'fmt' - Basic: - name: 'Init,Validate,PLan of Basic example' - needs: fmt + basic: + name: 'basic' runs-on: ubuntu-latest steps: - - name: 'Checkout' uses: actions/checkout@v2.3.4 @@ -33,20 +35,82 @@ jobs: aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} aws-region: us-east-2 - - name: 'Terraform init' - uses: 'clouddrove/github-actions@v6.0' + - name: 'Terraform init for basic' + uses: 'clouddrove/github-actions@v8.0' with: actions_subcommand: 'init' tf_actions_working_dir: ./_example/basic - - name: 'Terraform validate' - uses: 'clouddrove/github-actions@v6.0' + - name: 'Terraform validate for basic' + uses: 'clouddrove/github-actions@v8.0' with: actions_subcommand: 'validate' tf_actions_working_dir: ./_example/basic - - name: 'Terraform plan' - uses: 'clouddrove/github-actions@v6.0' + - name: 'Terraform plan for basic' + uses: 'clouddrove/github-actions@v8.0' with: actions_subcommand: 'plan' tf_actions_working_dir: ./_example/basic + + complete: + name: 'complete' + runs-on: ubuntu-latest + steps: + - name: 'Checkout' + uses: actions/checkout@v2.3.4 + + - name: 'Configure AWS Credentials' + uses: clouddrove/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} + aws-region: us-east-2 + + - name: 'Terraform init for complete' + uses: 'clouddrove/github-actions@v8.0' + with: + actions_subcommand: 'init' + tf_actions_working_dir: ./_example/complete + + - name: 'Terraform validate complete' + uses: 'clouddrove/github-actions@v8.0' + with: + actions_subcommand: 'validate' + tf_actions_working_dir: ./_example/complete + + - name: 'Terraform plan for complete' + uses: 'clouddrove/github-actions@v8.0' + with: + actions_subcommand: 'plan' + tf_actions_working_dir: ./_example/complete + + pre-commit: + name: 'Pre-Commit' + needs: + - fmt + - basic + - complete + runs-on: ubuntu-latest + steps: + - name: 'Checkout' + uses: actions/checkout@v2.3.4 + + - name: 'Install Tflint' + run: | + curl https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash + + - name: 'Pre-Commit πŸ”Ž' + uses: pre-commit/action@v2.0.3 + continue-on-error: true + + - name: 'Slack Notification' + uses: clouddrove/action-slack@v2 + with: + status: ${{ job.status }} + fields: repo,author + author_name: 'CloudDrove' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required + if: always() diff --git a/.github/workflows/terratest.yml b/.github/workflows/terratest.yml index 2ebb88e..ba37daf 100644 --- a/.github/workflows/terratest.yml +++ b/.github/workflows/terratest.yml @@ -6,13 +6,13 @@ on: types: [labeled] jobs: - Terratest: - name: 'Terratest for basic' + terraform: + name: 'Terraform' runs-on: ubuntu-latest steps: - name: 'Checkout' - uses: actions/checkout@v2.3.4 + uses: actions/checkout@master - name: Configure AWS Credentials uses: clouddrove/configure-aws-credentials@v1 @@ -21,12 +21,21 @@ jobs: aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} aws-region: us-east-2 - - name: 'Terratest' + - name: 'Terratest Basic' if: ${{ github.event.label.name == 'terratest' }} - uses: 'clouddrove/github-actions@v6.0' + uses: 'clouddrove/github-actions@v8.0' with: actions_subcommand: 'terratest' - tf_actions_working_dir: '_test/basic' + tf_actions_working_dir: '_test/basic_example' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: 'Terratest Secure' + if: ${{ github.event.label.name == 'terratest' }} + uses: 'clouddrove/github-actions@v8.0' + with: + actions_subcommand: 'terratest' + tf_actions_working_dir: '_test/secure_example' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 8216706..9e713a5 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -5,9 +5,10 @@ repos: hooks: - id: terraform-fmt - id: shellcheck + - id: tflint - repo: git://github.com/pre-commit/pre-commit-hooks - rev: v3.4.0 # Use the ref you want to point at + rev: v4.0.1 # Use the ref you want to point at hooks: - id: end-of-file-fixer - id: trailing-whitespace diff --git a/README.md b/README.md index 2e5a7af..fc99fa6 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ Terraform AWS Api Gateway -

+

Terraform module to create Route53 resource on AWS for create api gateway with it's basic elements.

@@ -38,7 +38,7 @@
-We eat, drink, sleep and most importantly love **DevOps**. We are working towards strategies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy Bigger problems are always solved by breaking them into smaller manageable problems. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller connected yet manageable pieces within the infrastructure. +We eat, drink, sleep and most importantly love **DevOps**. We are working towards strategies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy Bigger problems are always solved by breaking them into smaller manageable problems. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller connected yet manageable pieces within the infrastructure. This module is basically combination of [Terraform open source](https://www.terraform.io/) and includes automatation tests and examples. It also helps to create and improve your infrastructure with minimalistic code instead of maintaining the whole infrastructure code yourself. @@ -49,7 +49,7 @@ We have [*fifty plus terraform modules*][terraform_modules]. A few of them are c ## Prerequisites -This module has a few dependencies: +This module has a few dependencies: - [Terraform 0.13](https://learn.hashicorp.com/terraform/getting-started/install.html) - [Go](https://golang.org/doc/install) @@ -327,7 +327,7 @@ Here are examples of how you can use this module in your inventory structure: ## Testing -In this module testing is performed with [terratest](https://github.com/gruntwork-io/terratest) and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a [GO environment](https://golang.org/doc/install) in your system. +In this module testing is performed with [terratest](https://github.com/gruntwork-io/terratest) and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a [GO environment](https://golang.org/doc/install) in your system. You need to run the following command in the testing folder: ```hcl @@ -336,7 +336,7 @@ You need to run the following command in the testing folder: -## Feedback +## Feedback If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/terraform-aws-api-gateway/issues), or feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com). If you have found it worth your time, go ahead and give us a β˜… on [our GitHub](https://github.com/clouddrove/terraform-aws-api-gateway)! diff --git a/README.yaml b/README.yaml index a1a10fe..d5e7f45 100644 --- a/README.yaml +++ b/README.yaml @@ -16,7 +16,7 @@ github_repo: clouddrove/terraform-aws-api-gateway # Badges to display badges: - name: "Terraform" - image: "https://img.shields.io/badge/Terraform-v0.14-green" + image: "https://img.shields.io/badge/Terraform-v0.15-green" url: "https://www.terraform.io" - name: "Licence" image: "https://img.shields.io/badge/License-MIT-blue.svg" @@ -40,7 +40,7 @@ usage: |- ```hcl module "api-gateway" { source = "clouddrove/api-gateway/aws" - version = "0.14.0" + version = "0.15.0" name = "api-gateway" environment = "test" label_order = ["name", "environment"] diff --git a/_example/basic/example.tf b/_example/basic/example.tf index 17420dc..59a59a0 100644 --- a/_example/basic/example.tf +++ b/_example/basic/example.tf @@ -5,7 +5,6 @@ provider "aws" { module "api-gateway" { source = "../../" name = "api-gateway" - repository = "https://registry.terraform.io/modules/clouddrove/api-gateway/aws/0.14.0" environment = "test" label_order = ["name", "environment"] enabled = true diff --git a/main.tf b/main.tf index 146b3be..1171158 100644 --- a/main.tf +++ b/main.tf @@ -6,7 +6,8 @@ # for resources. You can use terraform-labels to implement a strict naming # convention. module "labels" { - source = "git::https://github.com/clouddrove/terraform-labels.git?ref=tags/0.14.0" + source = "clouddrove/labels/aws" + version = "0.15.0" enabled = var.enabled name = var.name diff --git a/variables.tf b/variables.tf index 07ced39..6b4d995 100644 --- a/variables.tf +++ b/variables.tf @@ -8,7 +8,7 @@ variable "name" { variable "repository" { type = string - default = "" + default = "https://github.com/clouddrove/terraform-aws-api-gateway" description = "Terraform current module repo" validation { From c33429a97885421a3d1252fe4da5854f7d526e3c Mon Sep 17 00:00:00 2001 From: yadavprakash Date: Fri, 2 Jul 2021 21:21:32 +0530 Subject: [PATCH 03/82] update github-action,module tags and update in 0.15 --- .github/workflows/terratest.yml | 51 --------------------------------- 1 file changed, 51 deletions(-) delete mode 100644 .github/workflows/terratest.yml diff --git a/.github/workflows/terratest.yml b/.github/workflows/terratest.yml deleted file mode 100644 index ba37daf..0000000 --- a/.github/workflows/terratest.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: 'Terratest GitHub Actions' -on: - pull_request: - branches: - - master - types: [labeled] - -jobs: - terraform: - name: 'Terraform' - runs-on: ubuntu-latest - steps: - - - name: 'Checkout' - uses: actions/checkout@master - - - name: Configure AWS Credentials - uses: clouddrove/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} - aws-region: us-east-2 - - - name: 'Terratest Basic' - if: ${{ github.event.label.name == 'terratest' }} - uses: 'clouddrove/github-actions@v8.0' - with: - actions_subcommand: 'terratest' - tf_actions_working_dir: '_test/basic_example' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: 'Terratest Secure' - if: ${{ github.event.label.name == 'terratest' }} - uses: 'clouddrove/github-actions@v8.0' - with: - actions_subcommand: 'terratest' - tf_actions_working_dir: '_test/secure_example' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: 'Slack Notification' - uses: clouddrove/action-slack@v2 - with: - status: ${{ job.status }} - fields: repo,author - author_name: 'CloudDrove' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required - if: always() From 48356946a9fefdccc4e721e3b4810fbb9a633e4b Mon Sep 17 00:00:00 2001 From: yadavprakash Date: Mon, 5 Jul 2021 18:23:44 +0530 Subject: [PATCH 04/82] update terratest --- .github/workflows/terraform.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 3552a30..8b51239 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -79,11 +79,6 @@ jobs: actions_subcommand: 'validate' tf_actions_working_dir: ./_example/complete - - name: 'Terraform plan for complete' - uses: 'clouddrove/github-actions@v8.0' - with: - actions_subcommand: 'plan' - tf_actions_working_dir: ./_example/complete pre-commit: name: 'Pre-Commit' From af62b80a3a3771f3a528f7164110cc3166038033 Mon Sep 17 00:00:00 2001 From: clouddrove-ci Date: Tue, 6 Jul 2021 15:11:28 +0000 Subject: [PATCH 05/82] update README.md --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index fc99fa6..ed0f944 100644 --- a/README.md +++ b/README.md @@ -7,14 +7,14 @@ Terraform AWS Api Gateway -

+

Terraform module to create Route53 resource on AWS for create api gateway with it's basic elements.

- Terraform + Terraform Licence @@ -38,7 +38,7 @@

-We eat, drink, sleep and most importantly love **DevOps**. We are working towards strategies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy Bigger problems are always solved by breaking them into smaller manageable problems. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller connected yet manageable pieces within the infrastructure. +We eat, drink, sleep and most importantly love **DevOps**. We are working towards strategies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy Bigger problems are always solved by breaking them into smaller manageable problems. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller connected yet manageable pieces within the infrastructure. This module is basically combination of [Terraform open source](https://www.terraform.io/) and includes automatation tests and examples. It also helps to create and improve your infrastructure with minimalistic code instead of maintaining the whole infrastructure code yourself. @@ -49,7 +49,7 @@ We have [*fifty plus terraform modules*][terraform_modules]. A few of them are c ## Prerequisites -This module has a few dependencies: +This module has a few dependencies: - [Terraform 0.13](https://learn.hashicorp.com/terraform/getting-started/install.html) - [Go](https://golang.org/doc/install) @@ -73,7 +73,7 @@ Here are examples of how you can use this module in your inventory structure: ```hcl module "api-gateway" { source = "clouddrove/api-gateway/aws" - version = "0.14.0" + version = "0.15.0" name = "api-gateway" environment = "test" label_order = ["name", "environment"] @@ -286,7 +286,7 @@ Here are examples of how you can use this module in your inventory structure: | passthrough\_behaviors | The integration passthrough behavior (WHEN\_NO\_MATCH, WHEN\_NO\_TEMPLATES, NEVER). Required if request\_templates is used. | `list(any)` | `[]` | no | | path\_parts | The last path segment of this API resource. | `list(any)` | `[]` | no | | provider\_arns | required for type COGNITO\_USER\_POOLS) A list of the Amazon Cognito user pool ARNs. Each element is of this format: arn:aws:cognito-idp:{region}:{account\_id}:userpool/{user\_pool\_id}. | `list(any)` | `[]` | no | -| repository | Terraform current module repo | `string` | `""` | no | +| repository | Terraform current module repo | `string` | `"https://github.com/clouddrove/terraform-aws-api-gateway"` | no | | request\_models | A map of the API models used for the request's content type where key is the content type (e.g. application/json) and value is either Error, Empty (built-in models) or aws\_api\_gateway\_model's name. | `list(any)` | `[]` | no | | request\_parameters | A map of request query string parameters and headers that should be passed to the integration. For example: request\_parameters = {"method.request.header.X-Some-Header" = true "method.request.querystring.some-query-param" = true} would define that the header X-Some-Header and the query string some-query-param must be provided in the request. | `list(any)` | `[]` | no | | request\_templates | A map of the integration's request templates. | `list(any)` | `[]` | no | @@ -327,7 +327,7 @@ Here are examples of how you can use this module in your inventory structure: ## Testing -In this module testing is performed with [terratest](https://github.com/gruntwork-io/terratest) and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a [GO environment](https://golang.org/doc/install) in your system. +In this module testing is performed with [terratest](https://github.com/gruntwork-io/terratest) and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a [GO environment](https://golang.org/doc/install) in your system. You need to run the following command in the testing folder: ```hcl @@ -336,7 +336,7 @@ You need to run the following command in the testing folder: -## Feedback +## Feedback If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/terraform-aws-api-gateway/issues), or feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com). If you have found it worth your time, go ahead and give us a β˜… on [our GitHub](https://github.com/clouddrove/terraform-aws-api-gateway)! From 3ae25eb6d313bf005c4538fad8e3e976adad2dee Mon Sep 17 00:00:00 2001 From: Roger Coll Date: Thu, 9 Sep 2021 15:11:23 +0200 Subject: [PATCH 06/82] feat: add tags to aws_api_gateway_rest_api Tags variable was defined as an input but not used in the resource that allows them. --- main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/main.tf b/main.tf index 1171158..eb5d59f 100644 --- a/main.tf +++ b/main.tf @@ -33,6 +33,7 @@ resource "aws_api_gateway_rest_api" "default" { types = var.types } policy = var.api_policy + tags = var.tags } # Module : Api Gateway Resource From a766576d63e3f51ec85c385a39f04399a10a8da6 Mon Sep 17 00:00:00 2001 From: clouddrove-ci Date: Thu, 9 Sep 2021 18:01:54 +0000 Subject: [PATCH 07/82] update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ed0f944..bf49b67 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,7 @@ We have [*fifty plus terraform modules*][terraform_modules]. A few of them are c This module has a few dependencies: -- [Terraform 0.13](https://learn.hashicorp.com/terraform/getting-started/install.html) +- [Terraform 0.15](https://learn.hashicorp.com/terraform/getting-started/install.html) - [Go](https://golang.org/doc/install) - [github.com/stretchr/testify/assert](https://github.com/stretchr/testify) - [github.com/gruntwork-io/terratest/modules/terraform](https://github.com/gruntwork-io/terratest) From f6c89eebb4b3aaed8a4738710e2510618f5b20f8 Mon Sep 17 00:00:00 2001 From: Roger Coll Date: Fri, 10 Sep 2021 10:10:18 +0200 Subject: [PATCH 08/82] feat: idempotency for aws_api_gateway_integration The integration_http_method for the api_gateway_integration is optional, thus the default is null not POST. This makes some idempotency issues with the _example/basic code. --- _example/basic/example.tf | 2 +- main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/_example/basic/example.tf b/_example/basic/example.tf index 59a59a0..b139871 100644 --- a/_example/basic/example.tf +++ b/_example/basic/example.tf @@ -18,7 +18,7 @@ module "api-gateway" { # Api Gateway Integration integration_types = ["MOCK"] - integration_http_methods = ["POST"] + integration_http_methods = [] uri = [""] integration_request_parameters = [{ "integration.request.header.X-Authorization" = "'static'" diff --git a/main.tf b/main.tf index eb5d59f..f8c080d 100644 --- a/main.tf +++ b/main.tf @@ -84,7 +84,7 @@ resource "aws_api_gateway_integration" "default" { rest_api_id = aws_api_gateway_rest_api.default.*.id[0] resource_id = aws_api_gateway_resource.default.*.id[count.index] http_method = aws_api_gateway_method.default.*.http_method[count.index] - integration_http_method = length(var.integration_http_methods) > 0 ? element(var.integration_http_methods, count.index) : "POST" + integration_http_method = length(var.integration_http_methods) > 0 ? element(var.integration_http_methods, count.index) : null type = length(var.integration_types) > 0 ? element(var.integration_types, count.index) : "AWS_PROXY" connection_type = length(var.connection_types) > 0 ? element(var.connection_types, count.index) : "INTERNET" connection_id = length(var.connection_ids) > 0 ? element(var.connection_ids, count.index) : "" From bcfc8bd0af09d4f3d4991759742b4d424c556d8f Mon Sep 17 00:00:00 2001 From: Ken Tang Date: Sat, 18 Sep 2021 17:09:53 -0700 Subject: [PATCH 09/82] fix identity_source default value The default value for identity_source should be "method.request.header.Authorization". Currently this "" value causes an exception in Terraform with a message of a bad request input. This is not helpful since you do not know what is causing this problem when using the api_gateway_authorizer resource. Source: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_authorizer#identity_source --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index f8c080d..30dbb47 100644 --- a/main.tf +++ b/main.tf @@ -252,7 +252,7 @@ resource "aws_api_gateway_authorizer" "default" { authorizer_uri = length(var.authorizer_uri) > 0 ? element(var.authorizer_uri, count.index) : "" authorizer_credentials = length(var.authorizer_credentials) > 0 ? element(var.authorizer_credentials, count.index) : "" authorizer_result_ttl_in_seconds = length(var.authorizer_result_ttl_in_seconds) > 0 ? element(var.authorizer_result_ttl_in_seconds, count.index) : 300 - identity_source = length(var.identity_sources) > 0 ? element(var.identity_sources, count.index) : "" + identity_source = length(var.identity_sources) > 0 ? element(var.identity_sources, count.index) : "method.request.header.Authorization" type = length(var.authorizer_types) > 0 ? element(var.authorizer_types, count.index) : "TOKEN" identity_validation_expression = length(var.identity_validation_expressions) > 0 ? element(var.identity_validation_expressions, count.index) : "" provider_arns = length(var.provider_arns) > 0 ? element(var.provider_arns, count.index) : null From ac92c1414485125871b55efa7d27d4ea5d5bd901 Mon Sep 17 00:00:00 2001 From: Jakub Igla Date: Sun, 10 Oct 2021 21:13:54 +0200 Subject: [PATCH 10/82] Add vpc_endpoint_ids to endpoint_configuration --- README.md | 1 + main.tf | 3 ++- variables.tf | 6 ++++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index bf49b67..e7f70e7 100644 --- a/README.md +++ b/README.md @@ -310,6 +310,7 @@ Here are examples of how you can use this module in your inventory structure: | uri | The input's URI. Required if type is AWS, AWS\_PROXY, HTTP or HTTP\_PROXY. For HTTP integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification . For AWS integrations, the URI should be of the form arn:aws:apigateway:{region}:{subdomain.service\|service}:{path\|action}/{service\_api}. region, subdomain and service are used to determine the right endpoint. e.g. arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:012345678901:function:my-func/invocations. | `list(any)` | `[]` | no | | values | The value of the API key. If not specified, it will be automatically generated by AWS on creation. | `list(any)` | `[]` | no | | variables | A map that defines variables for the stage. | `map(any)` | `{}` | no | +| vpc\_endpoint\_ids | Set of VPC Endpoint identifiers. It is only supported for PRIVATE endpoint type. | `list(string)` | `[]` | no | | vpc\_link\_count | Number of count to create VPC Link for api. | `number` | `0` | no | | vpc\_link\_descriptions | The description of the VPC link. | `list(any)` | `[]` | no | | vpc\_link\_names | The name used to label and identify the VPC link. | `list(any)` | `[]` | no | diff --git a/main.tf b/main.tf index 30dbb47..5739a4c 100644 --- a/main.tf +++ b/main.tf @@ -30,7 +30,8 @@ resource "aws_api_gateway_rest_api" "default" { api_key_source = var.api_key_source endpoint_configuration { - types = var.types + types = var.types + vpc_endpoint_ids = var.vpc_endpoint_ids } policy = var.api_policy tags = var.tags diff --git a/variables.tf b/variables.tf index 6b4d995..ee80e33 100644 --- a/variables.tf +++ b/variables.tf @@ -87,6 +87,12 @@ variable "types" { description = "Whether to create rest api." } +variable "vpc_endpoint_ids" { + type = list(string) + default = [] + description = "Set of VPC Endpoint identifiers. It is only supported for PRIVATE endpoint type." +} + variable "path_parts" { type = list(any) default = [] From e2a43a781654347c1cbe2c8b1e37c935e9092c82 Mon Sep 17 00:00:00 2001 From: Bobby8249 Date: Tue, 16 Nov 2021 18:55:44 +0530 Subject: [PATCH 11/82] fix vpc_id error and update provider version --- variables.tf | 2 +- versions.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/variables.tf b/variables.tf index ee80e33..d51f118 100644 --- a/variables.tf +++ b/variables.tf @@ -89,7 +89,7 @@ variable "types" { variable "vpc_endpoint_ids" { type = list(string) - default = [] + default = ["", ] description = "Set of VPC Endpoint identifiers. It is only supported for PRIVATE endpoint type." } diff --git a/versions.tf b/versions.tf index 73086de..5ea98b6 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "3.10.0" + version = "3.65.0" } } } From 10dd58295663ffc204f20d4ea078c9899e18d420 Mon Sep 17 00:00:00 2001 From: Evan Stachowiak Date: Fri, 7 Jan 2022 17:08:38 +0100 Subject: [PATCH 12/82] Use minimum version of aws provider instead of specific --- versions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions.tf b/versions.tf index 73086de..99e9b34 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "3.10.0" + version = ">= 3.10.0" } } } From f9eceb0f366f5d4356c7c8cde1c3d977fdd7576d Mon Sep 17 00:00:00 2001 From: clouddrove-ci Date: Mon, 10 Jan 2022 01:24:06 +0000 Subject: [PATCH 13/82] update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e7f70e7..3ee2719 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,7 @@ We have [*fifty plus terraform modules*][terraform_modules]. A few of them are c This module has a few dependencies: -- [Terraform 0.15](https://learn.hashicorp.com/terraform/getting-started/install.html) +- [Terraform 1.x.x](https://learn.hashicorp.com/terraform/getting-started/install.html) - [Go](https://golang.org/doc/install) - [github.com/stretchr/testify/assert](https://github.com/stretchr/testify) - [github.com/gruntwork-io/terratest/modules/terraform](https://github.com/gruntwork-io/terratest) From 8892b1f0ac2c610283da694d4faa38ed5c957e09 Mon Sep 17 00:00:00 2001 From: clouddrove-ci Date: Mon, 10 Jan 2022 01:26:21 +0000 Subject: [PATCH 14/82] update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3ee2719..edafee1 100644 --- a/README.md +++ b/README.md @@ -310,7 +310,7 @@ Here are examples of how you can use this module in your inventory structure: | uri | The input's URI. Required if type is AWS, AWS\_PROXY, HTTP or HTTP\_PROXY. For HTTP integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification . For AWS integrations, the URI should be of the form arn:aws:apigateway:{region}:{subdomain.service\|service}:{path\|action}/{service\_api}. region, subdomain and service are used to determine the right endpoint. e.g. arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:012345678901:function:my-func/invocations. | `list(any)` | `[]` | no | | values | The value of the API key. If not specified, it will be automatically generated by AWS on creation. | `list(any)` | `[]` | no | | variables | A map that defines variables for the stage. | `map(any)` | `{}` | no | -| vpc\_endpoint\_ids | Set of VPC Endpoint identifiers. It is only supported for PRIVATE endpoint type. | `list(string)` | `[]` | no | +| vpc\_endpoint\_ids | Set of VPC Endpoint identifiers. It is only supported for PRIVATE endpoint type. | `list(string)` | 
[
  ""
]
| no | | vpc\_link\_count | Number of count to create VPC Link for api. | `number` | `0` | no | | vpc\_link\_descriptions | The description of the VPC link. | `list(any)` | `[]` | no | | vpc\_link\_names | The name used to label and identify the VPC link. | `list(any)` | `[]` | no | From 8a99af6a1ac9f5e7669bb3d09b984dadd394ce3f Mon Sep 17 00:00:00 2001 From: Mamraj Yadav Date: Wed, 13 Apr 2022 17:57:02 +0530 Subject: [PATCH 15/82] update github-Action --- .github/workflows/tfsec.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .github/workflows/tfsec.yml diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml new file mode 100644 index 0000000..20cde2d --- /dev/null +++ b/.github/workflows/tfsec.yml @@ -0,0 +1,25 @@ +name: tfsec +on: + pull_request: + +jobs: + tfsec: + name: tfsec sarif report + runs-on: ubuntu-latest + + steps: + - name: Clone repo + uses: actions/checkout@master + + - name: tfsec + uses: aquasecurity/tfsec-sarif-action@v0.1.0 + with: + sarif_file: tfsec.sarif + working_directory: _example + full_repo_scan: true + + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v1 + with: + # Path to SARIF file relative to the root of the repository + sarif_file: tfsec.sarif \ No newline at end of file From b775df1470d5c7c717afcc3bf2af5944713ed505 Mon Sep 17 00:00:00 2001 From: Mamraj Yadav Date: Wed, 13 Apr 2022 17:57:37 +0530 Subject: [PATCH 16/82] update github-Action --- .github/workflows/readme.yml | 24 ++-- .github/workflows/terraform.yml | 143 +++++++++----------- LICENSE | 222 +++++++++++++++++++++++++++++--- README.yaml | 18 ++- main.tf | 2 +- 5 files changed, 284 insertions(+), 125 deletions(-) diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index 26a6fee..3565dc4 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -18,7 +18,7 @@ jobs: python-version: '3.x' - name: 'create readme' - uses: 'clouddrove/github-actions@v8.0' + uses: 'clouddrove/github-actions@v9.0.1' with: actions_subcommand: 'readme' github_token: '${{ secrets.GITHUB}}' @@ -35,20 +35,20 @@ jobs: continue-on-error: true - name: 'push readme' - uses: 'clouddrove/github-actions@v8.0' + uses: 'clouddrove/github-actions@v9.0.1' continue-on-error: true with: actions_subcommand: 'push' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} - - name: 'Slack Notification' - uses: clouddrove/action-slack@v2 - with: - status: ${{ job.status }} - fields: repo,author - author_name: 'CloudDrove' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required - if: always() +# - name: 'Slack Notification' +# uses: clouddrove/action-slack@v2 +# with: +# status: ${{ job.status }} +# fields: repo,author +# author_name: 'CloudDrove' +# env: +# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required +# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required +# if: always() diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 8b51239..bfdb5ef 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -1,64 +1,47 @@ -name: 'Terraform GitHub Actions' +name: static-checks + on: pull_request: - branches: - - master jobs: - fmt: - name: 'terraform fmt' + versionExtract: + name: Get min/max versions runs-on: ubuntu-latest - steps: - - name: 'Checkout' - uses: actions/checkout@v2.3.4 - - - name: 'Terraform Format' - uses: 'clouddrove/github-actions@v8.0' - with: - actions_subcommand: 'fmt' - - name: 'Terraform Format' - uses: 'clouddrove/github-actions@v8.0' - with: - actions_subcommand: 'fmt' - basic: - name: 'basic' - runs-on: ubuntu-latest steps: - - name: 'Checkout' - uses: actions/checkout@v2.3.4 + - name: Checkout + uses: actions/checkout@v2 - - name: 'Configure AWS Credentials' - uses: clouddrove/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} - aws-region: us-east-2 + - name: Terraform min/max versions + id: minMax + uses: clowdhaus/terraform-min-max@main + outputs: + minVersion: ${{ steps.minMax.outputs.minVersion }} + maxVersion: ${{ steps.minMax.outputs.maxVersion }} - - name: 'Terraform init for basic' - uses: 'clouddrove/github-actions@v8.0' - with: - actions_subcommand: 'init' - tf_actions_working_dir: ./_example/basic - - - name: 'Terraform validate for basic' - uses: 'clouddrove/github-actions@v8.0' - with: - actions_subcommand: 'validate' - tf_actions_working_dir: ./_example/basic - - name: 'Terraform plan for basic' - uses: 'clouddrove/github-actions@v8.0' - with: - actions_subcommand: 'plan' - tf_actions_working_dir: ./_example/basic - - complete: - name: 'complete' + versionEvaluate: + name: Evaluate Terraform versions runs-on: ubuntu-latest + needs: versionExtract + strategy: + fail-fast: false + matrix: + version: + - ${{ needs.versionExtract.outputs.minVersion }} + - ${{ needs.versionExtract.outputs.maxVersion }} + directory: + - _example/basic + - _example/complete + steps: - - name: 'Checkout' - uses: actions/checkout@v2.3.4 + - name: Checkout + uses: actions/checkout@v2 + + - name: Install Terraform v${{ matrix.version }} + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: ${{ matrix.version }} - name: 'Configure AWS Credentials' uses: clouddrove/configure-aws-credentials@v1 @@ -67,45 +50,35 @@ jobs: aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} aws-region: us-east-2 - - name: 'Terraform init for complete' - uses: 'clouddrove/github-actions@v8.0' - with: - actions_subcommand: 'init' - tf_actions_working_dir: ./_example/complete + - name: Init & validate v${{ matrix.version }} + run: | + cd ${{ matrix.directory }} + terraform init + terraform validate + terraform plan -input=false -no-color - - name: 'Terraform validate complete' - uses: 'clouddrove/github-actions@v8.0' + - name: tflint + uses: reviewdog/action-tflint@master with: - actions_subcommand: 'validate' - tf_actions_working_dir: ./_example/complete - - - pre-commit: - name: 'Pre-Commit' - needs: - - fmt - - basic - - complete + github_token: ${{ secrets.GITHUB }} + working_directory: ${{ matrix.directory }} + fail_on_error: 'true' + filter_mode: 'nofilter' + flags: '--module' + + format: + name: Check code format runs-on: ubuntu-latest - steps: - - name: 'Checkout' - uses: actions/checkout@v2.3.4 + needs: versionExtract - - name: 'Install Tflint' - run: | - curl https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash - - - name: 'Pre-Commit πŸ”Ž' - uses: pre-commit/action@v2.0.3 - continue-on-error: true + steps: + - name: Checkout + uses: actions/checkout@v2 - - name: 'Slack Notification' - uses: clouddrove/action-slack@v2 + - name: Install Terraform v${{ needs.versionExtract.outputs.maxVersion }} + uses: hashicorp/setup-terraform@v1 with: - status: ${{ job.status }} - fields: repo,author - author_name: 'CloudDrove' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required - if: always() + terraform_version: ${{ needs.versionExtract.outputs.maxVersion }} + + - name: Check Terraform format changes + run: terraform fmt --recursive diff --git a/LICENSE b/LICENSE index 55beef5..e5984b1 100644 --- a/LICENSE +++ b/LICENSE @@ -1,21 +1,201 @@ -MIT License - -Copyright (c) 2021 Cloud Drove - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2021 CloudDrove Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.yaml b/README.yaml index d5e7f45..63528aa 100644 --- a/README.yaml +++ b/README.yaml @@ -8,7 +8,7 @@ name: Terraform AWS Api Gateway # License of this project -license: "MIT" +license: "APACHE" # Canonical GitHub repo github_repo: clouddrove/terraform-aws-api-gateway @@ -16,11 +16,17 @@ github_repo: clouddrove/terraform-aws-api-gateway # Badges to display badges: - name: "Terraform" - image: "https://img.shields.io/badge/Terraform-v0.15-green" + image: "https://img.shields.io/badge/Terraform-v1.1.7-green" url: "https://www.terraform.io" - name: "Licence" - image: "https://img.shields.io/badge/License-MIT-blue.svg" + image: "https://img.shields.io/badge/License-APACHE-blue.svg" url: "LICENSE.md" + - name: "tfsec" + image: "https://github.com/clouddrove/terraform-aws-api-gateway/actions/workflows/tfsec.yml/badge.svg" + url: "https://github.com/clouddrove/terraform-aws-api-gateway/actions/workflows/tfsec.yml" + - name: "static-checks" + image: "https://github.com/clouddrove/terraform-aws-api-gateway/actions/workflows/terraform.yml/badge.svg" + url: "https://github.com/clouddrove/terraform-aws-api-gateway/actions/workflows/terraform.yml" # description of this project # yamllint disable rule:line-length @@ -40,7 +46,7 @@ usage: |- ```hcl module "api-gateway" { source = "clouddrove/api-gateway/aws" - version = "0.15.0" + version = "1.0.1" name = "api-gateway" environment = "test" label_order = ["name", "environment"] @@ -98,7 +104,7 @@ usage: |- ```hcl module "api-gateway" { source = "clouddrove/api-gateway/aws" - version = "0.14.0" + version = "1.0.1" name = "api-gateway" environment = "test" @@ -179,4 +185,4 @@ usage: |- key_count = 2 key_names = ["test", "test1"] } - ``` + ``` \ No newline at end of file diff --git a/main.tf b/main.tf index 5739a4c..5fac3b1 100644 --- a/main.tf +++ b/main.tf @@ -252,7 +252,7 @@ resource "aws_api_gateway_authorizer" "default" { name = element(var.authorizer_names, count.index) authorizer_uri = length(var.authorizer_uri) > 0 ? element(var.authorizer_uri, count.index) : "" authorizer_credentials = length(var.authorizer_credentials) > 0 ? element(var.authorizer_credentials, count.index) : "" - authorizer_result_ttl_in_seconds = length(var.authorizer_result_ttl_in_seconds) > 0 ? element(var.authorizer_result_ttl_in_seconds, count.index) : 300 + authorizer_result_ttFl_in_seconds = length(var.authorizer_result_ttl_in_seconds) > 0 ? element(var.authorizer_result_ttl_in_seconds, count.index) : 300 identity_source = length(var.identity_sources) > 0 ? element(var.identity_sources, count.index) : "method.request.header.Authorization" type = length(var.authorizer_types) > 0 ? element(var.authorizer_types, count.index) : "TOKEN" identity_validation_expression = length(var.identity_validation_expressions) > 0 ? element(var.identity_validation_expressions, count.index) : "" From a9914d355f9c487a63f4f65f4d504e7ff9fe2420 Mon Sep 17 00:00:00 2001 From: Mamraj Yadav Date: Wed, 13 Apr 2022 18:05:05 +0530 Subject: [PATCH 17/82] fix version error --- versions.tf => _example/basic/versions.tf | 2 +- _example/complete/versions.tf | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) rename versions.tf => _example/basic/versions.tf (80%) create mode 100644 _example/complete/versions.tf diff --git a/versions.tf b/_example/basic/versions.tf similarity index 80% rename from versions.tf rename to _example/basic/versions.tf index 99e9b34..4059bf6 100644 --- a/versions.tf +++ b/_example/basic/versions.tf @@ -1,6 +1,6 @@ # Terraform version terraform { - required_version = ">= 0.12" + required_version = ">= 0.14.11" required_providers { aws = { source = "hashicorp/aws" diff --git a/_example/complete/versions.tf b/_example/complete/versions.tf new file mode 100644 index 0000000..4059bf6 --- /dev/null +++ b/_example/complete/versions.tf @@ -0,0 +1,10 @@ +# Terraform version +terraform { + required_version = ">= 0.14.11" + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.10.0" + } + } +} From ce82140a8193228f5b4ca8a7875f2b6758701b9e Mon Sep 17 00:00:00 2001 From: Mamraj Yadav Date: Wed, 13 Apr 2022 21:08:46 +0530 Subject: [PATCH 18/82] update githubaction --- .github/workflows/readme.yml | 20 ++++++++++---------- main.tf | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index 3565dc4..8f09ef7 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -42,13 +42,13 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} -# - name: 'Slack Notification' -# uses: clouddrove/action-slack@v2 -# with: -# status: ${{ job.status }} -# fields: repo,author -# author_name: 'CloudDrove' -# env: -# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required -# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required -# if: always() + - name: 'Slack Notification' + uses: clouddrove/action-slack@v2 + with: + status: ${{ job.status }} + fields: repo,author + author_name: 'CloudDrove' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required + if: always() diff --git a/main.tf b/main.tf index 5fac3b1..5739a4c 100644 --- a/main.tf +++ b/main.tf @@ -252,7 +252,7 @@ resource "aws_api_gateway_authorizer" "default" { name = element(var.authorizer_names, count.index) authorizer_uri = length(var.authorizer_uri) > 0 ? element(var.authorizer_uri, count.index) : "" authorizer_credentials = length(var.authorizer_credentials) > 0 ? element(var.authorizer_credentials, count.index) : "" - authorizer_result_ttFl_in_seconds = length(var.authorizer_result_ttl_in_seconds) > 0 ? element(var.authorizer_result_ttl_in_seconds, count.index) : 300 + authorizer_result_ttl_in_seconds = length(var.authorizer_result_ttl_in_seconds) > 0 ? element(var.authorizer_result_ttl_in_seconds, count.index) : 300 identity_source = length(var.identity_sources) > 0 ? element(var.identity_sources, count.index) : "method.request.header.Authorization" type = length(var.authorizer_types) > 0 ? element(var.authorizer_types, count.index) : "TOKEN" identity_validation_expression = length(var.identity_validation_expressions) > 0 ? element(var.identity_validation_expressions, count.index) : "" From 9ea380849e5384be78050ccdafe7bf3eac059ae6 Mon Sep 17 00:00:00 2001 From: Mamraj Yadav Date: Thu, 14 Apr 2022 19:32:52 +0530 Subject: [PATCH 19/82] fix tfsec error --- .github/workflows/readme.yml | 20 ++++++++++---------- _example/complete/example.tf | 4 ++-- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index 8f09ef7..3565dc4 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -42,13 +42,13 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} - - name: 'Slack Notification' - uses: clouddrove/action-slack@v2 - with: - status: ${{ job.status }} - fields: repo,author - author_name: 'CloudDrove' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required - if: always() +# - name: 'Slack Notification' +# uses: clouddrove/action-slack@v2 +# with: +# status: ${{ job.status }} +# fields: repo,author +# author_name: 'CloudDrove' +# env: +# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required +# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required +# if: always() diff --git a/_example/complete/example.tf b/_example/complete/example.tf index 7fbf4bc..da860f5 100644 --- a/_example/complete/example.tf +++ b/_example/complete/example.tf @@ -20,7 +20,7 @@ module "api-gateway" { # Api Gateway Integration integration_types = ["MOCK", "AWS_PROXY"] integration_http_methods = ["POST", "POST"] - uri = ["", "arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:test/invocations"] + uri = ["", "arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:012345678901:function:test/invocations"] integration_request_parameters = [{ "integration.request.header.X-Authorization" = "'static'" }, {}] @@ -65,7 +65,7 @@ EOF authorizer_count = 2 authorizer_names = ["test", "test1"] authorizer_uri = ["arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:test/invocations", "arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:test/invocations"] - authorizer_credentials = ["arn:aws:iam::xxxxxxxxxx:role/lambda-role", "arn:aws:iam::xxxxxxxxxx:role/lambda-role"] + authorizer_credentials = ["arn:aws:iam::123144197303:role/alarm-lambda-role", "arn:aws:iam::123456789098:role/lambda-role"] identity_sources = ["method.request.header.Authorization", "method.request.header.Authorization"] identity_validation_expressions = ["sfdgfhghrfdsdas", ""] authorizer_types = ["TOKEN", "REQUEST"] From 0648ac913505a4cd7ec1e5950ce5345f1c55c2d2 Mon Sep 17 00:00:00 2001 From: Mamraj Yadav Date: Thu, 14 Apr 2022 21:24:21 +0530 Subject: [PATCH 20/82] update readme.yml --- .github/workflows/readme.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index 3565dc4..8f09ef7 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -42,13 +42,13 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} -# - name: 'Slack Notification' -# uses: clouddrove/action-slack@v2 -# with: -# status: ${{ job.status }} -# fields: repo,author -# author_name: 'CloudDrove' -# env: -# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required -# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required -# if: always() + - name: 'Slack Notification' + uses: clouddrove/action-slack@v2 + with: + status: ${{ job.status }} + fields: repo,author + author_name: 'CloudDrove' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required + if: always() From ce3e9782f7a0e774b4a9be1b30eee0d91bccbf3a Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Wed, 18 May 2022 20:33:45 +0530 Subject: [PATCH 21/82] update version --- .github/workflows/readme.yml | 4 ++-- .github/workflows/terraform.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index 8f09ef7..54f849a 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -18,7 +18,7 @@ jobs: python-version: '3.x' - name: 'create readme' - uses: 'clouddrove/github-actions@v9.0.1' + uses: 'clouddrove/github-actions@v9.0.2' with: actions_subcommand: 'readme' github_token: '${{ secrets.GITHUB}}' @@ -35,7 +35,7 @@ jobs: continue-on-error: true - name: 'push readme' - uses: 'clouddrove/github-actions@v9.0.1' + uses: 'clouddrove/github-actions@v9.0.2' continue-on-error: true with: actions_subcommand: 'push' diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index bfdb5ef..1d9bbf8 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -55,7 +55,7 @@ jobs: cd ${{ matrix.directory }} terraform init terraform validate - terraform plan -input=false -no-color + - name: tflint uses: reviewdog/action-tflint@master From 6852e2e1dbd4eb1d31d180341d2d82adf8e6acd4 Mon Sep 17 00:00:00 2001 From: clouddrove-ci Date: Thu, 19 May 2022 11:27:27 +0000 Subject: [PATCH 22/82] update README.md --- README.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index edafee1..55f7012 100644 --- a/README.md +++ b/README.md @@ -14,10 +14,16 @@

- Terraform + Terraform - Licence + Licence + + + tfsec + + + static-checks @@ -73,7 +79,7 @@ Here are examples of how you can use this module in your inventory structure: ```hcl module "api-gateway" { source = "clouddrove/api-gateway/aws" - version = "0.15.0" + version = "1.0.1" name = "api-gateway" environment = "test" label_order = ["name", "environment"] @@ -131,7 +137,7 @@ Here are examples of how you can use this module in your inventory structure: ```hcl module "api-gateway" { source = "clouddrove/api-gateway/aws" - version = "0.14.0" + version = "1.0.1" name = "api-gateway" environment = "test" From 2a8e96ee934556ef4afe2405e46bcb9a91d0ea91 Mon Sep 17 00:00:00 2001 From: Martin Paul Eve Date: Fri, 20 May 2022 10:09:12 +0100 Subject: [PATCH 23/82] Pass VPC endpoints conditionally. Fixes #24 --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 5739a4c..327ce12 100644 --- a/main.tf +++ b/main.tf @@ -31,7 +31,7 @@ resource "aws_api_gateway_rest_api" "default" { endpoint_configuration { types = var.types - vpc_endpoint_ids = var.vpc_endpoint_ids + vpc_endpoint_ids = length(var.vpc_endpoint_ids) > 0 && var.vpc_endpoint_ids[0] != "" ? var.vpc_endpoint_ids : null } policy = var.api_policy tags = var.tags From 44d6b0f89365480a88d4d3cc66576a37edc99265 Mon Sep 17 00:00:00 2001 From: Chen Shapira <31656672+chenshap@users.noreply.github.com> Date: Thu, 18 Aug 2022 07:53:55 +0300 Subject: [PATCH 24/82] Update main.tf fix bug on aws_api_gateway_vpc_link: target_arns expected to be a list but string is applied --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 327ce12..10c59bb 100644 --- a/main.tf +++ b/main.tf @@ -278,7 +278,7 @@ resource "aws_api_gateway_vpc_link" "default" { count = var.vpc_link_count > 0 ? var.vpc_link_count : 0 name = element(var.vpc_link_names, count.index) description = length(var.vpc_link_descriptions) > 0 ? element(var.vpc_link_descriptions, count.index) : "" - target_arns = element(var.target_arns, count.index) + target_arns = [element(var.target_arns, count.index)] } # Module : Api Gateway Api Key From 85f7c9bcfead740387ff67b633016e3ccfe9370f Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Mon, 23 Jan 2023 17:19:57 +0530 Subject: [PATCH 25/82] use terraform letast version --- _example/basic/versions.tf | 7 ++++--- _example/complete/versions.tf | 7 ++++--- main.tf | 2 +- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/_example/basic/versions.tf b/_example/basic/versions.tf index 4059bf6..cbc6f9c 100644 --- a/_example/basic/versions.tf +++ b/_example/basic/versions.tf @@ -1,10 +1,11 @@ # Terraform version terraform { - required_version = ">= 0.14.11" + required_version = ">= 1.3.6" + required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.10.0" + version = ">= 4.48.0" } } -} +} \ No newline at end of file diff --git a/_example/complete/versions.tf b/_example/complete/versions.tf index 4059bf6..cbc6f9c 100644 --- a/_example/complete/versions.tf +++ b/_example/complete/versions.tf @@ -1,10 +1,11 @@ # Terraform version terraform { - required_version = ">= 0.14.11" + required_version = ">= 1.3.6" + required_providers { aws = { source = "hashicorp/aws" - version = ">= 3.10.0" + version = ">= 4.48.0" } } -} +} \ No newline at end of file diff --git a/main.tf b/main.tf index 327ce12..65b01e9 100644 --- a/main.tf +++ b/main.tf @@ -7,7 +7,7 @@ # convention. module "labels" { source = "clouddrove/labels/aws" - version = "0.15.0" + version = "1.3.0" enabled = var.enabled name = var.name From 2d22e769a119e25155875e22d572248b3cea7027 Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Wed, 25 Jan 2023 19:15:25 +0530 Subject: [PATCH 26/82] use terraform letast version --- .github/workflows/terraform.yml | 1 + .github/workflows/terratest.yml | 40 +++++++++++++++++++++++++++++++++ README.yaml | 4 ++-- 3 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/terratest.yml diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 1d9bbf8..7003be6 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -60,6 +60,7 @@ jobs: - name: tflint uses: reviewdog/action-tflint@master with: + tflint_version: v0.29.0 github_token: ${{ secrets.GITHUB }} working_directory: ${{ matrix.directory }} fail_on_error: 'true' diff --git a/.github/workflows/terratest.yml b/.github/workflows/terratest.yml new file mode 100644 index 0000000..a043a42 --- /dev/null +++ b/.github/workflows/terratest.yml @@ -0,0 +1,40 @@ +name: 'Terratest GitHub Actions' +on: + pull_request: + branches: + - master + types: [labeled] + +jobs: + Terratest: + name: 'terratest' + runs-on: ubuntu-latest + steps: + + - name: 'Checkout' + uses: actions/checkout@v2.3.4 + + - name: 'Configure AWS Credentials' + uses: clouddrove/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} + aws-region: us-east-2 + + - name: 'terratest' + uses: 'clouddrove/github-actions@v9.0.2' + with: + actions_subcommand: 'terratest' + if: ${{ github.event.label.name == 'terratest' }} + tf_actions_working_dir: '_test' + + - name: 'Slack Notification' + uses: clouddrove/action-slack@v2 + with: + status: ${{ job.status }} + fields: repo,author + author_name: 'CloudDrove' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required + if: always() diff --git a/README.yaml b/README.yaml index 63528aa..7f10dc3 100644 --- a/README.yaml +++ b/README.yaml @@ -46,7 +46,7 @@ usage: |- ```hcl module "api-gateway" { source = "clouddrove/api-gateway/aws" - version = "1.0.1" + version = "1.3.0" name = "api-gateway" environment = "test" label_order = ["name", "environment"] @@ -104,7 +104,7 @@ usage: |- ```hcl module "api-gateway" { source = "clouddrove/api-gateway/aws" - version = "1.0.1" + version = "1.3.0" name = "api-gateway" environment = "test" From 0c6db16a2bc90b8ad5edcfb6a30750c75ad4d507 Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Wed, 25 Jan 2023 19:24:34 +0530 Subject: [PATCH 27/82] use terraform letast version --- .github/workflows/tfsec.yml | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index 20cde2d..a7907ff 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -15,11 +15,28 @@ jobs: uses: aquasecurity/tfsec-sarif-action@v0.1.0 with: sarif_file: tfsec.sarif - working_directory: _example + working_directory: ./_example/ full_repo_scan: true - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v1 with: # Path to SARIF file relative to the root of the repository - sarif_file: tfsec.sarif \ No newline at end of file + sarif_file: tfsec.sarif + + - name: tfsec commenter for PR + uses: tfsec/tfsec-pr-commenter-action@main + with: + GITHUB_TOKEN: ${{ secrets.GITHUB}} + working_directory: ./_example/ + + + - name: 'Terraform security scan Advanced' + uses: triat/terraform-security-scan@v3.0.3 + if: github.event_name == 'pull_request' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB}} + tfsec_actions_working_dir: ./_example/ + tfsec_actions_comment: true + tfsec_output_format: sarif + continue-on-error: true \ No newline at end of file From 6245f4b6d8706cb609c04d59895417ad71c73f82 Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Wed, 25 Jan 2023 19:46:35 +0530 Subject: [PATCH 28/82] use terraform letast version --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 65b01e9..6c1bfa7 100644 --- a/main.tf +++ b/main.tf @@ -278,7 +278,7 @@ resource "aws_api_gateway_vpc_link" "default" { count = var.vpc_link_count > 0 ? var.vpc_link_count : 0 name = element(var.vpc_link_names, count.index) description = length(var.vpc_link_descriptions) > 0 ? element(var.vpc_link_descriptions, count.index) : "" - target_arns = element(var.target_arns, count.index) + target_arns = [element(var.target_arns, count.index)] } # Module : Api Gateway Api Key From 7a18e2170902dc6244bbe5c6a5aa5ab2ade8c81f Mon Sep 17 00:00:00 2001 From: clouddrove-ci Date: Thu, 26 Jan 2023 15:42:15 +0000 Subject: [PATCH 29/82] update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 55f7012..c29fd78 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ Here are examples of how you can use this module in your inventory structure: ```hcl module "api-gateway" { source = "clouddrove/api-gateway/aws" - version = "1.0.1" + version = "1.3.0" name = "api-gateway" environment = "test" label_order = ["name", "environment"] @@ -137,7 +137,7 @@ Here are examples of how you can use this module in your inventory structure: ```hcl module "api-gateway" { source = "clouddrove/api-gateway/aws" - version = "1.0.1" + version = "1.3.0" name = "api-gateway" environment = "test" From 9aa5e9c21448241565ce961938f951f533c1ce5b Mon Sep 17 00:00:00 2001 From: vibhuti goyal Date: Wed, 10 May 2023 13:52:35 +0530 Subject: [PATCH 30/82] bug: updated tfsec.yml file workflow with shared-workflows --- .github/workflows/tfsec.yml | 43 ++++++------------------------------- 1 file changed, 6 insertions(+), 37 deletions(-) diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index a7907ff..9aaf588 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -1,42 +1,11 @@ name: tfsec +permissions: write-all on: pull_request: - + workflow_dispatch: jobs: tfsec: - name: tfsec sarif report - runs-on: ubuntu-latest - - steps: - - name: Clone repo - uses: actions/checkout@master - - - name: tfsec - uses: aquasecurity/tfsec-sarif-action@v0.1.0 - with: - sarif_file: tfsec.sarif - working_directory: ./_example/ - full_repo_scan: true - - - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v1 - with: - # Path to SARIF file relative to the root of the repository - sarif_file: tfsec.sarif - - - name: tfsec commenter for PR - uses: tfsec/tfsec-pr-commenter-action@main - with: - GITHUB_TOKEN: ${{ secrets.GITHUB}} - working_directory: ./_example/ - - - - name: 'Terraform security scan Advanced' - uses: triat/terraform-security-scan@v3.0.3 - if: github.event_name == 'pull_request' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB}} - tfsec_actions_working_dir: ./_example/ - tfsec_actions_comment: true - tfsec_output_format: sarif - continue-on-error: true \ No newline at end of file + uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master + secrets: inherit + with: + working_directory: '.' \ No newline at end of file From fc7b2c3ecdbe0dd8d92e6078afbc5368ac60930f Mon Sep 17 00:00:00 2001 From: vibhuti goyal Date: Wed, 10 May 2023 13:55:03 +0530 Subject: [PATCH 31/82] feat: added changelog.yml file use shared workflow --- .github/workflows/changelog.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/workflows/changelog.yml diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml new file mode 100644 index 0000000..4b735f5 --- /dev/null +++ b/.github/workflows/changelog.yml @@ -0,0 +1,13 @@ +name: changelog +permissions: write-all +on: + push: + tags: + - "*" + workflow_dispatch: +jobs: + changelog: + uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master + secrets: inherit + with: + branch: 'master' \ No newline at end of file From 1c7b42fd7e5777e35cfdc99de3f1e0c18db2ad9c Mon Sep 17 00:00:00 2001 From: vibhuti goyal Date: Wed, 10 May 2023 14:00:01 +0530 Subject: [PATCH 32/82] feat: added depemdabot.yml --- .github/dependabot.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..1d9c5d5 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,15 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "terraform" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "weekly" + - package-ecosystem: "terraform" # See documentation for possible values + directory: "_example/complete" # Location of package manifests + schedule: + interval: "weekly" \ No newline at end of file From e995898e6f784868160c8f6f7c2589ac1232aa37 Mon Sep 17 00:00:00 2001 From: vibhuti goyal Date: Wed, 10 May 2023 16:32:26 +0530 Subject: [PATCH 33/82] feat: auto changelog action added --- CHANGELOG.md | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..a097fd9 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,56 @@ +# Changelog +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [1.0.1] - 2022-06-15 +### :bug: Bug Fixes +- [`6245f4b`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/6245f4b6d8706cb609c04d59895417ad71c73f82) - use terraform letast version +- [`44d6b0f`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/44d6b0f89365480a88d4d3cc66576a37edc99265) - Update main.tf + + +## [0.14.1] - 2021-02-12 +### :bug: Bug Fixes +- [`44d6b0f`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/44d6b0f89365480a88d4d3cc66576a37edc99265) - update main.tf +- [`6245f4b`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/6245f4b6d8706cb609c04d59895417ad71c73f82) - use terraform letast version +- [``e2a43a7](https://github.com/clouddrove/terraform-aws-api-gateway/commit/e2a43a781654347c1cbe2c8b1e37c935e9092c82) - fix vpc_id error and update provider version + +## [0.14.0] - 2021-01-20 +### :sparkles: New Features +- [`ce3e978`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/ce3e9782f7a0e774b4a9be1b30eee0d91bccbf3a) - update version +- [`44d6b0f`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/44d6b0f89365480a88d4d3cc66576a37edc99265) - update main.tf + +## [0.13.0] - 2020-10-21 +### :bug: Bug Fixes +- [`4835694`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/48356946a9fefdccc4e721e3b4810fbb9a633e4b) - update terratest +- [`ce3e978`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/ce3e9782f7a0e774b4a9be1b30eee0d91bccbf3a) - update version +- [`44d6b0f`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/44d6b0f89365480a88d4d3cc66576a37edc99265) - Update main.tf + +## [0.12.2] - 2020-06-18 +### :bug: Bug Fixes +- [`ce3e978`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/ce3e9782f7a0e774b4a9be1b30eee0d91bccbf3a) - update version +- [`9ea3808`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/9ea380849e5384be78050ccdafe7bf3eac059ae6) - fix tfsec error +- [`a9914d3`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/a9914d355f9c487a63f4f65f4d504e7ff9fe2420) - fix version error + + +## [0.12.1] - 2019-10-22 +### :bug: Bug Fixes +- [`4835694`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/48356946a9fefdccc4e721e3b4810fbb9a633e4b) - update terratest +- [`9ea3808`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/9ea380849e5384be78050ccdafe7bf3eac059ae6) - fix tfsec error + +## [0.12.0] - 2019-09-28 +### :bug: Bug Fixes +- [`4835694`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/48356946a9fefdccc4e721e3b4810fbb9a633e4b) - update terratest +- [`e2a43a7`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/e2a43a781654347c1cbe2c8b1e37c935e9092c82) - fix vpc_id error and update provider version + + + +[0.15.0]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/0.15.0 +[0.12.0]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/0.12.0 +[0.12.1]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/0.12.1 +[0.12.2]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/0.12.2 +[0.13.0]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/0.13.0 +[0.14.0]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/0.14.0 +[0.14.1]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/0.14.1 +[1.0.1]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/1.0.1 From 86b6c150b3fe61bbc6a05b4a93d208e9c7604df6 Mon Sep 17 00:00:00 2001 From: vibhuti goyal Date: Wed, 10 May 2023 16:51:34 +0530 Subject: [PATCH 34/82] bug: updated dependabot.yml --- .github/dependabot.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1d9c5d5..16df33e 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -11,5 +11,9 @@ updates: interval: "weekly" - package-ecosystem: "terraform" # See documentation for possible values directory: "_example/complete" # Location of package manifests + schedule: + interval: "weekly" + - package-ecosystem: "terraform" # See documentation for possible values + directory: "_example/basic" # Location of package manifests schedule: interval: "weekly" \ No newline at end of file From 5f5472e8c5b231de8c21a606f016857abd9a70c7 Mon Sep 17 00:00:00 2001 From: mamraj yadav Date: Fri, 19 May 2023 15:43:47 +0530 Subject: [PATCH 35/82] feat: added rest api policy and make api private --- _example/basic/example.tf | 3 +++ main.tf | 26 +++++++++++++++++++++++++- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/_example/basic/example.tf b/_example/basic/example.tf index b139871..7c68931 100644 --- a/_example/basic/example.tf +++ b/_example/basic/example.tf @@ -12,6 +12,9 @@ module "api-gateway" { # Api Gateway Resource path_parts = ["mytestresource"] + ##endpoint_configuration + types = ["PRIVATE"] + # Api Gateway Method method_enabled = true http_methods = ["GET"] diff --git a/main.tf b/main.tf index 6c1bfa7..b3b783b 100644 --- a/main.tf +++ b/main.tf @@ -33,10 +33,34 @@ resource "aws_api_gateway_rest_api" "default" { types = var.types vpc_endpoint_ids = length(var.vpc_endpoint_ids) > 0 && var.vpc_endpoint_ids[0] != "" ? var.vpc_endpoint_ids : null } - policy = var.api_policy tags = var.tags } +data "aws_iam_policy_document" "test" { + statement { + effect = "Allow" + + principals { + type = "AWS" + identifiers = ["*"] + } + + actions = ["execute-api:Invoke"] + resources = [join("", aws_api_gateway_rest_api.default.*.execution_arn)] + + condition { + test = "IpAddress" + variable = "aws:SourceIp" + values = ["123.123.123.123/32"] + } + } +} + +resource "aws_api_gateway_rest_api_policy" "test" { + rest_api_id = join("", aws_api_gateway_rest_api.default.*.id) + policy = data.aws_iam_policy_document.test.json +} + # Module : Api Gateway Resource # Description : Terraform module to create Api Gateway resource on AWS. resource "aws_api_gateway_resource" "default" { From e43db98aff0b243fbcd1d4b422ce023b9521de20 Mon Sep 17 00:00:00 2001 From: mamraj yadav Date: Fri, 19 May 2023 17:31:04 +0530 Subject: [PATCH 36/82] bug: updated api policy --- _example/basic/example.tf | 24 ++++++++++++++++++++++++ main.tf | 21 +-------------------- 2 files changed, 25 insertions(+), 20 deletions(-) diff --git a/_example/basic/example.tf b/_example/basic/example.tf index 7c68931..bd3fbbf 100644 --- a/_example/basic/example.tf +++ b/_example/basic/example.tf @@ -58,4 +58,28 @@ EOF # Api Gateway Stage stage_enabled = true stage_names = ["qa"] + ## Api Policy + + api_policy = data.aws_iam_policy_document.test.json + +} + +data "aws_iam_policy_document" "test" { + statement { + effect = "Allow" + + principals { + type = "AWS" + identifiers = ["*"] + } + + actions = ["execute-api:Invoke"] + resources = [module.api-gateway.execution_arn] + + condition { + test = "IpAddress" + variable = "aws:SourceIp" + values = ["123.123.123.123/32"] + } + } } diff --git a/main.tf b/main.tf index b3b783b..950da9d 100644 --- a/main.tf +++ b/main.tf @@ -36,29 +36,10 @@ resource "aws_api_gateway_rest_api" "default" { tags = var.tags } -data "aws_iam_policy_document" "test" { - statement { - effect = "Allow" - - principals { - type = "AWS" - identifiers = ["*"] - } - - actions = ["execute-api:Invoke"] - resources = [join("", aws_api_gateway_rest_api.default.*.execution_arn)] - - condition { - test = "IpAddress" - variable = "aws:SourceIp" - values = ["123.123.123.123/32"] - } - } -} resource "aws_api_gateway_rest_api_policy" "test" { rest_api_id = join("", aws_api_gateway_rest_api.default.*.id) - policy = data.aws_iam_policy_document.test.json + policy = var.api_policy } # Module : Api Gateway Resource From 546fe756d1709e8b4502f74f0f089ab3ea5b012b Mon Sep 17 00:00:00 2001 From: mamraj yadav Date: Fri, 19 May 2023 22:26:22 +0530 Subject: [PATCH 37/82] feat: added api policy in example --- _example/complete/example.tf | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/_example/complete/example.tf b/_example/complete/example.tf index da860f5..2135e93 100644 --- a/_example/complete/example.tf +++ b/_example/complete/example.tf @@ -83,4 +83,29 @@ EOF # Api Gateway Api Key key_count = 2 key_names = ["test", "test1"] + + ## Api Policy + + api_policy = data.aws_iam_policy_document.test.json + } + +data "aws_iam_policy_document" "test" { + statement { + effect = "Allow" + + principals { + type = "AWS" + identifiers = ["*"] + } + + actions = ["execute-api:Invoke"] + resources = [module.api-gateway.execution_arn] + + condition { + test = "IpAddress" + variable = "aws:SourceIp" + values = ["123.123.123.123/32"] + } + } +} \ No newline at end of file From 0a13fbe0d48fc2df28d302a557b7f6b11d2cc4ac Mon Sep 17 00:00:00 2001 From: Tanveer143s Date: Wed, 24 May 2023 20:59:15 +0530 Subject: [PATCH 38/82] feat: add deepsource & added assignees,reviewer in dependabot --- .deepsource.toml | 4 ++++ .github/dependabot.yml | 20 +++++++++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 .deepsource.toml diff --git a/.deepsource.toml b/.deepsource.toml new file mode 100644 index 0000000..18b001a --- /dev/null +++ b/.deepsource.toml @@ -0,0 +1,4 @@ +version = 1 + +[[analyzers]] +name = "terraform" \ No newline at end of file diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 16df33e..7f43137 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,11 +9,29 @@ updates: directory: "/" # Location of package manifests schedule: interval: "weekly" + # Add assignees + assignees: + - "clouddrove-ci" +# Add reviewer + reviewers: + - "approvers" - package-ecosystem: "terraform" # See documentation for possible values directory: "_example/complete" # Location of package manifests schedule: interval: "weekly" + # Add assignees + assignees: + - "clouddrove-ci" +# Add reviewer + reviewers: + - "approvers" - package-ecosystem: "terraform" # See documentation for possible values directory: "_example/basic" # Location of package manifests schedule: - interval: "weekly" \ No newline at end of file + interval: "weekly" + # Add assignees + assignees: + - "clouddrove-ci" +# Add reviewer + reviewers: + - "approvers" \ No newline at end of file From a085977168f8013f48c09b5235fd3f5a55ad5439 Mon Sep 17 00:00:00 2001 From: Tanveer143s Date: Thu, 25 May 2023 14:18:46 +0530 Subject: [PATCH 39/82] feat: add deepsource & added assignees,reviewer in dependabot --- .github/dependabot.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 7f43137..e078cc2 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,29 +9,29 @@ updates: directory: "/" # Location of package manifests schedule: interval: "weekly" - # Add assignees + # Add assignees assignees: - "clouddrove-ci" -# Add reviewer + # Add reviewer reviewers: - "approvers" - package-ecosystem: "terraform" # See documentation for possible values directory: "_example/complete" # Location of package manifests schedule: interval: "weekly" - # Add assignees + # Add assignees assignees: - "clouddrove-ci" -# Add reviewer + # Add reviewer reviewers: - "approvers" - package-ecosystem: "terraform" # See documentation for possible values directory: "_example/basic" # Location of package manifests schedule: interval: "weekly" - # Add assignees + # Add assignees assignees: - "clouddrove-ci" -# Add reviewer + # Add reviewer reviewers: - "approvers" \ No newline at end of file From 7b1ff499e16aa2aefdf8bfcbba3ed7fe645114a8 Mon Sep 17 00:00:00 2001 From: mamraj yadav Date: Mon, 29 May 2023 22:14:39 +0530 Subject: [PATCH 40/82] bug: fixed cache key parameters issue --- _example/basic/example.tf | 1 + main.tf | 2 +- variables.tf | 5 +++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/_example/basic/example.tf b/_example/basic/example.tf index bd3fbbf..08589ef 100644 --- a/_example/basic/example.tf +++ b/_example/basic/example.tf @@ -20,6 +20,7 @@ module "api-gateway" { http_methods = ["GET"] # Api Gateway Integration + cache_key_parameters = [""] integration_types = ["MOCK"] integration_http_methods = [] uri = [""] diff --git a/main.tf b/main.tf index 950da9d..39bc901 100644 --- a/main.tf +++ b/main.tf @@ -99,7 +99,7 @@ resource "aws_api_gateway_integration" "default" { request_parameters = length(var.integration_request_parameters) > 0 ? element(var.integration_request_parameters, count.index) : {} request_templates = length(var.request_templates) > 0 ? element(var.request_templates, count.index) : {} passthrough_behavior = length(var.passthrough_behaviors) > 0 ? element(var.passthrough_behaviors, count.index) : null - cache_key_parameters = length(var.cache_key_parameters) > 0 ? element(var.cache_key_parameters, count.index) : [] + cache_key_parameters = length(var.cache_key_parameters) > 0 ? var.cache_key_parameters : [] cache_namespace = length(var.cache_namespaces) > 0 ? element(var.cache_namespaces, count.index) : "" content_handling = length(var.content_handlings) > 0 ? element(var.content_handlings, count.index) : null timeout_milliseconds = length(var.timeout_milliseconds) > 0 ? element(var.timeout_milliseconds, count.index) : 29000 diff --git a/variables.tf b/variables.tf index d51f118..73f3a24 100644 --- a/variables.tf +++ b/variables.tf @@ -258,10 +258,11 @@ variable "passthrough_behaviors" { } variable "cache_key_parameters" { - type = list(any) - default = [] + type = list(string) + default = [""] description = "A list of cache key parameters for the integration." sensitive = true + } variable "cache_namespaces" { From e7938bab6526e92116fa608659a90b533518fa08 Mon Sep 17 00:00:00 2001 From: clouddrove-ci Date: Mon, 29 May 2023 17:05:37 +0000 Subject: [PATCH 41/82] update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c29fd78..8bf329f 100644 --- a/README.md +++ b/README.md @@ -246,7 +246,7 @@ Here are examples of how you can use this module in your inventory structure: | binary\_media\_types | The list of binary media types supported by the RestApi. By default, the RestApi supports only UTF-8-encoded text payloads. | `list(any)` | 

[
  "UTF-8-encoded"
]
| no | | cache\_cluster\_enableds | Specifies whether a cache cluster is enabled for the stage. | `list(any)` | `[]` | no | | cache\_cluster\_sizes | The size of the cache cluster for the stage, if enabled. Allowed values include 0.5, 1.6, 6.1, 13.5, 28.4, 58.2, 118 and 237. | `list(any)` | `[]` | no | -| cache\_key\_parameters | A list of cache key parameters for the integration. | `list(any)` | `[]` | no | +| cache\_key\_parameters | A list of cache key parameters for the integration. | `list(string)` | 
[
  ""
]
| no | | cache\_namespaces | The integration's cache namespace. | `list(any)` | `[]` | no | | cert\_description | The description of the client certificate. | `string` | `""` | no | | cert\_enabled | Whether to create client certificate. | `bool` | `false` | no | From 94b83252956581f636b0ea3bcef7eb17c36d77aa Mon Sep 17 00:00:00 2001 From: mamraj yadav Date: Mon, 12 Jun 2023 22:06:55 +0530 Subject: [PATCH 42/82] fix: updated outputs.tf --- _example/basic/example.tf | 2 +- _example/basic/outputs.tf | 11 +++++++++++ main.tf | 2 +- outputs.tf | 10 ++++++++++ 4 files changed, 23 insertions(+), 2 deletions(-) diff --git a/_example/basic/example.tf b/_example/basic/example.tf index 08589ef..1fd0327 100644 --- a/_example/basic/example.tf +++ b/_example/basic/example.tf @@ -20,7 +20,7 @@ module "api-gateway" { http_methods = ["GET"] # Api Gateway Integration - cache_key_parameters = [""] + cache_key_parameters = [""] integration_types = ["MOCK"] integration_http_methods = [] uri = [""] diff --git a/_example/basic/outputs.tf b/_example/basic/outputs.tf index 434c97d..1b1d65a 100644 --- a/_example/basic/outputs.tf +++ b/_example/basic/outputs.tf @@ -4,3 +4,14 @@ output "arn" { value = module.api-gateway.*.execution_arn description = "The Execution ARN of the REST API." } + +output "invoke_url" { + value = module.api-gateway.invoke_url + description = " Input's URI. Required if type is AWS, AWS_PROXY, HTTP or HTTP_PROXY. For HTTP integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification " + sensitive = true +} + +output "stage_name" { + value = module.api-gateway.stage_name + description = "Name of the stage to create with this deployment. If the specified stage already exists, it will be updated to point to the new deployment." +} \ No newline at end of file diff --git a/main.tf b/main.tf index 39bc901..5720543 100644 --- a/main.tf +++ b/main.tf @@ -33,7 +33,7 @@ resource "aws_api_gateway_rest_api" "default" { types = var.types vpc_endpoint_ids = length(var.vpc_endpoint_ids) > 0 && var.vpc_endpoint_ids[0] != "" ? var.vpc_endpoint_ids : null } - tags = var.tags + tags = var.tags } diff --git a/outputs.tf b/outputs.tf index 6c08077..63f081e 100644 --- a/outputs.tf +++ b/outputs.tf @@ -14,3 +14,13 @@ output "tags" { value = module.labels.tags description = "A mapping of tags to assign to the resource." } + +output "invoke_url" { + value = join("", aws_api_gateway_integration.default.*.uri) + description = " Input's URI. Required if type is AWS, AWS_PROXY, HTTP or HTTP_PROXY. For HTTP integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification " +} + +output "stage_name" { + value = join("", aws_api_gateway_deployment.default.*.stage_name) + description = "Name of the stage to create with this deployment. If the specified stage already exists, it will be updated to point to the new deployment." +} \ No newline at end of file From 8e46dd6f89079c077378d7d28d5ca2098bf1955f Mon Sep 17 00:00:00 2001 From: clouddrove-ci Date: Wed, 14 Jun 2023 08:20:11 +0000 Subject: [PATCH 43/82] update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 8bf329f..10a2d8c 100644 --- a/README.md +++ b/README.md @@ -328,6 +328,8 @@ Here are examples of how you can use this module in your inventory structure: |------|-------------| | execution\_arn | The Execution ARN of the REST API. | | id | The ID of the REST API. | +| invoke\_url | Input's URI. Required if type is AWS, AWS\_PROXY, HTTP or HTTP\_PROXY. For HTTP integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification | +| stage\_name | Name of the stage to create with this deployment. If the specified stage already exists, it will be updated to point to the new deployment. | | tags | A mapping of tags to assign to the resource. | From 58729c96baa75b7c87da843b41dc3931a6245bc7 Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Tue, 4 Jul 2023 20:22:46 +0530 Subject: [PATCH 44/82] feat: crate apigateway-v2 terraform module --- _example/basic/example.tf | 86 --- _example/basic/outputs.tf | 17 - _example/basic/versions.tf | 11 - _example/complete/example.tf | 111 ---- _example/complete/outputs.tf | 6 - _example/example.tf | 80 +++ _example/outputs.tf | 0 main.tf | 439 ++++++-------- outputs.tf | 26 - variables.tf | 600 ++++--------------- _example/complete/versions.tf => versions.tf | 4 +- 11 files changed, 404 insertions(+), 976 deletions(-) delete mode 100644 _example/basic/example.tf delete mode 100644 _example/basic/outputs.tf delete mode 100644 _example/basic/versions.tf delete mode 100644 _example/complete/example.tf delete mode 100644 _example/complete/outputs.tf create mode 100644 _example/example.tf create mode 100644 _example/outputs.tf rename _example/complete/versions.tf => versions.tf (64%) diff --git a/_example/basic/example.tf b/_example/basic/example.tf deleted file mode 100644 index 1fd0327..0000000 --- a/_example/basic/example.tf +++ /dev/null @@ -1,86 +0,0 @@ -provider "aws" { - region = "eu-west-1" -} - -module "api-gateway" { - source = "../../" - name = "api-gateway" - environment = "test" - label_order = ["name", "environment"] - enabled = true - - # Api Gateway Resource - path_parts = ["mytestresource"] - - ##endpoint_configuration - types = ["PRIVATE"] - - # Api Gateway Method - method_enabled = true - http_methods = ["GET"] - - # Api Gateway Integration - cache_key_parameters = [""] - integration_types = ["MOCK"] - integration_http_methods = [] - uri = [""] - integration_request_parameters = [{ - "integration.request.header.X-Authorization" = "'static'" - }] - request_templates = [{ - "application/xml" = < - - $inputRoot.body - -EOF - }] - - # Api Gateway Deployment - deployment_enabled = true - stage_name = "deploy" - - # Api Gateway Stage - stage_enabled = true - stage_names = ["qa"] - ## Api Policy - - api_policy = data.aws_iam_policy_document.test.json - -} - -data "aws_iam_policy_document" "test" { - statement { - effect = "Allow" - - principals { - type = "AWS" - identifiers = ["*"] - } - - actions = ["execute-api:Invoke"] - resources = [module.api-gateway.execution_arn] - - condition { - test = "IpAddress" - variable = "aws:SourceIp" - values = ["123.123.123.123/32"] - } - } -} diff --git a/_example/basic/outputs.tf b/_example/basic/outputs.tf deleted file mode 100644 index 1b1d65a..0000000 --- a/_example/basic/outputs.tf +++ /dev/null @@ -1,17 +0,0 @@ -# Module : Route53 -# Description : Terraform module to create Route53 resource on AWS for managing queue. -output "arn" { - value = module.api-gateway.*.execution_arn - description = "The Execution ARN of the REST API." -} - -output "invoke_url" { - value = module.api-gateway.invoke_url - description = " Input's URI. Required if type is AWS, AWS_PROXY, HTTP or HTTP_PROXY. For HTTP integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification " - sensitive = true -} - -output "stage_name" { - value = module.api-gateway.stage_name - description = "Name of the stage to create with this deployment. If the specified stage already exists, it will be updated to point to the new deployment." -} \ No newline at end of file diff --git a/_example/basic/versions.tf b/_example/basic/versions.tf deleted file mode 100644 index cbc6f9c..0000000 --- a/_example/basic/versions.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Terraform version -terraform { - required_version = ">= 1.3.6" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 4.48.0" - } - } -} \ No newline at end of file diff --git a/_example/complete/example.tf b/_example/complete/example.tf deleted file mode 100644 index 2135e93..0000000 --- a/_example/complete/example.tf +++ /dev/null @@ -1,111 +0,0 @@ -provider "aws" { - region = "eu-west-1" -} - -module "api-gateway" { - source = "../../" - - name = "api-gateway" - environment = "test" - label_order = ["name", "environment"] - enabled = true - - # Api Gateway Resource - path_parts = ["mytestresource", "mytestresource1"] - - # Api Gateway Method - method_enabled = true - http_methods = ["GET", "GET"] - - # Api Gateway Integration - integration_types = ["MOCK", "AWS_PROXY"] - integration_http_methods = ["POST", "POST"] - uri = ["", "arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:012345678901:function:test/invocations"] - integration_request_parameters = [{ - "integration.request.header.X-Authorization" = "'static'" - }, {}] - request_templates = [{ - "application/xml" = < - - $inputRoot.body - -EOF - }, {}] - - # Api Gateway Deployment - deployment_enabled = true - stage_name = "deploy" - - # Api Gateway Stage - stage_enabled = true - stage_names = ["qa", "dev"] - - # Api Gateway Client Certificate - cert_enabled = true - cert_description = "clouddrove" - - # Api Gateway Authorizer - authorizer_count = 2 - authorizer_names = ["test", "test1"] - authorizer_uri = ["arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:test/invocations", "arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:test/invocations"] - authorizer_credentials = ["arn:aws:iam::123144197303:role/alarm-lambda-role", "arn:aws:iam::123456789098:role/lambda-role"] - identity_sources = ["method.request.header.Authorization", "method.request.header.Authorization"] - identity_validation_expressions = ["sfdgfhghrfdsdas", ""] - authorizer_types = ["TOKEN", "REQUEST"] - - # Api Gateway Gateway Response - gateway_response_count = 2 - response_types = ["UNAUTHORIZED", "RESOURCE_NOT_FOUND"] - gateway_status_codes = ["401", "404"] - - # Api Gateway Model - model_count = 2 - model_names = ["test", "test1"] - content_types = ["application/json", "application/json"] - - # Api Gateway Api Key - key_count = 2 - key_names = ["test", "test1"] - - ## Api Policy - - api_policy = data.aws_iam_policy_document.test.json - -} - -data "aws_iam_policy_document" "test" { - statement { - effect = "Allow" - - principals { - type = "AWS" - identifiers = ["*"] - } - - actions = ["execute-api:Invoke"] - resources = [module.api-gateway.execution_arn] - - condition { - test = "IpAddress" - variable = "aws:SourceIp" - values = ["123.123.123.123/32"] - } - } -} \ No newline at end of file diff --git a/_example/complete/outputs.tf b/_example/complete/outputs.tf deleted file mode 100644 index 434c97d..0000000 --- a/_example/complete/outputs.tf +++ /dev/null @@ -1,6 +0,0 @@ -# Module : Route53 -# Description : Terraform module to create Route53 resource on AWS for managing queue. -output "arn" { - value = module.api-gateway.*.execution_arn - description = "The Execution ARN of the REST API." -} diff --git a/_example/example.tf b/_example/example.tf new file mode 100644 index 0000000..357e47a --- /dev/null +++ b/_example/example.tf @@ -0,0 +1,80 @@ +####---------------------------------------------------------------------------------- +## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS. +####---------------------------------------------------------------------------------- +provider "aws" { + region = "eu-west-1" +} +####---------------------------------------------------------------------------------- +## A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center. +####---------------------------------------------------------------------------------- +module "vpc" { + source = "clouddrove/vpc/aws" + version = "1.3.1" + + name = "vpc" + environment = "test" + label_order = ["name", "environment"] + + cidr_block = "172.16.0.0/16" +} + +####---------------------------------------------------------------------------------- +## A subnet is a range of IP addresses in your VPC. +####---------------------------------------------------------------------------------- +module "public_subnets" { + source = "clouddrove/subnet/aws" + version = "1.3.0" + + name = "public-subnet" + environment = "test" + label_order = ["name", "environment"] + + availability_zones = ["eu-west-1b", "eu-west-1c"] + vpc_id = module.vpc.vpc_id + cidr_block = module.vpc.vpc_cidr_block + type = "public" + igw_id = module.vpc.igw_id + ipv6_cidr_block = module.vpc.ipv6_cidr_block +} + +module "security_group" { + source = "clouddrove/security-group/aws" + version = "1.3.0" + + name = "security-group" + environment = "test" + protocol = "tcp" + label_order = ["environment", "name"] + vpc_id = module.vpc.vpc_id + allowed_ip = ["0.0.0.0/0"] + allowed_ports = [3306] +} + +module "acm" { + source = "clouddrove/acm/aws" + version = "1.3.0" + + name = "certificate" + environment = "test" + label_order = ["name", "environment"] + + enable_aws_certificate = true + domain_name = "test-clouddrove.com" + subject_alternative_names = ["www.test-clouddrove.com"] + validation_method = "DNS" + enable_dns_validation = false +} + +module "api_gateway" { + source = "./../" + + name = "api" + environment = "test" + label_order = ["environment", "name"] + + protocol_type = "HTTP" + domain_name = "test-clouddrove.com" + domain_name_certificate_arn = module.acm.arn + subnet_ids = tolist(module.public_subnets.public_subnet_id) + security_group_ids = [module.security_group.security_group_ids] +} \ No newline at end of file diff --git a/_example/outputs.tf b/_example/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/main.tf b/main.tf index 5720543..2192163 100644 --- a/main.tf +++ b/main.tf @@ -1,297 +1,250 @@ -## Managed By : CloudDrove -## Copyright @ CloudDrove. All Right Reserved. - -#Module : label -#Description : This terraform module is designed to generate consistent label names and tags -# for resources. You can use terraform-labels to implement a strict naming -# convention. module "labels" { source = "clouddrove/labels/aws" version = "1.3.0" - enabled = var.enabled name = var.name - repository = var.repository environment = var.environment managedby = var.managedby label_order = var.label_order - attributes = var.attributes + repository = var.repository } -# Module : Api Gateway -# Description : Terraform module to create Api Gateway resource on AWS for creatng api. -resource "aws_api_gateway_rest_api" "default" { - count = var.enabled ? 1 : 0 +resource "aws_apigatewayv2_api" "default" { + count = var.enabled && var.create_api_gateway_enabled ? 1 : 0 + + name = format("%s-api", module.labels.id) + description = var.api_description + protocol_type = var.protocol_type + version = var.api_version + body = var.body + + route_selection_expression = var.route_selection_expression + api_key_selection_expression = var.api_key_selection_expression - name = module.labels.id - description = var.description - binary_media_types = var.binary_media_types - minimum_compression_size = var.minimum_compression_size - api_key_source = var.api_key_source + route_key = var.route_key + credentials_arn = var.credentials_arn + target = var.target - endpoint_configuration { - types = var.types - vpc_endpoint_ids = length(var.vpc_endpoint_ids) > 0 && var.vpc_endpoint_ids[0] != "" ? var.vpc_endpoint_ids : null + dynamic "cors_configuration" { + for_each = var.cors_configuration + + content { + allow_credentials = lookup(cors_configuration.value.allow_credentials, null) + allow_headers = lookup(cors_configuration.value.allow_headers, null) + allow_methods = lookup(cors_configuration.value.allow_methods, null) + allow_origins = lookup(cors_configuration.value.allow_origins, null) + expose_headers = lookup(cors_configuration.value.expose_headers, null) + max_age = lookup(cors_configuration.value.max_age, null) + } } - tags = var.tags + + tags = merge( + module.labels.tags, + { + "Name" = format("%s", module.labels.id) + } + ) } +resource "aws_apigatewayv2_domain_name" "default" { + count = var.enabled && var.create_api_domain_name_enabled ? 1 : 0 -resource "aws_api_gateway_rest_api_policy" "test" { - rest_api_id = join("", aws_api_gateway_rest_api.default.*.id) - policy = var.api_policy -} + domain_name = var.domain_name -# Module : Api Gateway Resource -# Description : Terraform module to create Api Gateway resource on AWS. -resource "aws_api_gateway_resource" "default" { - count = length(var.path_parts) > 0 ? length(var.path_parts) : 0 + domain_name_configuration { + certificate_arn = var.domain_name_certificate_arn + ownership_verification_certificate_arn = var.domain_name_ownership_verification_certificate_arn + endpoint_type = "REGIONAL" + security_policy = "TLS_1_2" + } - rest_api_id = aws_api_gateway_rest_api.default.*.id[0] - parent_id = aws_api_gateway_rest_api.default.*.root_resource_id[0] - path_part = element(var.path_parts, count.index) -} + dynamic "mutual_tls_authentication" { + for_each = var.mutual_tls_authentication -# Module : Api Gateway Model -# Description : Terraform module to create Api Gateway model on AWS. -resource "aws_api_gateway_model" "default" { - count = var.model_count > 0 ? var.model_count : 0 - rest_api_id = aws_api_gateway_rest_api.default.*.id[0] - name = element(var.model_names, count.index) - description = length(var.model_descriptions) > 0 ? element(var.model_descriptions, count.index) : "" - content_type = element(var.content_types, count.index) - - schema = length(var.model_schemas) > 0 ? element(var.model_schemas, count.index) : < 0 ? length(var.path_parts) : 0 - - rest_api_id = aws_api_gateway_rest_api.default.*.id[0] - resource_id = aws_api_gateway_resource.default.*.id[count.index] - http_method = element(var.http_methods, count.index) - authorization = length(var.authorizations) > 0 ? element(var.authorizations, count.index) : "NONE" - authorizer_id = length(var.authorizer_ids) > 0 ? element(var.authorizer_ids, count.index) : (var.authorizer_count > 0 ? aws_api_gateway_authorizer.default.*.id[count.index] : null) - authorization_scopes = length(var.authorization_scopes) > 0 ? element(var.authorization_scopes, count.index) : null - api_key_required = length(var.api_key_requireds) > 0 ? element(var.api_key_requireds, count.index) : null - request_models = length(var.request_models) > 0 ? element(var.request_models, count.index) : { "application/json" = "Empty" } - request_validator_id = length(var.request_validator_ids) > 0 ? element(var.request_validator_ids, count.index) : null - request_parameters = length(var.request_parameters) > 0 ? element(var.request_parameters, count.index) : {} + tags = merge( + module.labels.tags, + { + "Name" = format("%s-domain", module.labels.id) + } + ) } +resource "aws_route53_record" "default" { + count = var.enabled ? 1 : 0 -# Module : Api Gateway Integration -# Description : Terraform module to create Api Gateway Integration resource on AWS. -resource "aws_api_gateway_integration" "default" { - count = length(aws_api_gateway_method.default.*.id) - rest_api_id = aws_api_gateway_rest_api.default.*.id[0] - resource_id = aws_api_gateway_resource.default.*.id[count.index] - http_method = aws_api_gateway_method.default.*.http_method[count.index] - integration_http_method = length(var.integration_http_methods) > 0 ? element(var.integration_http_methods, count.index) : null - type = length(var.integration_types) > 0 ? element(var.integration_types, count.index) : "AWS_PROXY" - connection_type = length(var.connection_types) > 0 ? element(var.connection_types, count.index) : "INTERNET" - connection_id = length(var.connection_ids) > 0 ? element(var.connection_ids, count.index) : "" - uri = length(var.uri) > 0 ? element(var.uri, count.index) : "" - credentials = length(var.credentials) > 0 ? element(var.credentials, count.index) : "" - request_parameters = length(var.integration_request_parameters) > 0 ? element(var.integration_request_parameters, count.index) : {} - request_templates = length(var.request_templates) > 0 ? element(var.request_templates, count.index) : {} - passthrough_behavior = length(var.passthrough_behaviors) > 0 ? element(var.passthrough_behaviors, count.index) : null - cache_key_parameters = length(var.cache_key_parameters) > 0 ? var.cache_key_parameters : [] - cache_namespace = length(var.cache_namespaces) > 0 ? element(var.cache_namespaces, count.index) : "" - content_handling = length(var.content_handlings) > 0 ? element(var.content_handlings, count.index) : null - timeout_milliseconds = length(var.timeout_milliseconds) > 0 ? element(var.timeout_milliseconds, count.index) : 29000 - depends_on = [aws_api_gateway_method.default] -} + name = join("", aws_apigatewayv2_domain_name.default.*.domain_name) + type = "A" + zone_id = "Z08295059QJZ2CJCU2HZ" -# Module : Api Gateway Method Response -# Description : Terraform module to create Api Gateway Method Response resource on AWS. -resource "aws_api_gateway_method_response" "default" { - count = length(aws_api_gateway_method.default.*.id) - rest_api_id = aws_api_gateway_rest_api.default.*.id[0] - resource_id = aws_api_gateway_resource.default.*.id[count.index] - http_method = aws_api_gateway_method.default.*.http_method[count.index] - status_code = element(var.status_codes, count.index) - response_models = length(var.response_models) > 0 ? element(var.response_models, count.index) : {} - response_parameters = length(var.response_parameters) > 0 ? element(var.response_parameters, count.index) : {} + alias { + name = join("", aws_apigatewayv2_domain_name.default.*.domain_name_configuration[0].*.target_domain_name) + zone_id = join("", aws_apigatewayv2_domain_name.default.*.domain_name_configuration[0].*.hosted_zone_id) + evaluate_target_health = false + } } -# Module : Api Gateway Integration Response -# Description : Terraform module to create Api Gateway Integration Response resource on AWS for creating api. -resource "aws_api_gateway_integration_response" "default" { - count = length(aws_api_gateway_integration.default.*.id) - rest_api_id = aws_api_gateway_rest_api.default.*.id[0] - resource_id = aws_api_gateway_resource.default.*.id[count.index] - http_method = aws_api_gateway_method.default.*.http_method[count.index] - status_code = aws_api_gateway_method_response.default.*.status_code[count.index] - - response_parameters = length(var.integration_response_parameters) > 0 ? element(var.integration_response_parameters, count.index) : {} - response_templates = length(var.response_templates) > 0 ? element(var.response_templates, count.index) : {} - content_handling = length(var.response_content_handlings) > 0 ? element(var.response_content_handlings, count.index) : null -} -resource "aws_api_gateway_method" "options_method" { - count = length(var.path_parts) > 0 ? length(var.path_parts) : 0 - rest_api_id = aws_api_gateway_rest_api.default.*.id[0] - resource_id = aws_api_gateway_resource.default.*.id[count.index] - http_method = "OPTIONS" - authorization = "NONE" -} +resource "aws_apigatewayv2_stage" "default" { + count = var.enabled && var.create_default_stage_enabled ? 1 : 0 -resource "aws_api_gateway_method_response" "options_200" { - count = length(aws_api_gateway_method.default.*.id) - rest_api_id = aws_api_gateway_rest_api.default.*.id[0] - resource_id = aws_api_gateway_resource.default.*.id[count.index] - http_method = aws_api_gateway_method.options_method.*.http_method[count.index] - status_code = "200" + api_id = aws_apigatewayv2_api.default[0].id + name = "$default" + auto_deploy = true - response_models = { "application/json" = "Empty" } + dynamic "access_log_settings" { + for_each = var.access_log_settings - response_parameters = { - "method.response.header.Access-Control-Allow-Origin" = true - "method.response.header.Access-Control-Allow-Headers" = true - "method.response.header.Access-Control-Allow-Methods" = true - "method.response.header.Access-Control-Allow-Credentials" = true + content { + destination_arn = var.default_stage_access_log_destination_arn + format = var.default_stage_access_log_format + } } - depends_on = [aws_api_gateway_method.options_method] -} + dynamic "default_route_settings" { + for_each = var.default_route_settings -resource "aws_api_gateway_integration" "options_integration" { - count = length(aws_api_gateway_method.default.*.id) - rest_api_id = aws_api_gateway_rest_api.default.*.id[0] - resource_id = aws_api_gateway_resource.default.*.id[count.index] - http_method = aws_api_gateway_method.options_method.*.http_method[count.index] + content { + data_trace_enabled = lookup(default_route_settings.value.data_trace_enabled, false) + logging_level = lookup(default_route_settings.value.logging_level, null) - type = "MOCK" - content_handling = "CONVERT_TO_TEXT" + detailed_metrics_enabled = lookup(default_route_settings.value.detailed_metrics_enabled, false) + throttling_burst_limit = lookup(default_route_settings.value.throttling_burst_limit, null) + throttling_rate_limit = lookup(default_route_settings.value.throttling_rate_limit, null) + } + } - depends_on = [aws_api_gateway_method.options_method] -} + dynamic "route_settings" { + for_each = var.route_settings -resource "aws_api_gateway_integration_response" "options_integration_response" { - count = length(aws_api_gateway_integration.options_integration.*.id) - rest_api_id = aws_api_gateway_rest_api.default.*.id[0] - resource_id = aws_api_gateway_resource.default.*.id[count.index] - http_method = aws_api_gateway_method.options_method.*.http_method[count.index] - status_code = aws_api_gateway_method_response.options_200.*.status_code[count.index] - - response_parameters = { - "method.response.header.Access-Control-Allow-Origin" = "'*'" - "method.response.header.Access-Control-Allow-Headers" = "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'" - "method.response.header.Access-Control-Allow-Methods" = "'OPTIONS,DELETE,GET,HEAD,PATCH,POST,PUT'" + content { + route_key = route_settings.key + data_trace_enabled = lookup(route_settings.value, "data_trace_enabled", false) + logging_level = lookup(route_settings.value, "logging_level", null) + + detailed_metrics_enabled = lookup(route_settings.value, "detailed_metrics_enabled", false) + throttling_burst_limit = lookup(route_settings.value, "throttling_burst_limit", null) + throttling_rate_limit = lookup(route_settings.value, "throttling_rate_limit", null) + } } - depends_on = [ - aws_api_gateway_method_response.options_200, - aws_api_gateway_integration.options_integration, - ] -} -# Module : Api Gateway Deployment -# Description : Terraform module to create Api Gateway Deployment resource on AWS. -resource "aws_api_gateway_deployment" "default" { - count = var.deployment_enabled ? 1 : 0 - - rest_api_id = aws_api_gateway_rest_api.default.*.id[0] - stage_name = var.stage_name - description = var.description - stage_description = var.stage_description - variables = var.variables - depends_on = [aws_api_gateway_method.default, aws_api_gateway_integration.default] + tags = merge( + module.labels.tags, + { + "Name" = format("%s-stage", module.labels.id) + } + ) } -# Module : Api Gateway Client Certificate -# Description : Terraform module to create Api Gateway Client Certificate resource on AWS. -resource "aws_api_gateway_client_certificate" "default" { - count = var.cert_enabled ? 1 : 0 - description = var.cert_description +resource "aws_apigatewayv2_api_mapping" "default" { + count = var.enabled && var.apigatewayv2_api_mapping_enabled ? 1 : 0 + + api_id = join("", aws_apigatewayv2_api.default.*.id) + domain_name = join("", aws_apigatewayv2_domain_name.default.*.id) + stage = join("", aws_apigatewayv2_stage.default.*.id) } -# Module : Api Gateway Stage -# Description : Terraform module to create Api Gateway Stage resource on AWS. -resource "aws_api_gateway_stage" "default" { - count = var.deployment_enabled && var.stage_enabled && length(var.stage_names) > 0 ? length(var.stage_names) : 0 - - rest_api_id = aws_api_gateway_rest_api.default.*.id[0] - deployment_id = aws_api_gateway_deployment.default.*.id[0] - stage_name = element(var.stage_names, count.index) - cache_cluster_enabled = length(var.cache_cluster_enableds) > 0 ? element(var.cache_cluster_enableds, count.index) : false - cache_cluster_size = length(var.cache_cluster_sizes) > 0 ? element(var.cache_cluster_sizes, count.index) : null - client_certificate_id = length(var.client_certificate_ids) > 0 ? element(var.client_certificate_ids, count.index) : (var.cert_enabled ? aws_api_gateway_client_certificate.default.*.id[0] : "") - description = length(var.descriptions) > 0 ? element(var.descriptions, count.index) : "" - documentation_version = length(var.documentation_versions) > 0 ? element(var.documentation_versions, count.index) : null - variables = length(var.stage_variables) > 0 ? element(var.stage_variables, count.index) : {} - xray_tracing_enabled = length(var.xray_tracing_enabled) > 0 ? element(var.xray_tracing_enabled, count.index) : false +resource "aws_apigatewayv2_route" "default" { + for_each = var.enabled && var.create_routes_and_integrations_enabled ? var.integrations : {} + + api_id = aws_apigatewayv2_api.default[0].id + route_key = each.key + + api_key_required = try(each.value.api_key_required, null) + authorization_scopes = try(split(",", each.value.authorization_scopes), null) + authorization_type = try(each.value.authorization_type, "NONE") + authorizer_id = try(aws_apigatewayv2_authorizer.default[each.value.authorizer_key].id, each.value.authorizer_id, null) + model_selection_expression = try(each.value.model_selection_expression, null) + operation_name = try(each.value.operation_name, null) + route_response_selection_expression = try(each.value.route_response_selection_expression, null) + target = "integrations/${aws_apigatewayv2_integration.default[each.key].id}" + } -# Module : Api Gateway Stage -# Description : Terraform module to create Api Gateway Stage resource on AWS with logs -# enabled. -resource "aws_api_gateway_stage" "with_log" { - count = var.deployment_enabled && var.stage_enabled && var.api_log_enabled && length(var.stage_names) > 0 ? length(var.stage_names) : 0 - - rest_api_id = aws_api_gateway_rest_api.default.*.id[0] - deployment_id = aws_api_gateway_deployment.default.*.id[0] - stage_name = element(var.stage_names, count.index) - cache_cluster_enabled = length(var.cache_cluster_enableds) > 0 ? element(var.cache_cluster_enableds, count.index) : false - cache_cluster_size = length(var.cache_cluster_sizes) > 0 ? element(var.cache_cluster_sizes, count.index) : null - client_certificate_id = length(var.client_certificate_ids) > 0 ? element(var.client_certificate_ids, count.index) : (var.cert_enabled ? aws_api_gateway_client_certificate.default.*.id[0] : "") - description = length(var.descriptions) > 0 ? element(var.descriptions, count.index) : "" - documentation_version = length(var.documentation_versions) > 0 ? element(var.documentation_versions, count.index) : null - variables = length(var.stage_variables) > 0 ? element(var.stage_variables, count.index) : {} - xray_tracing_enabled = length(var.xray_tracing_enabled) > 0 ? element(var.xray_tracing_enabled, count.index) : false - access_log_settings { - destination_arn = element(var.destination_arns, count.index) - format = element(var.formats, count.index) +resource "aws_apigatewayv2_integration" "default" { + for_each = var.enabled && var.create_routes_and_integrations_enabled ? var.integrations : {} + + api_id = aws_apigatewayv2_api.default[0].id + description = lookup(each.value.description, null) + + integration_type = lookup(each.value.integration_type, lookup(each.value.lambda_arn, "") != "" ? "AWS_PROXY" : "MOCK") + integration_subtype = lookup(each.value.integration_subtype, null) + integration_method = lookup(each.value.integration_method, lookup(each.value.integration_subtype, null) == null ? "POST" : null) + integration_uri = lookup(each.value.lambda_arn, lookup(each.value.integration_uri, null)) + + connection_type = lookup(each.value.connection_type, "INTERNET") + connection_id = lookup(aws_apigatewayv2_vpc_link.this[each.value["vpc_link"]].id, lookup(each.value.connection_id, null)) + + payload_format_version = lookup(each.value.payload_format_version, null) + timeout_milliseconds = lookup(each.value.timeout_milliseconds, null) + passthrough_behavior = lookup(each.value.passthrough_behavior, null) + content_handling_strategy = lookup(each.value.content_handling_strategy, null) + credentials_arn = lookup(each.value.credentials_arn, null) + request_parameters = lookup(jsondecode(each.value["request_parameters"]), each.value["request_parameters"], null) + + dynamic "tls_config" { + for_each = flatten([lookup(jsondecode(each.value["tls_config"]), each.value["tls_config"], [])]) + + content { + server_name_to_verify = tls_config.value["server_name_to_verify"] + } + } + + dynamic "response_parameters" { + for_each = flatten([lookup(jsondecode(each.value["response_parameters"]), each.value["response_parameters"], [])]) + + content { + status_code = response_parameters.value["status_code"] + mappings = response_parameters.value["mappings"] + } } -} -# Module : Api Gateway Authorizer -# Description : Terraform module to create Api Gateway Authorizer resource on AWS. -resource "aws_api_gateway_authorizer" "default" { - count = var.authorizer_count > 0 ? var.authorizer_count : 0 - rest_api_id = aws_api_gateway_rest_api.default.*.id[0] - name = element(var.authorizer_names, count.index) - authorizer_uri = length(var.authorizer_uri) > 0 ? element(var.authorizer_uri, count.index) : "" - authorizer_credentials = length(var.authorizer_credentials) > 0 ? element(var.authorizer_credentials, count.index) : "" - authorizer_result_ttl_in_seconds = length(var.authorizer_result_ttl_in_seconds) > 0 ? element(var.authorizer_result_ttl_in_seconds, count.index) : 300 - identity_source = length(var.identity_sources) > 0 ? element(var.identity_sources, count.index) : "method.request.header.Authorization" - type = length(var.authorizer_types) > 0 ? element(var.authorizer_types, count.index) : "TOKEN" - identity_validation_expression = length(var.identity_validation_expressions) > 0 ? element(var.identity_validation_expressions, count.index) : "" - provider_arns = length(var.provider_arns) > 0 ? element(var.provider_arns, count.index) : null + lifecycle { + create_before_destroy = true + } } -# Module : Api Gateway Gateway Response -# Description : Terraform module to create Api Gateway Gateway Response resource on AWS. -resource "aws_api_gateway_gateway_response" "default" { - count = var.gateway_response_count > 0 ? var.gateway_response_count : 0 - rest_api_id = aws_api_gateway_rest_api.default.*.id[0] - response_type = element(var.response_types, count.index) - status_code = length(var.gateway_status_codes) > 0 ? element(var.gateway_status_codes, count.index) : "" +resource "aws_apigatewayv2_authorizer" "default" { + for_each = var.enabled && var.create_routes_and_integrations_enabled ? var.authorizers : {} - response_templates = length(var.gateway_response_templates) > 0 ? element(var.gateway_response_templates, count.index) : {} + api_id = aws_apigatewayv2_api.default[0].id - response_parameters = length(var.gateway_response_parameters) > 0 ? element(var.gateway_response_parameters, count.index) : {} -} + authorizer_type = lookup(each.value.authorizer_type, null) + identity_sources = lookup(flatten([each.value.identity_sources]), null) + name = lookup(each.value.name, null) + authorizer_uri = lookup(each.value.authorizer_uri, null) + authorizer_payload_format_version = lookup(each.value.authorizer_payload_format_version, null) + authorizer_result_ttl_in_seconds = lookup(each.value.authorizer_result_ttl_in_seconds, null) + authorizer_credentials_arn = lookup(each.value.authorizer_credentials_arn, null) + enable_simple_responses = lookup(each.value.enable_simple_responses, null) -# Module : Api Gateway VPC Link -# Description : Terraform module to create Api Gateway VPC Link resource on AWS. -resource "aws_api_gateway_vpc_link" "default" { - count = var.vpc_link_count > 0 ? var.vpc_link_count : 0 - name = element(var.vpc_link_names, count.index) - description = length(var.vpc_link_descriptions) > 0 ? element(var.vpc_link_descriptions, count.index) : "" - target_arns = [element(var.target_arns, count.index)] + # dynamic "jwt_configuration" { + # for_each = length(lookup(each.value.audience, [each.value.issuer], [])) > 0 ? [true] : [] + # + # content { + # audience = lookup(each.value.audience, null) + # issuer = lookup(each.value.issuer, null) + # } + # } } -# Module : Api Gateway Api Key -# Description : Terraform module to create Api Gateway Api Key resource on AWS. -resource "aws_api_gateway_api_key" "default" { - count = var.key_count > 0 ? var.key_count : 0 - name = element(var.key_names, count.index) - description = length(var.key_descriptions) > 0 ? element(var.key_descriptions, count.index) : "" - enabled = length(var.enableds) > 0 ? element(var.enableds, count.index) : true - value = length(var.values) > 0 ? element(var.values, count.index) : null +resource "aws_apigatewayv2_vpc_link" "this" { + for_each = var.enabled && var.create_vpc_link_enabled ? var.vpc_links : {} + + + name = format("%s", module.labels.id) + security_group_ids = var.security_group_ids + subnet_ids = var.subnet_ids + + tags = merge( + module.labels.tags, + { + "Name" = format("%s-vpc-link", module.labels.id) + } + ) } diff --git a/outputs.tf b/outputs.tf index 63f081e..e69de29 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,26 +0,0 @@ -# Module : Api Gateway -# Description : Terraform Api Gateway module outputs. -output "id" { - value = join("", aws_api_gateway_rest_api.default.*.id) - description = "The ID of the REST API." -} - -output "execution_arn" { - value = join("", aws_api_gateway_rest_api.default.*.execution_arn) - description = "The Execution ARN of the REST API." -} - -output "tags" { - value = module.labels.tags - description = "A mapping of tags to assign to the resource." -} - -output "invoke_url" { - value = join("", aws_api_gateway_integration.default.*.uri) - description = " Input's URI. Required if type is AWS, AWS_PROXY, HTTP or HTTP_PROXY. For HTTP integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification " -} - -output "stage_name" { - value = join("", aws_api_gateway_deployment.default.*.stage_name) - description = "Name of the stage to create with this deployment. If the specified stage already exists, it will be updated to point to the new deployment." -} \ No newline at end of file diff --git a/variables.tf b/variables.tf index 73f3a24..fc7c4bb 100644 --- a/variables.tf +++ b/variables.tf @@ -1,28 +1,19 @@ -#Module : LABEL -#Description : Terraform label module variables variable "name" { type = string default = "" description = "Name (e.g. `app` or `cluster`)." } -variable "repository" { +variable "environment" { type = string - default = "https://github.com/clouddrove/terraform-aws-api-gateway" - description = "Terraform current module repo" - - validation { - # regex(...) fails if it cannot find a match - condition = can(regex("^https://", var.repository)) - error_message = "The module-repo value must be a valid Git repo link." - } - + default = "" + description = "Environment (e.g. `prod`, `dev`, `staging`)." } -variable "environment" { +variable "repository" { type = string - default = "https://registry.terraform.io/modules/clouddrove/api-gateway/aws" - description = "Environment (e.g. `prod`, `dev`, `staging`)." + default = "" + description = "Terraform current module repo" } variable "label_order" { @@ -31,6 +22,12 @@ variable "label_order" { description = "Label order, e.g. `name`,`application`." } +variable "managedby" { + type = string + default = "hello@clouddrove.com" + description = "ManagedBy, eg 'CloudDrove'" +} + variable "attributes" { type = list(any) default = [] @@ -43,535 +40,190 @@ variable "tags" { description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)." } -variable "managedby" { - type = string - default = "hello@clouddrove.com" - description = "ManagedBy, eg 'CloudDrove'." -} - -# Module : Api Gateway -# Description : Terraform Api Gateway module variables. variable "enabled" { type = bool - default = false - description = "Whether to create rest api." -} - -variable "description" { - type = string - default = "" - description = "The description of the REST API " + default = true + description = "Flag to control the api creation." } -variable "binary_media_types" { - type = list(any) - default = ["UTF-8-encoded"] - description = "The list of binary media types supported by the RestApi. By default, the RestApi supports only UTF-8-encoded text payloads." -} - -variable "minimum_compression_size" { - type = number - default = -1 - description = "Minimum response size to compress for the REST API. Integer between -1 and 10485760 (10MB). Setting a value greater than -1 will enable compression, -1 disables compression (default)." +variable "create_api_gateway_enabled" { + type = bool + default = true + description = "Flag to control the api creation." } -variable "api_key_source" { +variable "api_description" { type = string - default = "HEADER" - description = "The source of the API key for requests. Valid values are HEADER (default) and AUTHORIZER." + default = "Manages an Amazon API Gateway Version 2 API." + description = "the description of the API." } -variable "types" { - type = list(any) - default = ["EDGE"] - description = "Whether to create rest api." -} - -variable "vpc_endpoint_ids" { - type = list(string) - default = ["", ] - description = "Set of VPC Endpoint identifiers. It is only supported for PRIVATE endpoint type." +variable "protocol_type" { + type = string + default = "HTTP" + description = "The API protocol. Valid values: HTTP, WEBSOCKET" } -variable "path_parts" { - type = list(any) - default = [] - description = "The last path segment of this API resource." +variable "api_version" { + type = string + default = null + description = "A version identifier for the API" } -variable "stage_enabled" { - type = bool - default = false - description = "Whether to create stage for rest api." +variable "body" { + type = string + default = null + description = "An OpenAPI specification that defines the set of routes and integrations to create as part of the HTTP APIs. Supported only for HTTP APIs." } -variable "deployment_enabled" { - type = bool - default = false - description = "Whether to deploy rest api." +variable "route_selection_expression" { + type = string + default = "$request.method $request.path" + description = "The route selection expression for the API." } -variable "api_log_enabled" { - type = bool - default = false - description = "Whether to enable log for rest api." +variable "api_key_selection_expression" { + type = string + default = "$request.header.x-api-key" + description = "An API key selection expression. Valid values: $context.authorizer.usageIdentifierKey, $request.header.x-api-key." } -variable "stage_name" { +variable "route_key" { type = string - default = "" - description = "The name of the stage. If the specified stage already exists, it will be updated to point to the new deployment. If the stage does not exist, a new one will be created and point to this deployment." + default = null + description = "Part of quick create. Specifies any route key. Applicable for HTTP APIs." } -variable "deploy_description" { +variable "credentials_arn" { type = string - default = "" - description = "The description of the deployment." + default = null + description = "Part of quick create. Specifies any credentials required for the integration. Applicable for HTTP APIs." } -variable "stage_description" { +variable "target" { type = string - default = "" - description = "The description of the stage." + default = null + description = "Part of quick create. Quick create produces an API with an integration, a default catch-all route, and a default stage which is configured to automatically deploy changes. For HTTP integrations, specify a fully qualified URL. For Lambda integrations, specify a function ARN. The type of the integration will be HTTP_PROXY or AWS_PROXY, respectively. Applicable for HTTP APIs." } -variable "variables" { - type = map(any) +variable "cors_configuration" { + type = any default = {} - description = "A map that defines variables for the stage." -} - -variable "method_enabled" { - type = bool - default = false - description = "Whether to create stage for rest api." -} - -variable "http_methods" { - type = list(any) - default = [] - description = "The HTTP Method (GET, POST, PUT, DELETE, HEAD, OPTIONS, ANY)." + description = "The cross-origin resource sharing (CORS) configuration. Applicable for HTTP APIs." } -variable "authorizations" { - type = list(any) - default = [] - description = "The type of authorization used for the method (NONE, CUSTOM, AWS_IAM, COGNITO_USER_POOLS)." -} - -variable "authorizer_ids" { - type = list(any) - default = [] - description = "The authorizer id to be used when the authorization is CUSTOM or COGNITO_USER_POOLS." -} - -variable "authorization_scopes" { - type = list(any) - default = [] - description = "The authorization scopes used when the authorization is COGNITO_USER_POOLS." - sensitive = true -} - -variable "api_key_requireds" { - type = list(any) - default = [] - description = "Specify if the method requires an API key." - sensitive = true -} - -variable "request_models" { - type = list(any) - default = [] - description = "A map of the API models used for the request's content type where key is the content type (e.g. application/json) and value is either Error, Empty (built-in models) or aws_api_gateway_model's name." -} - -variable "request_validator_ids" { - type = list(any) - default = [] - description = "The ID of a aws_api_gateway_request_validator." - sensitive = true -} - -variable "request_parameters" { - type = list(any) - default = [] - description = "A map of request query string parameters and headers that should be passed to the integration. For example: request_parameters = {\"method.request.header.X-Some-Header\" = true \"method.request.querystring.some-query-param\" = true} would define that the header X-Some-Header and the query string some-query-param must be provided in the request." -} - -variable "integration_http_methods" { - type = list(any) - default = [] - description = "The integration HTTP method (GET, POST, PUT, DELETE, HEAD, OPTIONs, ANY, PATCH) specifying how API Gateway will interact with the back end. Required if type is AWS, AWS_PROXY, HTTP or HTTP_PROXY. Not all methods are compatible with all AWS integrations. e.g. Lambda function can only be invoked via POST." -} - -variable "integration_types" { - type = list(any) - default = [] - description = "The integration input's type. Valid values are HTTP (for HTTP backends), MOCK (not calling any real backend), AWS (for AWS services), AWS_PROXY (for Lambda proxy integration) and HTTP_PROXY (for HTTP proxy integration). An HTTP or HTTP_PROXY integration with a connection_type of VPC_LINK is referred to as a private integration and uses a VpcLink to connect API Gateway to a network load balancer of a VPC." -} - -variable "connection_types" { - type = list(any) - default = [] - description = "The integration input's connectionType. Valid values are INTERNET (default for connections through the public routable internet), and VPC_LINK (for private connections between API Gateway and a network load balancer in a VPC)." - sensitive = true -} - -variable "connection_ids" { - type = list(any) - default = [] - description = "The id of the VpcLink used for the integration. Required if connection_type is VPC_LINK." - sensitive = true -} - -variable "uri" { - type = list(any) - default = [] - description = "The input's URI. Required if type is AWS, AWS_PROXY, HTTP or HTTP_PROXY. For HTTP integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification . For AWS integrations, the URI should be of the form arn:aws:apigateway:{region}:{subdomain.service|service}:{path|action}/{service_api}. region, subdomain and service are used to determine the right endpoint. e.g. arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:012345678901:function:my-func/invocations." - sensitive = true -} - -variable "credentials" { - type = list(any) - default = [] - description = "The credentials required for the integration. For AWS integrations, 2 options are available. To specify an IAM Role for Amazon API Gateway to assume, use the role's ARN. To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*." - sensitive = true -} - -variable "integration_request_parameters" { - type = list(any) - default = [] - description = "A map of request query string parameters and headers that should be passed to the backend responder. For example: request_parameters = { \"integration.request.header.X-Some-Other-Header\" = \"method.request.header.X-Some-Header\" }." -} - -variable "request_templates" { - type = list(any) - default = [] - description = "A map of the integration's request templates." - sensitive = true -} - -variable "passthrough_behaviors" { - type = list(any) - default = [] - description = "The integration passthrough behavior (WHEN_NO_MATCH, WHEN_NO_TEMPLATES, NEVER). Required if request_templates is used." -} - -variable "cache_key_parameters" { - type = list(string) - default = [""] - description = "A list of cache key parameters for the integration." - sensitive = true - -} - -variable "cache_namespaces" { - type = list(any) - default = [] - description = "The integration's cache namespace." - sensitive = true -} - -variable "content_handlings" { - type = list(any) - default = [] - description = "Specifies how to handle request payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT. If this property is not defined, the request payload will be passed through from the method request to integration request without modification, provided that the passthroughBehaviors is configured to support payload pass-through." -} - -variable "timeout_milliseconds" { - type = list(any) - default = [] - description = "Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds." -} - -variable "status_codes" { - type = list(any) - default = [] - description = "The HTTP status code." -} - -variable "response_models" { - type = list(any) - default = [] - description = "A map of the API models used for the response's content type." -} - -variable "response_parameters" { - type = list(any) - default = [] - description = "A map of response parameters that can be sent to the caller. For example: response_parameters = { \"method.response.header.X-Some-Header\" = true } would define that the header X-Some-Header can be provided on the response." -} - -variable "integration_response_parameters" { - type = list(any) - default = [] - description = "A map of response parameters that can be read from the backend response. For example: response_parameters = { \"method.response.header.X-Some-Header\" = \"integration.response.header.X-Some-Other-Header\" }." -} - -variable "response_templates" { - type = list(any) - default = [] - description = "A map specifying the templates used to transform the integration response body." -} - -variable "response_content_handlings" { - type = list(any) - default = [] - description = "Specifies how to handle request payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT. If this property is not defined, the response payload will be passed through from the integration response to the method response without modification." -} - -variable "stage_names" { - type = list(any) - default = [] - description = "The name of the stage." -} - -variable "cache_cluster_enableds" { - type = list(any) - default = [] - description = "Specifies whether a cache cluster is enabled for the stage." -} - -variable "cache_cluster_sizes" { - type = list(any) - default = [] - description = "The size of the cache cluster for the stage, if enabled. Allowed values include 0.5, 1.6, 6.1, 13.5, 28.4, 58.2, 118 and 237." +variable "mutual_tls_authentication" { + type = map(string) + default = {} + description = "An Amazon S3 URL that specifies the truststore for mutual TLS authentication as well as version, keyed at uri and version" } -variable "client_certificate_ids" { - type = list(any) - default = [] - description = "The identifier of a client certificate for the stage" - sensitive = true +variable "create_api_domain_name_enabled" { + type = bool + default = true + description = "Flag to control the domain creation." } -variable "descriptions" { - type = list(any) - default = [] - description = "The description of the stage." +variable "domain_name" { + type = string + default = null + description = "The domain name to use for API gateway" } -variable "documentation_versions" { - type = list(any) - default = [] - description = "The version of the associated API documentation." +variable "domain_name_certificate_arn" { + type = string + default = "" + description = "The ARN of an AWS-managed certificate that will be used by the endpoint for the domain name" } -variable "stage_variables" { - type = list(any) - default = [] - description = "A map that defines the stage variables." +variable "domain_name_ownership_verification_certificate_arn" { + type = string + default = null + description = "ARN of the AWS-issued certificate used to validate custom domain ownership (when certificate_arn is issued via an ACM Private CA or mutual_tls_authentication is configured with an ACM-imported certificate.)" } -variable "xray_tracing_enabled" { - type = list(any) - default = [] - description = "A mapping of tags to assign to the resource." +variable "route_settings" { + type = map(string) + default = {} + description = "Settings for default route" } -variable "destination_arns" { - type = list(any) - default = [] - description = "ARN of the log group to send the logs to. Automatically removes trailing :* if present." - sensitive = true +variable "access_log_settings" { + type = map(string) + default = {} + description = "Settings for default route" } -variable "formats" { - type = list(any) - default = [] - description = "The formatting and values recorded in the logs." +variable "default_route_settings" { + type = map(string) + default = {} + description = "Settings for default route" } -variable "cert_enabled" { +variable "create_default_stage_enabled" { type = bool - default = false - description = "Whether to create client certificate." + default = true + description = "Flag to control the stage creation." } -variable "cert_description" { +variable "default_stage_access_log_destination_arn" { type = string - default = "" - description = "The description of the client certificate." + default = null + description = "Default stage's ARN of the CloudWatch Logs log group to receive access logs. Any trailing :* is trimmed from the ARN." } -variable "authorizer_names" { - type = list(any) - default = [] - description = "The name of the authorizer." +variable "default_stage_access_log_format" { + type = string + default = null + description = "Default stage's single line format of the access logs of data, as specified by selected $context variables." } -variable "authorizer_uri" { - type = list(any) - default = [] - description = "The authorizer's Uniform Resource Identifier (URI). This must be a well-formed Lambda function URI in the form of arn:aws:apigateway:{region}:lambda:path/{service_api}, e.g. arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations." - sensitive = true +variable "apigatewayv2_api_mapping_enabled" { + type = bool + default = true + description = "Flag to control the mapping creation." } -variable "authorizer_credentials" { - type = list(any) - default = [] - description = "The credentials required for the authorizer. To specify an IAM Role for API Gateway to assume, use the IAM Role ARN." - sensitive = true +variable "create_routes_and_integrations_enabled" { + type = bool + default = true + description = "Whether to create routes and integrations resources" } -variable "authorizer_result_ttl_in_seconds" { - type = list(any) - default = [] - description = "The TTL of cached authorizer results in seconds. Defaults to 300." +variable "integrations" { + type = map(any) + default = {} + description = "Map of API gateway routes with integrations" } -variable "identity_sources" { - type = list(any) - default = [] - description = "The source of the identity in an incoming request. Defaults to method.request.header.Authorization. For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g. \"method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName\"." +variable "authorizers" { + type = map(any) + default = {} + description = "Map of API gateway authorizers" } -variable "authorizer_types" { - type = list(any) - default = [] - description = "The type of the authorizer. Possible values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, or COGNITO_USER_POOLS for using an Amazon Cognito user pool. Defaults to TOKEN." +variable "create_vpc_link_enabled" { + type = bool + default = true + description = "Whether to create VPC links" } -variable "identity_validation_expressions" { - type = list(any) - default = [] - description = "A validation expression for the incoming identity. For TOKEN type, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response." +variable "vpc_links" { + type = map(any) + default = {} + description = "Map of VPC Links details to create" } -variable "provider_arns" { - type = list(any) +variable "subnet_ids" { + type = list(string) default = [] - description = "required for type COGNITO_USER_POOLS) A list of the Amazon Cognito user pool ARNs. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}." + description = "A list of VPC Subnet IDs to launch in." sensitive = true } -variable "authorizer_count" { - type = number - default = 0 - description = "Number of count to create Authorizers for api." -} - -variable "gateway_response_count" { - type = number - default = 0 - description = "Number of count to create Gateway Response for api." -} - -variable "response_types" { - type = list(any) - default = [] - description = "The response type of the associated GatewayResponse." -} - -variable "gateway_status_codes" { - type = list(any) - default = [] - description = "The HTTP status code of the Gateway Response." -} - -variable "gateway_response_templates" { - type = list(any) - default = [] - description = "A map specifying the parameters (paths, query strings and headers) of the Gateway Response." -} - -variable "gateway_response_parameters" { - type = list(any) - default = [] - description = "A map specifying the templates used to transform the response body." -} - -variable "model_count" { - type = number - default = 0 - description = "Number of count to create Model for api." -} - -variable "model_names" { - type = list(any) - default = [] - description = "The name of the model." -} - -variable "model_descriptions" { - type = list(any) - default = [] - description = "The description of the model." -} - -variable "content_types" { - type = list(any) - default = [] - description = "The content type of the model." -} - -variable "schemas" { - type = list(any) - default = [] - description = "The schema of the model in a JSON form." -} - -variable "vpc_link_count" { - type = number - default = 0 - description = "Number of count to create VPC Link for api." -} - -variable "vpc_link_names" { - type = list(any) - default = [] - description = "The name used to label and identify the VPC link." -} - -variable "vpc_link_descriptions" { - type = list(any) - default = [] - description = "The description of the VPC link." -} - -variable "target_arns" { - type = list(any) +variable "security_group_ids" { + type = list(string) default = [] - description = "The list of network load balancer arns in the VPC targeted by the VPC link. Currently AWS only supports 1 target." + description = "A list of security group IDs to associate with." sensitive = true -} - -variable "key_count" { - type = number - default = 0 - description = "Number of count to create key for api gateway." -} - -variable "key_names" { - type = list(any) - default = [] - description = "The name of the API key." -} - -variable "key_descriptions" { - type = list(any) - default = [] - description = "The API key description. Defaults to \"Managed by Terraform\"." -} - -variable "enableds" { - type = list(any) - default = [] - description = "Specifies whether the API key can be used by callers. Defaults to true." -} - -variable "values" { - type = list(any) - default = [] - description = "The value of the API key. If not specified, it will be automatically generated by AWS on creation." -} - -variable "api_policy" { - default = null - description = "The policy document." -} - -variable "model_schemas" { - default = [] - description = "The schema of the model in a JSON form." -} +} \ No newline at end of file diff --git a/_example/complete/versions.tf b/versions.tf similarity index 64% rename from _example/complete/versions.tf rename to versions.tf index cbc6f9c..9317499 100644 --- a/_example/complete/versions.tf +++ b/versions.tf @@ -1,11 +1,11 @@ # Terraform version terraform { - required_version = ">= 1.3.6" + required_version = ">= 1.4.6" required_providers { aws = { source = "hashicorp/aws" - version = ">= 4.48.0" + version = ">= 5.1.0" } } } \ No newline at end of file From 5d2ef92e1a19245847519066d42879c62a90fa17 Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Tue, 4 Jul 2023 20:59:25 +0530 Subject: [PATCH 45/82] feat: added output.tf --- _example/example.tf | 12 +++++++----- _example/outputs.tf | 19 +++++++++++++++++++ main.tf | 2 +- outputs.tf | 19 +++++++++++++++++++ 4 files changed, 46 insertions(+), 6 deletions(-) diff --git a/_example/example.tf b/_example/example.tf index 357e47a..dda9c64 100644 --- a/_example/example.tf +++ b/_example/example.tf @@ -72,9 +72,11 @@ module "api_gateway" { environment = "test" label_order = ["environment", "name"] - protocol_type = "HTTP" - domain_name = "test-clouddrove.com" - domain_name_certificate_arn = module.acm.arn - subnet_ids = tolist(module.public_subnets.public_subnet_id) - security_group_ids = [module.security_group.security_group_ids] + protocol_type = "HTTP" + domain_name = "test-clouddrove.com" + domain_name_certificate_arn = module.acm.arn + subnet_ids = tolist(module.public_subnets.public_subnet_id) + security_group_ids = [module.security_group.security_group_ids] + route_selection_expression = "$request.method $request.path" + api_key_selection_expression = "$request.header.x-api-key" } \ No newline at end of file diff --git a/_example/outputs.tf b/_example/outputs.tf index e69de29..2f90d7d 100644 --- a/_example/outputs.tf +++ b/_example/outputs.tf @@ -0,0 +1,19 @@ +output "api_id" { + value = join("", module.api_gateway.*.api_id) + description = "The API identifier." +} + +output "api_endpoint" { + value = join("", module.api_gateway.*.api_endpoint) + description = "The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com." +} + +output "invoke_url" { + value = join("", module.api_gateway.*.invoke_url) + description = "URL to invoke the API pointing to the stage" +} + +output "integration_response_selection_expression" { + value = join("", module.api_gateway.*.integration_response_selection_expression) + description = "The integration response selection expression for the integration." +} \ No newline at end of file diff --git a/main.tf b/main.tf index 2192163..0ff2010 100644 --- a/main.tf +++ b/main.tf @@ -77,7 +77,7 @@ resource "aws_apigatewayv2_domain_name" "default" { resource "aws_route53_record" "default" { count = var.enabled ? 1 : 0 - name = join("", aws_apigatewayv2_domain_name.default.*.domain_name) + name = join("", aws_apigatewayv2_domain_name.default.*.domain_name) type = "A" zone_id = "Z08295059QJZ2CJCU2HZ" diff --git a/outputs.tf b/outputs.tf index e69de29..c1ff4cb 100644 --- a/outputs.tf +++ b/outputs.tf @@ -0,0 +1,19 @@ +output "api_id" { + value = join("", aws_apigatewayv2_api.default.*.id) + description = "The API identifier." +} + +output "api_endpoint" { + value = join("", aws_apigatewayv2_api.default.*.api_endpoint) + description = "The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com." +} + +output "invoke_url" { + value = join("", aws_apigatewayv2_stage.default.*.invoke_url) + description = "URL to invoke the API pointing to the stage" +} + +output "integration_response_selection_expression" { + value = join("", aws_apigatewayv2_integration.default.*.integration_response_selection_expression) + description = "The integration response selection expression for the integration." +} \ No newline at end of file From b3b36f7b78ee35471fe089557e2a59cfa0338563 Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Tue, 11 Jul 2023 21:31:34 +0530 Subject: [PATCH 46/82] feat: added lambda function routes --- _example/example.tf | 112 +++++++++++++++++++++++- _example/lambda-test.zip | Bin 0 -> 330 bytes _example/lambda_packages/index.py | 14 +++ _example/outputs.tf | 8 +- main.tf | 137 ++++++++++-------------------- outputs.tf | 8 +- variables.tf | 20 +++++ 7 files changed, 196 insertions(+), 103 deletions(-) create mode 100644 _example/lambda-test.zip create mode 100644 _example/lambda_packages/index.py diff --git a/_example/example.tf b/_example/example.tf index dda9c64..94dd9f9 100644 --- a/_example/example.tf +++ b/_example/example.tf @@ -50,6 +50,42 @@ module "security_group" { allowed_ports = [3306] } +module "iam-role" { + source = "clouddrove/iam-role/aws" + version = "1.3.0" + + name = "iam-role" + environment = "test" + label_order = ["name", "environment"] + assume_role_policy = data.aws_iam_policy_document.default.json + policy_enabled = true + policy = data.aws_iam_policy_document.iam-policy.json +} + +data "aws_iam_policy_document" "default" { + statement { + effect = "Allow" + actions = ["sts:AssumeRole"] + principals { + type = "Service" + identifiers = ["ec2.amazonaws.com"] + } + } +} + +data "aws_iam_policy_document" "iam-policy" { + statement { + actions = [ + "ssm:UpdateInstanceInformation", + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel"] + effect = "Allow" + resources = ["*"] + } +} + module "acm" { source = "clouddrove/acm/aws" version = "1.3.0" @@ -59,12 +95,51 @@ module "acm" { label_order = ["name", "environment"] enable_aws_certificate = true - domain_name = "test-clouddrove.com" - subject_alternative_names = ["www.test-clouddrove.com"] + domain_name = "example.cam" + subject_alternative_names = ["*.example.cam"] validation_method = "DNS" enable_dns_validation = false } +module "lambda" { + source = "clouddrove/lambda/aws" + version = "1.3.0" + + name = "lambda" + environment = "test" + label_order = ["name", "environment"] + + enabled = true + timeout = 60 + filename = "./lambda_packages" + handler = "index.lambda_handler" + runtime = "python3.8" + iam_actions = [ + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:PutLogEvents" + ] + names = [ + "python_layer" + ] + layer_filenames = ["./lambda-test.zip"] + compatible_runtimes = [ + ["python3.8"] + ] + statement_ids = [ + "AllowExecutionFromCloudWatch" + ] + actions = [ + "lambda:InvokeFunction" + ] + principals = [ + "events.amazonaws.com" + ] + source_arns = [module.iam-role.arn] + variables = { + foo = "bar" + } +} module "api_gateway" { source = "./../" @@ -73,10 +148,41 @@ module "api_gateway" { label_order = ["environment", "name"] protocol_type = "HTTP" - domain_name = "test-clouddrove.com" + domain_name = "example.cam" domain_name_certificate_arn = module.acm.arn subnet_ids = tolist(module.public_subnets.public_subnet_id) security_group_ids = [module.security_group.security_group_ids] route_selection_expression = "$request.method $request.path" api_key_selection_expression = "$request.header.x-api-key" + cors_configuration = { + allow_credentials = true + allow_headers = [] + allow_methods = ["GET", "OPTIONS", "POST"] + allow_origins = [] + expose_headers = [] + max_age = 5 + } + integrations = { + + "ANY /" = { + lambda_arn = module.lambda.arn + payload_format_version = "2.0" + timeout_milliseconds = 12000 + } + + "GET /some-route-with-authorizer" = { + lambda_arn = module.lambda.arn + payload_format_version = "2.0" + authorizer_key = "cognito" + } + "POST /start-step-function" = { + lambda_arn = module.lambda.arn + payload_format_version = "2.0" + authorizer_key = "cognito" + + } + } + iam_arns = module.iam-role.arn + integration_uri = module.lambda.arn + zone_id = "1233xxxxxxxxxxxxxxxx" } \ No newline at end of file diff --git a/_example/lambda-test.zip b/_example/lambda-test.zip new file mode 100644 index 0000000000000000000000000000000000000000..8589034317795bcd093cef4cc5e4ede7405282fc GIT binary patch literal 330 zcmWIWW@Zs#-~d7f2E{HQ0S6$F%)FG;3cZ5Ln0`m^BL)Jk?|+Iq>+R-#y{m$!VuI_D z?n7D?0-86^W+=b)@mO|L>F@hV5jlp-#qUj@{=G)pf~z2C@-H7BFUy+tW82izSKpeH zZLn^m`y|~tGgqipef#}3=W2%Ru_b4l^p7dl`xkw*Y5C)ITR^IQ+oPF!#gc#9`@44t z?{=JhsqFbKvn5~m-+27KrE{j(*}&OK?q7u&825& iW`zHd 0 ? [true] : [] - # - # content { - # audience = lookup(each.value.audience, null) - # issuer = lookup(each.value.issuer, null) - # } - # } } resource "aws_apigatewayv2_vpc_link" "this" { for_each = var.enabled && var.create_vpc_link_enabled ? var.vpc_links : {} - name = format("%s", module.labels.id) security_group_ids = var.security_group_ids subnet_ids = var.subnet_ids - tags = merge( module.labels.tags, { @@ -248,3 +186,18 @@ resource "aws_apigatewayv2_vpc_link" "this" { } ) } + +resource "aws_apigatewayv2_authorizer" "some_authorizer" { + api_id = aws_apigatewayv2_api.default[0].id + authorizer_type = "JWT" + identity_sources = ["$request.header.Authorization"] + name = "testtt" + jwt_configuration { + audience = ["example"] + issuer = "https://${aws_cognito_user_pool.this.endpoint}" + } +} + +resource "aws_cognito_user_pool" "this" { + name = "user-pool" +} \ No newline at end of file diff --git a/outputs.tf b/outputs.tf index c1ff4cb..56027f6 100644 --- a/outputs.tf +++ b/outputs.tf @@ -13,7 +13,7 @@ output "invoke_url" { description = "URL to invoke the API pointing to the stage" } -output "integration_response_selection_expression" { - value = join("", aws_apigatewayv2_integration.default.*.integration_response_selection_expression) - description = "The integration response selection expression for the integration." -} \ No newline at end of file +#output "integration_response_selection_expression" { +# value = aws_apigatewayv2_integration.default.*.integration_response_selection_expression +# description = "The integration response selection expression for the integration." +#} \ No newline at end of file diff --git a/variables.tf b/variables.tf index fc7c4bb..865c265 100644 --- a/variables.tf +++ b/variables.tf @@ -226,4 +226,24 @@ variable "security_group_ids" { default = [] description = "A list of security group IDs to associate with." sensitive = true +} + +variable "zone_id" { + type = string + default = "" +} +variable "iam_arns" { + type = string + default = "" +} + +variable "integration_uri" { + type = string + default = "" + description = "The path to the function's deployment package within the local filesystem. If defined, The s3_-prefixed options cannot be used." +} +variable "integration_type" { + type = list(any) + default = [] + description = "Label order, e.g. `name`,`application`." } \ No newline at end of file From 20cecef6798dbfa3d634996b8f57a7f1e287b3f0 Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Wed, 12 Jul 2023 18:05:00 +0530 Subject: [PATCH 47/82] feat: code dynamic and add resource, variable description --- .github/CODEOWNERS | 2 + .github/PULL_REQUEST_TEMPLATE.md | 12 + .github/dependabot.yml | 2 +- .github/workflows/auto_assignee.yml | 14 ++ .github/workflows/changelog.yml | 2 +- .github/workflows/readme.yml | 16 +- .github/workflows/terraform.yml | 85 ------- .github/workflows/terratest.yml | 40 ---- .github/workflows/tf-checks.yml | 15 ++ .github/workflows/tflint.yml | 11 + .github/workflows/tfsec.yml | 2 +- README.yaml | 219 ++++++------------ _examples/complete/example.tf | 106 +++++++++ .../complete}/lambda-test.zip | Bin .../complete}/lambda_packages/index.py | 0 {_example => _examples/complete}/outputs.tf | 12 +- .../vpc_link_api}/example.tf | 68 ++---- _examples/vpc_link_api/lambda-test.zip | Bin 0 -> 330 bytes .../vpc_link_api/lambda_packages/index.py | 14 ++ _examples/vpc_link_api/outputs.tf | 19 ++ _test/basic/api_gateway_test.go | 33 --- _test/complete/api_gateway_test.go | 33 --- main.tf | 66 ++++-- outputs.tf | 12 +- variables.tf | 61 +++-- 25 files changed, 404 insertions(+), 440 deletions(-) create mode 100644 .github/CODEOWNERS create mode 100644 .github/PULL_REQUEST_TEMPLATE.md create mode 100644 .github/workflows/auto_assignee.yml delete mode 100644 .github/workflows/terraform.yml delete mode 100644 .github/workflows/terratest.yml create mode 100644 .github/workflows/tf-checks.yml create mode 100644 .github/workflows/tflint.yml create mode 100644 _examples/complete/example.tf rename {_example => _examples/complete}/lambda-test.zip (100%) rename {_example => _examples/complete}/lambda_packages/index.py (100%) rename {_example => _examples/complete}/outputs.tf (66%) rename {_example => _examples/vpc_link_api}/example.tf (75%) create mode 100644 _examples/vpc_link_api/lambda-test.zip create mode 100644 _examples/vpc_link_api/lambda_packages/index.py create mode 100644 _examples/vpc_link_api/outputs.tf delete mode 100644 _test/basic/api_gateway_test.go delete mode 100644 _test/complete/api_gateway_test.go diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..57bdcfa --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,2 @@ +# These owners will be the default owners for everything in the repo. +* @anmolnagpal @clouddrove/approvers @clouddrove-ci diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..e414e28 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,12 @@ +## what +* Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?) +* Use bullet points to be concise and to the point. + +## why +* Provide the justifications for the changes (e.g. business case). +* Describe why these changes were made (e.g. why do these commits fix the problem?) +* Use bullet points to be concise and to the point. + +## references +* Link to any supporting jira issues or helpful documentation to add some context (e.g. stackoverflow). +* Use `closes #123`, if this PR closes a Jira issue `#123` diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e078cc2..5571037 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -26,7 +26,7 @@ updates: reviewers: - "approvers" - package-ecosystem: "terraform" # See documentation for possible values - directory: "_example/basic" # Location of package manifests + directory: "_example/vpc_link_api" # Location of package manifests schedule: interval: "weekly" # Add assignees diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml new file mode 100644 index 0000000..fd2ebf1 --- /dev/null +++ b/.github/workflows/auto_assignee.yml @@ -0,0 +1,14 @@ +name: Auto Assign PRs + +on: + pull_request: + types: [opened, reopened] + + workflow_dispatch: +jobs: + assign-pr: + uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master + secrets: + GITHUB: ${{ secrets.GITHUB }} + with: + assignees: 'clouddrove-ci' \ No newline at end of file diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 4b735f5..3e88b85 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -6,7 +6,7 @@ on: - "*" workflow_dispatch: jobs: - changelog: + call-workflow-changelog: uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master secrets: inherit with: diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index 54f849a..4bd38ee 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -10,10 +10,10 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout' - uses: actions/checkout@v2.3.4 + uses: actions/checkout@master - name: 'Set up Python 3.7' - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: python-version: '3.x' @@ -21,17 +21,17 @@ jobs: uses: 'clouddrove/github-actions@v9.0.2' with: actions_subcommand: 'readme' - github_token: '${{ secrets.GITHUB}}' + github_token: '${{ secrets.GITHUB }}' env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: 'pre-commit check errors' - uses: pre-commit/action@v2.0.0 + uses: pre-commit/action@v3.0.0 continue-on-error: true - - name: 'pre-commit fix errors' - uses: pre-commit/action@v2.0.0 + - name: 'pre-commit fix erros' + uses: pre-commit/action@v3.0.0 continue-on-error: true - name: 'push readme' @@ -40,7 +40,7 @@ jobs: with: actions_subcommand: 'push' env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: 'Slack Notification' uses: clouddrove/action-slack@v2 diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml deleted file mode 100644 index 7003be6..0000000 --- a/.github/workflows/terraform.yml +++ /dev/null @@ -1,85 +0,0 @@ -name: static-checks - -on: - pull_request: - -jobs: - versionExtract: - name: Get min/max versions - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Terraform min/max versions - id: minMax - uses: clowdhaus/terraform-min-max@main - outputs: - minVersion: ${{ steps.minMax.outputs.minVersion }} - maxVersion: ${{ steps.minMax.outputs.maxVersion }} - - - versionEvaluate: - name: Evaluate Terraform versions - runs-on: ubuntu-latest - needs: versionExtract - strategy: - fail-fast: false - matrix: - version: - - ${{ needs.versionExtract.outputs.minVersion }} - - ${{ needs.versionExtract.outputs.maxVersion }} - directory: - - _example/basic - - _example/complete - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Install Terraform v${{ matrix.version }} - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: ${{ matrix.version }} - - - name: 'Configure AWS Credentials' - uses: clouddrove/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} - aws-region: us-east-2 - - - name: Init & validate v${{ matrix.version }} - run: | - cd ${{ matrix.directory }} - terraform init - terraform validate - - - - name: tflint - uses: reviewdog/action-tflint@master - with: - tflint_version: v0.29.0 - github_token: ${{ secrets.GITHUB }} - working_directory: ${{ matrix.directory }} - fail_on_error: 'true' - filter_mode: 'nofilter' - flags: '--module' - - format: - name: Check code format - runs-on: ubuntu-latest - needs: versionExtract - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Install Terraform v${{ needs.versionExtract.outputs.maxVersion }} - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: ${{ needs.versionExtract.outputs.maxVersion }} - - - name: Check Terraform format changes - run: terraform fmt --recursive diff --git a/.github/workflows/terratest.yml b/.github/workflows/terratest.yml deleted file mode 100644 index a043a42..0000000 --- a/.github/workflows/terratest.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: 'Terratest GitHub Actions' -on: - pull_request: - branches: - - master - types: [labeled] - -jobs: - Terratest: - name: 'terratest' - runs-on: ubuntu-latest - steps: - - - name: 'Checkout' - uses: actions/checkout@v2.3.4 - - - name: 'Configure AWS Credentials' - uses: clouddrove/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} - aws-region: us-east-2 - - - name: 'terratest' - uses: 'clouddrove/github-actions@v9.0.2' - with: - actions_subcommand: 'terratest' - if: ${{ github.event.label.name == 'terratest' }} - tf_actions_working_dir: '_test' - - - name: 'Slack Notification' - uses: clouddrove/action-slack@v2 - with: - status: ${{ job.status }} - fields: repo,author - author_name: 'CloudDrove' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required - if: always() diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml new file mode 100644 index 0000000..a3aa918 --- /dev/null +++ b/.github/workflows/tf-checks.yml @@ -0,0 +1,15 @@ +name: tf-checks +on: + push: + branches: [ master ] + pull_request: + workflow_dispatch: +jobs: + tf-checks-complete-example: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master + with: + working_directory: './_examples/complete/' + tf-checks-basic-example: + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master + with: + working_directory: './_examples/vpc_link_api/' diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml new file mode 100644 index 0000000..99c6300 --- /dev/null +++ b/.github/workflows/tflint.yml @@ -0,0 +1,11 @@ +name: tf-lint +on: + push: + branches: [ master ] + pull_request: + workflow_dispatch: +jobs: + tf-lint: + uses: clouddrove/test-tfsec/.github/workflows/tflint.yaml@master + secrets: + GITHUB: ${{ secrets.GITHUB }} \ No newline at end of file diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index 9aaf588..c203751 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -8,4 +8,4 @@ jobs: uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master secrets: inherit with: - working_directory: '.' \ No newline at end of file + working_directory: '.' diff --git a/README.yaml b/README.yaml index 7f10dc3..aca1563 100644 --- a/README.yaml +++ b/README.yaml @@ -5,7 +5,7 @@ # # Name of this project -name: Terraform AWS Api Gateway +name : Terraform Module API-GATEWAY-V2 # License of this project license: "APACHE" @@ -15,174 +15,99 @@ github_repo: clouddrove/terraform-aws-api-gateway # Badges to display badges: - - name: "Terraform" - image: "https://img.shields.io/badge/Terraform-v1.1.7-green" - url: "https://www.terraform.io" - - name: "Licence" - image: "https://img.shields.io/badge/License-APACHE-blue.svg" - url: "LICENSE.md" + - name: "Latest Release" + image: "https://img.shields.io/github/release/clouddrove/terraform-aws-api-gateway.svg" + url: "https://github.com/clouddrove/terraform-aws-api-gateway/releases/latest" - name: "tfsec" image: "https://github.com/clouddrove/terraform-aws-api-gateway/actions/workflows/tfsec.yml/badge.svg" url: "https://github.com/clouddrove/terraform-aws-api-gateway/actions/workflows/tfsec.yml" - - name: "static-checks" - image: "https://github.com/clouddrove/terraform-aws-api-gateway/actions/workflows/terraform.yml/badge.svg" - url: "https://github.com/clouddrove/terraform-aws-api-gateway/actions/workflows/terraform.yml" + - name: "Licence" + image: "https://img.shields.io/badge/License-APACHE-blue.svg" + url: "LICENSE.md" # description of this project -# yamllint disable rule:line-length description: |- - Terraform module to create Route53 resource on AWS for create api gateway with it's basic elements. - + Terraform module api-gateway-v2 to create new modules using this as baseline # extra content -# please not remove these two If you need add more include: - "terraform.md" # How to use this project -# yamllint disable rule:line-length +# How to use this project usage: |- Here are examples of how you can use this module in your inventory structure: - ### Basic Example + ### complete Example ```hcl module "api-gateway" { source = "clouddrove/api-gateway/aws" - version = "1.3.0" - name = "api-gateway" - environment = "test" - label_order = ["name", "environment"] - enabled = true - - # Api Gateway Resource - path_parts = ["mytestresource", "mytestresource1"] - - # Api Gateway Method - method_enabled = true - http_methods = ["GET", "GET"] - - # Api Gateway Integration - integration_types = ["MOCK", "AWS_PROXY"] - integration_http_methods = ["POST", "POST"] - uri = ["", "arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:test/invocations"] - integration_request_parameters = [{ - "integration.request.header.X-Authorization" = "'static'" - }, {}] - request_templates = [{ - "application/xml" = < - - $inputRoot.body - - EOF - }, {}] - - # Api Gateway Deployment - deployment_enabled = true - stage_name = "deploy" - - # Api Gateway Stage - stage_enabled = true - stage_names = ["qa", "dev"] + version = "1.3.1" + + domain_name = "example.cam" + domain_name_certificate_arn = module.acm.arn + integration_uri = module.lambda.arn + zone_id = "1234059QJ345674343" + create_vpc_link_enabled = false + cors_configuration = { + allow_credentials = true + allow_methods = ["GET", "OPTIONS", "POST"] + max_age = 5 + } + integrations = { + "ANY /" = { + lambda_arn = module.lambda.arn + payload_format_version = "2.0" + timeout_milliseconds = 12000 + } + "GET /some-route-with-authorizer" = { + lambda_arn = module.lambda.arn + payload_format_version = "2.0" + authorizer_key = "cognito" + } + "POST /start-step-function" = { + lambda_arn = module.lambda.arn + payload_format_version = "2.0" + authorizer_key = "cognito" + } + } } ``` - ### Complete Example + ### vpc_link_api Example ```hcl module "api-gateway" { source = "clouddrove/api-gateway/aws" - version = "1.3.0" + version = "1.3.1" - name = "api-gateway" + name = "api" environment = "test" - label_order = ["name", "environment"] - enabled = true - - # Api Gateway Resource - path_parts = ["mytestresource", "mytestresource1"] - - # Api Gateway Method - method_enabled = true - http_methods = ["GET", "GET"] - - # Api Gateway Integration - integration_types = ["MOCK", "AWS_PROXY"] - integration_http_methods = ["POST", "POST"] - uri = ["", "arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:test/invocations"] - integration_request_parameters = [{ - "integration.request.header.X-Authorization" = "'static'" - }, {}] - request_templates = [{ - "application/xml" = < - - $inputRoot.body - - EOF - }, {}] - - # Api Gateway Deployment - deployment_enabled = true - stage_name = "deploy" - - # Api Gateway Stage - stage_enabled = true - stage_names = ["qa", "dev"] - - # Api Gateway Client Certificate - cert_enabled = true - cert_description = "clouddrove" - - # Api Gateway Authorizer - authorizer_count = 2 - authorizer_names = ["test", "test1"] - authorizer_uri = ["arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:test/invocations", "arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:test/invocations"] - authorizer_credentials = ["arn:aws:iam::xxxxxxxxxx:role/lambda-role", "arn:aws:iam::xxxxxxxxxx:role/lambda-role"] - identity_sources = ["method.request.header.Authorization", "method.request.header.Authorization"] - identity_validation_expressions = ["sfdgfhghrfdsdas", ""] - authorizer_types = ["TOKEN", "REQUEST"] - - # Api Gateway Gateway Response - gateway_response_count = 2 - response_types = ["UNAUTHORIZED", "RESOURCE_NOT_FOUND"] - gateway_status_codes = ["401", "404"] - - # Api Gateway Model - model_count = 2 - model_names = ["test", "test1"] - content_types = ["application/json", "application/json"] - - # Api Gateway Api Key - key_count = 2 - key_names = ["test", "test1"] + label_order = ["environment", "name"] + domain_name = "example.cam" + create_vpc_link_enabled = true + zone_id = "1`23456059QJZ25345678" + integration_uri = module.lambda.arn + domain_name_certificate_arn = module.acm.arn + subnet_ids = tolist(module.public_subnets.public_subnet_id) + security_group_ids = [module.security_group.security_group_ids] + cors_configuration = { + allow_credentials = true + allow_methods = ["GET", "OPTIONS", "POST"] + max_age = 5 + } + integrations = { + "ANY /" = { + lambda_arn = module.lambda.arn + payload_format_version = "2.0" + timeout_milliseconds = 12000 + } + "GET /some-route-with-authorizer" = { + lambda_arn = module.lambda.arn + payload_format_version = "2.0" + authorizer_key = "cognito" + } + "POST /start-step-function" = { + lambda_arn = module.lambda.arn + payload_format_version = "2.0" + authorizer_key = "cognito" + } + } } ``` \ No newline at end of file diff --git a/_examples/complete/example.tf b/_examples/complete/example.tf new file mode 100644 index 0000000..08eb8de --- /dev/null +++ b/_examples/complete/example.tf @@ -0,0 +1,106 @@ +####---------------------------------------------------------------------------------- +## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS. +####---------------------------------------------------------------------------------- +provider "aws" { + region = "eu-west-1" +} + +####---------------------------------------------------------------------------------- +## This terraform module is designed to generate consistent label names and tags for resources. +####---------------------------------------------------------------------------------- +module "acm" { + source = "clouddrove/acm/aws" + version = "1.3.0" + + name = "certificate" + environment = "test" + label_order = ["name", "environment"] + + enable_aws_certificate = true + domain_name = "example.cam" + subject_alternative_names = ["*.example.cam"] + validation_method = "DNS" + enable_dns_validation = false +} + +####---------------------------------------------------------------------------------- +## This terraform module is designed to generate consistent label names and tags for resources. +####---------------------------------------------------------------------------------- +module "lambda" { + source = "clouddrove/lambda/aws" + version = "1.3.0" + + name = "lambda" + environment = "test" + label_order = ["name", "environment"] + + enabled = true + timeout = 60 + filename = "./lambda_packages" + handler = "index.lambda_handler" + runtime = "python3.8" + iam_actions = [ + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:PutLogEvents" + ] + names = [ + "python_layer" + ] + layer_filenames = ["./lambda-test.zip"] + compatible_runtimes = [ + ["python3.8"] + ] + statement_ids = [ + "AllowExecutionFromCloudWatch" + ] + actions = [ + "lambda:InvokeFunction" + ] + principals = [ + "events.amazonaws.com" + ] + source_arns = [module.api_gateway.api_arn] + variables = { + foo = "bar" + } +} + +####---------------------------------------------------------------------------------- +## This terraform module is designed to generate consistent label names and tags for resources. +####---------------------------------------------------------------------------------- +module "api_gateway" { + source = "./../../" + + name = "api" + environment = "test" + label_order = ["environment", "name"] + + domain_name = "example.cam" + domain_name_certificate_arn = module.acm.arn + integration_uri = module.lambda.arn + zone_id = "1234059QJ345674343" + create_vpc_link_enabled = false + cors_configuration = { + allow_credentials = true + allow_methods = ["GET", "OPTIONS", "POST"] + max_age = 5 + } + integrations = { + "ANY /" = { + lambda_arn = module.lambda.arn + payload_format_version = "2.0" + timeout_milliseconds = 12000 + } + "GET /some-route-with-authorizer" = { + lambda_arn = module.lambda.arn + payload_format_version = "2.0" + authorizer_key = "cognito" + } + "POST /start-step-function" = { + lambda_arn = module.lambda.arn + payload_format_version = "2.0" + authorizer_key = "cognito" + } + } +} \ No newline at end of file diff --git a/_example/lambda-test.zip b/_examples/complete/lambda-test.zip similarity index 100% rename from _example/lambda-test.zip rename to _examples/complete/lambda-test.zip diff --git a/_example/lambda_packages/index.py b/_examples/complete/lambda_packages/index.py similarity index 100% rename from _example/lambda_packages/index.py rename to _examples/complete/lambda_packages/index.py diff --git a/_example/outputs.tf b/_examples/complete/outputs.tf similarity index 66% rename from _example/outputs.tf rename to _examples/complete/outputs.tf index 7aaaa75..6fb1fbb 100644 --- a/_example/outputs.tf +++ b/_examples/complete/outputs.tf @@ -3,6 +3,11 @@ output "api_id" { description = "The API identifier." } +output "api_arn" { + value = join("", module.api_gateway.*.api_arn) + description = "The API arn." +} + output "api_endpoint" { value = join("", module.api_gateway.*.api_endpoint) description = "The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com." @@ -11,9 +16,4 @@ output "api_endpoint" { output "invoke_url" { value = join("", module.api_gateway.*.invoke_url) description = "URL to invoke the API pointing to the stage" -} - -#output "integration_response_selection_expression" { -# value = module.api_gateway.*.integration_response_selection_expression -# description = "The integration response selection expression for the integration." -#} \ No newline at end of file +} \ No newline at end of file diff --git a/_example/example.tf b/_examples/vpc_link_api/example.tf similarity index 75% rename from _example/example.tf rename to _examples/vpc_link_api/example.tf index 94dd9f9..d605f28 100644 --- a/_example/example.tf +++ b/_examples/vpc_link_api/example.tf @@ -37,6 +37,9 @@ module "public_subnets" { ipv6_cidr_block = module.vpc.ipv6_cidr_block } +##---------------------------------------------------------------------------------- +## Below module will create SECURITY-GROUP and its components. +##---------------------------------------------------------------------------------- module "security_group" { source = "clouddrove/security-group/aws" version = "1.3.0" @@ -50,42 +53,9 @@ module "security_group" { allowed_ports = [3306] } -module "iam-role" { - source = "clouddrove/iam-role/aws" - version = "1.3.0" - - name = "iam-role" - environment = "test" - label_order = ["name", "environment"] - assume_role_policy = data.aws_iam_policy_document.default.json - policy_enabled = true - policy = data.aws_iam_policy_document.iam-policy.json -} - -data "aws_iam_policy_document" "default" { - statement { - effect = "Allow" - actions = ["sts:AssumeRole"] - principals { - type = "Service" - identifiers = ["ec2.amazonaws.com"] - } - } -} - -data "aws_iam_policy_document" "iam-policy" { - statement { - actions = [ - "ssm:UpdateInstanceInformation", - "ssmmessages:CreateControlChannel", - "ssmmessages:CreateDataChannel", - "ssmmessages:OpenControlChannel", - "ssmmessages:OpenDataChannel"] - effect = "Allow" - resources = ["*"] - } -} - +####---------------------------------------------------------------------------------- +## This terraform module is designed to generate consistent label names and tags for resources. +####---------------------------------------------------------------------------------- module "acm" { source = "clouddrove/acm/aws" version = "1.3.0" @@ -101,6 +71,9 @@ module "acm" { enable_dns_validation = false } +####---------------------------------------------------------------------------------- +## This terraform module is designed to generate consistent label names and tags for resources. +####---------------------------------------------------------------------------------- module "lambda" { source = "clouddrove/lambda/aws" version = "1.3.0" @@ -135,41 +108,40 @@ module "lambda" { principals = [ "events.amazonaws.com" ] - source_arns = [module.iam-role.arn] + source_arns = [module.api_gateway.api_arn] variables = { foo = "bar" } } + +####---------------------------------------------------------------------------------- +## This terraform module is designed to generate consistent label names and tags for resources with vpc_link. +####---------------------------------------------------------------------------------- module "api_gateway" { - source = "./../" + source = "./../../" name = "api" environment = "test" label_order = ["environment", "name"] - protocol_type = "HTTP" domain_name = "example.cam" + create_vpc_link_enabled = true + zone_id = "1`23456059QJZ25345678" + integration_uri = module.lambda.arn domain_name_certificate_arn = module.acm.arn subnet_ids = tolist(module.public_subnets.public_subnet_id) security_group_ids = [module.security_group.security_group_ids] - route_selection_expression = "$request.method $request.path" - api_key_selection_expression = "$request.header.x-api-key" cors_configuration = { allow_credentials = true - allow_headers = [] allow_methods = ["GET", "OPTIONS", "POST"] - allow_origins = [] - expose_headers = [] max_age = 5 } integrations = { - "ANY /" = { lambda_arn = module.lambda.arn payload_format_version = "2.0" timeout_milliseconds = 12000 } - "GET /some-route-with-authorizer" = { lambda_arn = module.lambda.arn payload_format_version = "2.0" @@ -179,10 +151,6 @@ module "api_gateway" { lambda_arn = module.lambda.arn payload_format_version = "2.0" authorizer_key = "cognito" - } } - iam_arns = module.iam-role.arn - integration_uri = module.lambda.arn - zone_id = "1233xxxxxxxxxxxxxxxx" } \ No newline at end of file diff --git a/_examples/vpc_link_api/lambda-test.zip b/_examples/vpc_link_api/lambda-test.zip new file mode 100644 index 0000000000000000000000000000000000000000..8589034317795bcd093cef4cc5e4ede7405282fc GIT binary patch literal 330 zcmWIWW@Zs#-~d7f2E{HQ0S6$F%)FG;3cZ5Ln0`m^BL)Jk?|+Iq>+R-#y{m$!VuI_D z?n7D?0-86^W+=b)@mO|L>F@hV5jlp-#qUj@{=G)pf~z2C@-H7BFUy+tW82izSKpeH zZLn^m`y|~tGgqipef#}3=W2%Ru_b4l^p7dl`xkw*Y5C)ITR^IQ+oPF!#gc#9`@44t z?{=JhsqFbKvn5~m-+27KrE{j(*}&OK?q7u&825& iW`zHd Date: Wed, 12 Jul 2023 18:41:26 +0530 Subject: [PATCH 48/82] feat: code dynamic and add resource, variable description --- .github/dependabot.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5571037..362fd26 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -16,7 +16,7 @@ updates: reviewers: - "approvers" - package-ecosystem: "terraform" # See documentation for possible values - directory: "_example/complete" # Location of package manifests + directory: "_examples/complete" # Location of package manifests schedule: interval: "weekly" # Add assignees @@ -26,7 +26,7 @@ updates: reviewers: - "approvers" - package-ecosystem: "terraform" # See documentation for possible values - directory: "_example/vpc_link_api" # Location of package manifests + directory: "_examples/vpc_link_api" # Location of package manifests schedule: interval: "weekly" # Add assignees From 541a62af3f7a030f8f6dff0bba2afff3b6096965 Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Wed, 12 Jul 2023 18:43:56 +0530 Subject: [PATCH 49/82] feat: code dynamic and add resource, variable description --- _examples/complete/example.tf | 4 ++-- _examples/vpc_link_api/example.tf | 14 +++++++------- variables.tf | 4 ++-- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/_examples/complete/example.tf b/_examples/complete/example.tf index 08eb8de..df95e35 100644 --- a/_examples/complete/example.tf +++ b/_examples/complete/example.tf @@ -79,8 +79,8 @@ module "api_gateway" { domain_name = "example.cam" domain_name_certificate_arn = module.acm.arn integration_uri = module.lambda.arn - zone_id = "1234059QJ345674343" - create_vpc_link_enabled = false + zone_id = "1234059QJ345674343" + create_vpc_link_enabled = false cors_configuration = { allow_credentials = true allow_methods = ["GET", "OPTIONS", "POST"] diff --git a/_examples/vpc_link_api/example.tf b/_examples/vpc_link_api/example.tf index d605f28..7023d1b 100644 --- a/_examples/vpc_link_api/example.tf +++ b/_examples/vpc_link_api/example.tf @@ -124,13 +124,13 @@ module "api_gateway" { environment = "test" label_order = ["environment", "name"] - domain_name = "example.cam" - create_vpc_link_enabled = true - zone_id = "1`23456059QJZ25345678" - integration_uri = module.lambda.arn - domain_name_certificate_arn = module.acm.arn - subnet_ids = tolist(module.public_subnets.public_subnet_id) - security_group_ids = [module.security_group.security_group_ids] + domain_name = "example.cam" + create_vpc_link_enabled = true + zone_id = "1`23456059QJZ25345678" + integration_uri = module.lambda.arn + domain_name_certificate_arn = module.acm.arn + subnet_ids = tolist(module.public_subnets.public_subnet_id) + security_group_ids = [module.security_group.security_group_ids] cors_configuration = { allow_credentials = true allow_methods = ["GET", "OPTIONS", "POST"] diff --git a/variables.tf b/variables.tf index ab8466e..9e5405b 100644 --- a/variables.tf +++ b/variables.tf @@ -229,8 +229,8 @@ variable "security_group_ids" { } variable "zone_id" { - type = string - default = "" + type = string + default = "" description = "The ID of the hosted zone to contain this record." } variable "integration_uri" { From 267242e02762f99f171aec272ed26c5cf53e269b Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Wed, 12 Jul 2023 18:51:06 +0530 Subject: [PATCH 50/82] feat: code dynamic and add resource, variable description --- _examples/vpc_link_api/example.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/_examples/vpc_link_api/example.tf b/_examples/vpc_link_api/example.tf index 7023d1b..4f843a9 100644 --- a/_examples/vpc_link_api/example.tf +++ b/_examples/vpc_link_api/example.tf @@ -40,6 +40,7 @@ module "public_subnets" { ##---------------------------------------------------------------------------------- ## Below module will create SECURITY-GROUP and its components. ##---------------------------------------------------------------------------------- +#tfsec:ignore:aws-ec2-no-public-ip-subnet module "security_group" { source = "clouddrove/security-group/aws" version = "1.3.0" From b2c1576be72322f3fd3e599d405007d8b3343b25 Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Wed, 12 Jul 2023 18:57:46 +0530 Subject: [PATCH 51/82] feat: code dynamic and add resource, variable description --- _examples/vpc_link_api/example.tf | 2 +- main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/_examples/vpc_link_api/example.tf b/_examples/vpc_link_api/example.tf index 4f843a9..afe6ca3 100644 --- a/_examples/vpc_link_api/example.tf +++ b/_examples/vpc_link_api/example.tf @@ -40,7 +40,7 @@ module "public_subnets" { ##---------------------------------------------------------------------------------- ## Below module will create SECURITY-GROUP and its components. ##---------------------------------------------------------------------------------- -#tfsec:ignore:aws-ec2-no-public-ip-subnet +#tfsec:ignore:aws-ec2-no-public-ingress-sgr module "security_group" { source = "clouddrove/security-group/aws" version = "1.3.0" diff --git a/main.tf b/main.tf index f9515fd..0ca3605 100644 --- a/main.tf +++ b/main.tf @@ -99,7 +99,7 @@ resource "aws_apigatewayv2_stage" "default" { api_id = aws_apigatewayv2_api.default[0].id name = format("%s-stage", module.labels.id) - auto_deploy = true + auto_deploy = false dynamic "access_log_settings" { for_each = var.access_log_settings content { From 20a8a1f14ee685b3b9f4233105dd12e0ee94654d Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Wed, 12 Jul 2023 19:00:29 +0530 Subject: [PATCH 52/82] feat: code dynamic and add resource, variable description --- _examples/vpc_link_api/example.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/_examples/vpc_link_api/example.tf b/_examples/vpc_link_api/example.tf index afe6ca3..ae1084b 100644 --- a/_examples/vpc_link_api/example.tf +++ b/_examples/vpc_link_api/example.tf @@ -21,6 +21,7 @@ module "vpc" { ####---------------------------------------------------------------------------------- ## A subnet is a range of IP addresses in your VPC. ####---------------------------------------------------------------------------------- +#tfsec:ignore:Subnet associates public IP address. module "public_subnets" { source = "clouddrove/subnet/aws" version = "1.3.0" From d36d58ce68967ff6e65515ecdd433cfe2b326b42 Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Wed, 12 Jul 2023 19:02:52 +0530 Subject: [PATCH 53/82] feat: code dynamic and add resource, variable description --- _examples/vpc_link_api/example.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_examples/vpc_link_api/example.tf b/_examples/vpc_link_api/example.tf index ae1084b..ad826d5 100644 --- a/_examples/vpc_link_api/example.tf +++ b/_examples/vpc_link_api/example.tf @@ -21,7 +21,7 @@ module "vpc" { ####---------------------------------------------------------------------------------- ## A subnet is a range of IP addresses in your VPC. ####---------------------------------------------------------------------------------- -#tfsec:ignore:Subnet associates public IP address. +#tfsec:ignore:aws-ec2-no-public-ip-subnet. module "public_subnets" { source = "clouddrove/subnet/aws" version = "1.3.0" From 553c2a1a7211426c34f06ea22b13e92b16f5477a Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Wed, 12 Jul 2023 19:10:44 +0530 Subject: [PATCH 54/82] feat: code dynamic and add resource, variable description --- _examples/vpc_link_api/example.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_examples/vpc_link_api/example.tf b/_examples/vpc_link_api/example.tf index ad826d5..e57c453 100644 --- a/_examples/vpc_link_api/example.tf +++ b/_examples/vpc_link_api/example.tf @@ -21,7 +21,6 @@ module "vpc" { ####---------------------------------------------------------------------------------- ## A subnet is a range of IP addresses in your VPC. ####---------------------------------------------------------------------------------- -#tfsec:ignore:aws-ec2-no-public-ip-subnet. module "public_subnets" { source = "clouddrove/subnet/aws" version = "1.3.0" @@ -42,6 +41,7 @@ module "public_subnets" { ## Below module will create SECURITY-GROUP and its components. ##---------------------------------------------------------------------------------- #tfsec:ignore:aws-ec2-no-public-ingress-sgr +#tfsec:ignore:aws-ec2-no-public-ip-subnet. module "security_group" { source = "clouddrove/security-group/aws" version = "1.3.0" From 0b394ce106837038d79663a4e337f0528cc029f9 Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Wed, 12 Jul 2023 19:15:57 +0530 Subject: [PATCH 55/82] feat: code dynamic and add resource, variable description --- _examples/vpc_link_api/example.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_examples/vpc_link_api/example.tf b/_examples/vpc_link_api/example.tf index e57c453..ad826d5 100644 --- a/_examples/vpc_link_api/example.tf +++ b/_examples/vpc_link_api/example.tf @@ -21,6 +21,7 @@ module "vpc" { ####---------------------------------------------------------------------------------- ## A subnet is a range of IP addresses in your VPC. ####---------------------------------------------------------------------------------- +#tfsec:ignore:aws-ec2-no-public-ip-subnet. module "public_subnets" { source = "clouddrove/subnet/aws" version = "1.3.0" @@ -41,7 +42,6 @@ module "public_subnets" { ## Below module will create SECURITY-GROUP and its components. ##---------------------------------------------------------------------------------- #tfsec:ignore:aws-ec2-no-public-ingress-sgr -#tfsec:ignore:aws-ec2-no-public-ip-subnet. module "security_group" { source = "clouddrove/security-group/aws" version = "1.3.0" From 26397b1c2370d056795f180f5517c407e9b57202 Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Wed, 12 Jul 2023 19:21:34 +0530 Subject: [PATCH 56/82] feat: code dynamic and add resource, variable description --- _examples/vpc_link_api/example.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_examples/vpc_link_api/example.tf b/_examples/vpc_link_api/example.tf index ad826d5..4c1db24 100644 --- a/_examples/vpc_link_api/example.tf +++ b/_examples/vpc_link_api/example.tf @@ -21,7 +21,7 @@ module "vpc" { ####---------------------------------------------------------------------------------- ## A subnet is a range of IP addresses in your VPC. ####---------------------------------------------------------------------------------- -#tfsec:ignore:aws-ec2-no-public-ip-subnet. +#tfsec:ignore:aws-ec2-no-public-ip-subnet module "public_subnets" { source = "clouddrove/subnet/aws" version = "1.3.0" From e453dc5b00db9efafdb30b6e20ae843e4fb25794 Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Wed, 12 Jul 2023 19:31:01 +0530 Subject: [PATCH 57/82] feat: code dynamic and add resource, variable description --- _examples/complete/example.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/_examples/complete/example.tf b/_examples/complete/example.tf index df95e35..97ff403 100644 --- a/_examples/complete/example.tf +++ b/_examples/complete/example.tf @@ -103,4 +103,8 @@ module "api_gateway" { authorizer_key = "cognito" } } + access_log_settings = { + default_stage_access_log_destination_arn = "*" + default_stage_access_log_format = " HTTP" + } } \ No newline at end of file From da05e2cea4a25d582c51c5be41a24301f245d430 Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Thu, 13 Jul 2023 20:04:10 +0530 Subject: [PATCH 58/82] feat: code dynamic and add resource, variable description --- _examples/complete/example.tf | 10 +++------- _examples/vpc_link_api/example.tf | 6 +++--- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/_examples/complete/example.tf b/_examples/complete/example.tf index 97ff403..3a1c876 100644 --- a/_examples/complete/example.tf +++ b/_examples/complete/example.tf @@ -17,8 +17,8 @@ module "acm" { label_order = ["name", "environment"] enable_aws_certificate = true - domain_name = "example.cam" - subject_alternative_names = ["*.example.cam"] + domain_name = "clouddrove.ca" + subject_alternative_names = ["*.clouddrove.ca"] validation_method = "DNS" enable_dns_validation = false } @@ -76,7 +76,7 @@ module "api_gateway" { environment = "test" label_order = ["environment", "name"] - domain_name = "example.cam" + domain_name = "clouddrove.ca" domain_name_certificate_arn = module.acm.arn integration_uri = module.lambda.arn zone_id = "1234059QJ345674343" @@ -103,8 +103,4 @@ module "api_gateway" { authorizer_key = "cognito" } } - access_log_settings = { - default_stage_access_log_destination_arn = "*" - default_stage_access_log_format = " HTTP" - } } \ No newline at end of file diff --git a/_examples/vpc_link_api/example.tf b/_examples/vpc_link_api/example.tf index 4c1db24..a2f7860 100644 --- a/_examples/vpc_link_api/example.tf +++ b/_examples/vpc_link_api/example.tf @@ -67,8 +67,8 @@ module "acm" { label_order = ["name", "environment"] enable_aws_certificate = true - domain_name = "example.cam" - subject_alternative_names = ["*.example.cam"] + domain_name = "clouddrove.ca" + subject_alternative_names = ["*.clouddrove.ca"] validation_method = "DNS" enable_dns_validation = false } @@ -126,7 +126,7 @@ module "api_gateway" { environment = "test" label_order = ["environment", "name"] - domain_name = "example.cam" + domain_name = "clouddrove.ca" create_vpc_link_enabled = true zone_id = "1`23456059QJZ25345678" integration_uri = module.lambda.arn From 0f72292f3a6084bfa317082396ed6ed8e0dd71f2 Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Tue, 18 Jul 2023 21:30:49 +0530 Subject: [PATCH 59/82] feat: update security group version --- _examples/vpc_link_api/example.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_examples/vpc_link_api/example.tf b/_examples/vpc_link_api/example.tf index a2f7860..60e624d 100644 --- a/_examples/vpc_link_api/example.tf +++ b/_examples/vpc_link_api/example.tf @@ -44,7 +44,7 @@ module "public_subnets" { #tfsec:ignore:aws-ec2-no-public-ingress-sgr module "security_group" { source = "clouddrove/security-group/aws" - version = "1.3.0" + version = "2.0.0" name = "security-group" environment = "test" From ac4543227af68196f2ddaf4623be242dc2fa7879 Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Tue, 18 Jul 2023 21:34:52 +0530 Subject: [PATCH 60/82] feat: update security group version --- README.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.yaml b/README.yaml index aca1563..d589e53 100644 --- a/README.yaml +++ b/README.yaml @@ -40,7 +40,7 @@ usage: |- ```hcl module "api-gateway" { source = "clouddrove/api-gateway/aws" - version = "1.3.1" + version = "1.4.0" domain_name = "example.cam" domain_name_certificate_arn = module.acm.arn @@ -75,7 +75,7 @@ usage: |- ```hcl module "api-gateway" { source = "clouddrove/api-gateway/aws" - version = "1.3.1" + version = "1.4.0" name = "api" environment = "test" From 687bc25bf8a7dcec5e680a4e3160ba90e1c7d468 Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Tue, 18 Jul 2023 21:45:01 +0530 Subject: [PATCH 61/82] feat: update security group version --- _examples/vpc_link_api/example.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/_examples/vpc_link_api/example.tf b/_examples/vpc_link_api/example.tf index 60e624d..c9c3ea2 100644 --- a/_examples/vpc_link_api/example.tf +++ b/_examples/vpc_link_api/example.tf @@ -48,7 +48,6 @@ module "security_group" { name = "security-group" environment = "test" - protocol = "tcp" label_order = ["environment", "name"] vpc_id = module.vpc.vpc_id allowed_ip = ["0.0.0.0/0"] From 6fdf8fad92eba02cf6a5133d4a7fd686bebb6d62 Mon Sep 17 00:00:00 2001 From: clouddrove-ci Date: Tue, 18 Jul 2023 17:21:55 +0000 Subject: [PATCH 62/82] update README.md --- README.md | 356 ++++++++++++++++++------------------------------------ 1 file changed, 119 insertions(+), 237 deletions(-) diff --git a/README.md b/README.md index 10a2d8c..d2dede2 100644 --- a/README.md +++ b/README.md @@ -4,26 +4,23 @@

- Terraform AWS Api Gateway + Terraform Module API-GATEWAY-V2

- Terraform module to create Route53 resource on AWS for create api gateway with it's basic elements. + Terraform module api-gateway-v2 to create new modules using this as baseline

- - Terraform - - - Licence + + Latest Release tfsec - - static-checks + + Licence @@ -33,10 +30,10 @@ - + - + @@ -75,148 +72,79 @@ This module has a few dependencies: Here are examples of how you can use this module in your inventory structure: -### Basic Example +### complete Example ```hcl module "api-gateway" { source = "clouddrove/api-gateway/aws" - version = "1.3.0" - name = "api-gateway" - environment = "test" - label_order = ["name", "environment"] - enabled = true - - # Api Gateway Resource - path_parts = ["mytestresource", "mytestresource1"] - - # Api Gateway Method - method_enabled = true - http_methods = ["GET", "GET"] - - # Api Gateway Integration - integration_types = ["MOCK", "AWS_PROXY"] - integration_http_methods = ["POST", "POST"] - uri = ["", "arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:test/invocations"] - integration_request_parameters = [{ - "integration.request.header.X-Authorization" = "'static'" - }, {}] - request_templates = [{ - "application/xml" = < - - $inputRoot.body - - EOF - }, {}] - - # Api Gateway Deployment - deployment_enabled = true - stage_name = "deploy" - - # Api Gateway Stage - stage_enabled = true - stage_names = ["qa", "dev"] + version = "1.4.0" + + domain_name = "example.cam" + domain_name_certificate_arn = module.acm.arn + integration_uri = module.lambda.arn + zone_id = "1234059QJ345674343" + create_vpc_link_enabled = false + cors_configuration = { + allow_credentials = true + allow_methods = ["GET", "OPTIONS", "POST"] + max_age = 5 + } + integrations = { + "ANY /" = { + lambda_arn = module.lambda.arn + payload_format_version = "2.0" + timeout_milliseconds = 12000 + } + "GET /some-route-with-authorizer" = { + lambda_arn = module.lambda.arn + payload_format_version = "2.0" + authorizer_key = "cognito" + } + "POST /start-step-function" = { + lambda_arn = module.lambda.arn + payload_format_version = "2.0" + authorizer_key = "cognito" + } + } } ``` -### Complete Example +### vpc_link_api Example ```hcl module "api-gateway" { source = "clouddrove/api-gateway/aws" - version = "1.3.0" + version = "1.4.0" - name = "api-gateway" + name = "api" environment = "test" - label_order = ["name", "environment"] - enabled = true - - # Api Gateway Resource - path_parts = ["mytestresource", "mytestresource1"] - - # Api Gateway Method - method_enabled = true - http_methods = ["GET", "GET"] - - # Api Gateway Integration - integration_types = ["MOCK", "AWS_PROXY"] - integration_http_methods = ["POST", "POST"] - uri = ["", "arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:test/invocations"] - integration_request_parameters = [{ - "integration.request.header.X-Authorization" = "'static'" - }, {}] - request_templates = [{ - "application/xml" = < - - $inputRoot.body - - EOF - }, {}] - - # Api Gateway Deployment - deployment_enabled = true - stage_name = "deploy" - - # Api Gateway Stage - stage_enabled = true - stage_names = ["qa", "dev"] - - # Api Gateway Client Certificate - cert_enabled = true - cert_description = "clouddrove" - - # Api Gateway Authorizer - authorizer_count = 2 - authorizer_names = ["test", "test1"] - authorizer_uri = ["arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:test/invocations", "arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:xxxxxxxxxx:function:test/invocations"] - authorizer_credentials = ["arn:aws:iam::xxxxxxxxxx:role/lambda-role", "arn:aws:iam::xxxxxxxxxx:role/lambda-role"] - identity_sources = ["method.request.header.Authorization", "method.request.header.Authorization"] - identity_validation_expressions = ["sfdgfhghrfdsdas", ""] - authorizer_types = ["TOKEN", "REQUEST"] - - # Api Gateway Gateway Response - gateway_response_count = 2 - response_types = ["UNAUTHORIZED", "RESOURCE_NOT_FOUND"] - gateway_status_codes = ["401", "404"] - - # Api Gateway Model - model_count = 2 - model_names = ["test", "test1"] - content_types = ["application/json", "application/json"] - - # Api Gateway Api Key - key_count = 2 - key_names = ["test", "test1"] + label_order = ["environment", "name"] + domain_name = "example.cam" + create_vpc_link_enabled = true + zone_id = "1`23456059QJZ25345678" + integration_uri = module.lambda.arn + domain_name_certificate_arn = module.acm.arn + subnet_ids = tolist(module.public_subnets.public_subnet_id) + security_group_ids = [module.security_group.security_group_ids] + cors_configuration = { + allow_credentials = true + allow_methods = ["GET", "OPTIONS", "POST"] + max_age = 5 + } + integrations = { + "ANY /" = { + lambda_arn = module.lambda.arn + payload_format_version = "2.0" + timeout_milliseconds = 12000 + } + "GET /some-route-with-authorizer" = { + lambda_arn = module.lambda.arn + payload_format_version = "2.0" + authorizer_key = "cognito" + } + "POST /start-step-function" = { + lambda_arn = module.lambda.arn + payload_format_version = "2.0" + authorizer_key = "cognito" + } + } } ``` @@ -229,108 +157,62 @@ Here are examples of how you can use this module in your inventory structure: | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| api\_key\_requireds | Specify if the method requires an API key. | `list(any)` | `[]` | no | -| api\_key\_source | The source of the API key for requests. Valid values are HEADER (default) and AUTHORIZER. | `string` | `"HEADER"` | no | -| api\_log\_enabled | Whether to enable log for rest api. | `bool` | `false` | no | -| api\_policy | The policy document. | `any` | `null` | no | +| access\_log\_settings | Settings for logging access in this stage. | `map(string)` | `{}` | no | +| api\_description | the description of the API. | `string` | `"Manages an Amazon API Gateway Version 2 API."` | no | +| api\_key\_selection\_expression | An API key selection expression. Valid values: $context.authorizer.usageIdentifierKey, $request.header.x-api-key. | `string` | `"$request.header.x-api-key"` | no | +| api\_version | A version identifier for the API | `string` | `null` | no | +| apigatewayv2\_api\_mapping\_enabled | Flag to control the mapping creation. | `bool` | `true` | no | | attributes | Additional attributes (e.g. `1`). | `list(any)` | `[]` | no | -| authorization\_scopes | The authorization scopes used when the authorization is COGNITO\_USER\_POOLS. | `list(any)` | `[]` | no | -| authorizations | The type of authorization used for the method (NONE, CUSTOM, AWS\_IAM, COGNITO\_USER\_POOLS). | `list(any)` | `[]` | no | -| authorizer\_count | Number of count to create Authorizers for api. | `number` | `0` | no | -| authorizer\_credentials | The credentials required for the authorizer. To specify an IAM Role for API Gateway to assume, use the IAM Role ARN. | `list(any)` | `[]` | no | -| authorizer\_ids | The authorizer id to be used when the authorization is CUSTOM or COGNITO\_USER\_POOLS. | `list(any)` | `[]` | no | -| authorizer\_names | The name of the authorizer. | `list(any)` | `[]` | no | -| authorizer\_result\_ttl\_in\_seconds | The TTL of cached authorizer results in seconds. Defaults to 300. | `list(any)` | `[]` | no | -| authorizer\_types | The type of the authorizer. Possible values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, or COGNITO\_USER\_POOLS for using an Amazon Cognito user pool. Defaults to TOKEN. | `list(any)` | `[]` | no | -| authorizer\_uri | The authorizer's Uniform Resource Identifier (URI). This must be a well-formed Lambda function URI in the form of arn:aws:apigateway:{region}:lambda:path/{service\_api}, e.g. arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations. | `list(any)` | `[]` | no | -| binary\_media\_types | The list of binary media types supported by the RestApi. By default, the RestApi supports only UTF-8-encoded text payloads. | `list(any)` | 

[
  "UTF-8-encoded"
]
| no | -| cache\_cluster\_enableds | Specifies whether a cache cluster is enabled for the stage. | `list(any)` | `[]` | no | -| cache\_cluster\_sizes | The size of the cache cluster for the stage, if enabled. Allowed values include 0.5, 1.6, 6.1, 13.5, 28.4, 58.2, 118 and 237. | `list(any)` | `[]` | no | -| cache\_key\_parameters | A list of cache key parameters for the integration. | `list(string)` | 
[
  ""
]
| no | -| cache\_namespaces | The integration's cache namespace. | `list(any)` | `[]` | no | -| cert\_description | The description of the client certificate. | `string` | `""` | no | -| cert\_enabled | Whether to create client certificate. | `bool` | `false` | no | -| client\_certificate\_ids | The identifier of a client certificate for the stage | `list(any)` | `[]` | no | -| connection\_ids | The id of the VpcLink used for the integration. Required if connection\_type is VPC\_LINK. | `list(any)` | `[]` | no | -| connection\_types | The integration input's connectionType. Valid values are INTERNET (default for connections through the public routable internet), and VPC\_LINK (for private connections between API Gateway and a network load balancer in a VPC). | `list(any)` | `[]` | no | -| content\_handlings | Specifies how to handle request payload content type conversions. Supported values are CONVERT\_TO\_BINARY and CONVERT\_TO\_TEXT. If this property is not defined, the request payload will be passed through from the method request to integration request without modification, provided that the passthroughBehaviors is configured to support payload pass-through. | `list(any)` | `[]` | no | -| content\_types | The content type of the model. | `list(any)` | `[]` | no | -| credentials | The credentials required for the integration. For AWS integrations, 2 options are available. To specify an IAM Role for Amazon API Gateway to assume, use the role's ARN. To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::\*:user/\*. | `list(any)` | `[]` | no | -| deploy\_description | The description of the deployment. | `string` | `""` | no | -| deployment\_enabled | Whether to deploy rest api. | `bool` | `false` | no | -| description | The description of the REST API | `string` | `""` | no | -| descriptions | The description of the stage. | `list(any)` | `[]` | no | -| destination\_arns | ARN of the log group to send the logs to. Automatically removes trailing :\* if present. | `list(any)` | `[]` | no | -| documentation\_versions | The version of the associated API documentation. | `list(any)` | `[]` | no | -| enabled | Whether to create rest api. | `bool` | `false` | no | -| enableds | Specifies whether the API key can be used by callers. Defaults to true. | `list(any)` | `[]` | no | -| environment | Environment (e.g. `prod`, `dev`, `staging`). | `string` | `"https://registry.terraform.io/modules/clouddrove/api-gateway/aws"` | no | -| formats | The formatting and values recorded in the logs. | `list(any)` | `[]` | no | -| gateway\_response\_count | Number of count to create Gateway Response for api. | `number` | `0` | no | -| gateway\_response\_parameters | A map specifying the templates used to transform the response body. | `list(any)` | `[]` | no | -| gateway\_response\_templates | A map specifying the parameters (paths, query strings and headers) of the Gateway Response. | `list(any)` | `[]` | no | -| gateway\_status\_codes | The HTTP status code of the Gateway Response. | `list(any)` | `[]` | no | -| http\_methods | The HTTP Method (GET, POST, PUT, DELETE, HEAD, OPTIONS, ANY). | `list(any)` | `[]` | no | -| identity\_sources | The source of the identity in an incoming request. Defaults to method.request.header.Authorization. For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g. "method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName". | `list(any)` | `[]` | no | -| identity\_validation\_expressions | A validation expression for the incoming identity. For TOKEN type, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response. | `list(any)` | `[]` | no | -| integration\_http\_methods | The integration HTTP method (GET, POST, PUT, DELETE, HEAD, OPTIONs, ANY, PATCH) specifying how API Gateway will interact with the back end. Required if type is AWS, AWS\_PROXY, HTTP or HTTP\_PROXY. Not all methods are compatible with all AWS integrations. e.g. Lambda function can only be invoked via POST. | `list(any)` | `[]` | no | -| integration\_request\_parameters | A map of request query string parameters and headers that should be passed to the backend responder. For example: request\_parameters = { "integration.request.header.X-Some-Other-Header" = "method.request.header.X-Some-Header" }. | `list(any)` | `[]` | no | -| integration\_response\_parameters | A map of response parameters that can be read from the backend response. For example: response\_parameters = { "method.response.header.X-Some-Header" = "integration.response.header.X-Some-Other-Header" }. | `list(any)` | `[]` | no | -| integration\_types | The integration input's type. Valid values are HTTP (for HTTP backends), MOCK (not calling any real backend), AWS (for AWS services), AWS\_PROXY (for Lambda proxy integration) and HTTP\_PROXY (for HTTP proxy integration). An HTTP or HTTP\_PROXY integration with a connection\_type of VPC\_LINK is referred to as a private integration and uses a VpcLink to connect API Gateway to a network load balancer of a VPC. | `list(any)` | `[]` | no | -| key\_count | Number of count to create key for api gateway. | `number` | `0` | no | -| key\_descriptions | The API key description. Defaults to "Managed by Terraform". | `list(any)` | `[]` | no | -| key\_names | The name of the API key. | `list(any)` | `[]` | no | +| authorizer\_type | The authorizer type. Valid values: JWT, REQUEST. For WebSocket APIs, specify REQUEST for a Lambda function using incoming request parameters. For HTTP APIs, specify JWT to use JSON Web Tokens. | `string` | `"JWT"` | no | +| authorizers | Map of API gateway authorizers | `map(any)` | `{}` | no | +| body | An OpenAPI specification that defines the set of routes and integrations to create as part of the HTTP APIs. Supported only for HTTP APIs. | `string` | `null` | no | +| connection\_type | Type of the network connection to the integration endpoint. Valid values: INTERNET, VPC\_LINK. Default is INTERNET. | `string` | `"INTERNET"` | no | +| cors\_configuration | The cross-origin resource sharing (CORS) configuration. Applicable for HTTP APIs. | `any` | `{}` | no | +| create\_api\_domain\_name\_enabled | Flag to control the domain creation. | `bool` | `true` | no | +| create\_api\_gateway\_enabled | Flag to control the api creation. | `bool` | `true` | no | +| create\_default\_stage\_enabled | Flag to control the stage creation. | `bool` | `true` | no | +| create\_routes\_and\_integrations\_enabled | Whether to create routes and integrations resources | `bool` | `true` | no | +| create\_vpc\_link\_enabled | Whether to create VPC links | `bool` | `true` | no | +| credentials\_arn | Part of quick create. Specifies any credentials required for the integration. Applicable for HTTP APIs. | `string` | `null` | no | +| default\_route\_settings | Default route settings for the stage. | `map(string)` | `{}` | no | +| default\_stage\_access\_log\_destination\_arn | ARN of the CloudWatch Logs log group to receive access logs. | `string` | `null` | no | +| default\_stage\_access\_log\_format | Single line format of the access logs of data. Refer to log settings for HTTP or Websocket. | `string` | `null` | no | +| domain\_name | The domain name to use for API gateway | `string` | `null` | no | +| domain\_name\_certificate\_arn | The ARN of an AWS-managed certificate that will be used by the endpoint for the domain name | `string` | `""` | no | +| domain\_name\_ownership\_verification\_certificate\_arn | ARN of the AWS-issued certificate used to validate custom domain ownership (when certificate\_arn is issued via an ACM Private CA or mutual\_tls\_authentication is configured with an ACM-imported certificate.) | `string` | `null` | no | +| enabled | Flag to control the api creation. | `bool` | `true` | no | +| environment | Environment (e.g. `prod`, `dev`, `staging`). | `string` | `"test"` | no | +| identity\_sources | The identity sources for which authorization is requested. | `list(string)` | 
[
  "$request.header.Authorization"
]
| no | +| integration\_description | Description of the integration. | `string` | `"Lambda example"` | no | +| integration\_method | Integration's HTTP method. Must be specified if integration\_type is not MOCK. | `string` | `"POST"` | no | +| integration\_type | Integration type of an integration. Valid values: AWS (supported only for WebSocket APIs), AWS\_PROXY, HTTP (supported only for WebSocket APIs), HTTP\_PROXY, MOCK (supported only for WebSocket APIs). | `string` | `"AWS_PROXY"` | no | +| integration\_uri | URI of the Lambda function for a Lambda proxy integration, when integration\_type is AWS\_PROXY. For an HTTP integration, specify a fully-qualified URL. | `string` | `""` | no | +| integrations | Map of API gateway routes with integrations | `map(any)` | `{}` | no | | label\_order | Label order, e.g. `name`,`application`. | `list(any)` | `[]` | no | -| managedby | ManagedBy, eg 'CloudDrove'. | `string` | `"hello@clouddrove.com"` | no | -| method\_enabled | Whether to create stage for rest api. | `bool` | `false` | no | -| minimum\_compression\_size | Minimum response size to compress for the REST API. Integer between -1 and 10485760 (10MB). Setting a value greater than -1 will enable compression, -1 disables compression (default). | `number` | `-1` | no | -| model\_count | Number of count to create Model for api. | `number` | `0` | no | -| model\_descriptions | The description of the model. | `list(any)` | `[]` | no | -| model\_names | The name of the model. | `list(any)` | `[]` | no | -| model\_schemas | The schema of the model in a JSON form. | `list` | `[]` | no | -| name | Name (e.g. `app` or `cluster`). | `string` | `""` | no | -| passthrough\_behaviors | The integration passthrough behavior (WHEN\_NO\_MATCH, WHEN\_NO\_TEMPLATES, NEVER). Required if request\_templates is used. | `list(any)` | `[]` | no | -| path\_parts | The last path segment of this API resource. | `list(any)` | `[]` | no | -| provider\_arns | required for type COGNITO\_USER\_POOLS) A list of the Amazon Cognito user pool ARNs. Each element is of this format: arn:aws:cognito-idp:{region}:{account\_id}:userpool/{user\_pool\_id}. | `list(any)` | `[]` | no | -| repository | Terraform current module repo | `string` | `"https://github.com/clouddrove/terraform-aws-api-gateway"` | no | -| request\_models | A map of the API models used for the request's content type where key is the content type (e.g. application/json) and value is either Error, Empty (built-in models) or aws\_api\_gateway\_model's name. | `list(any)` | `[]` | no | -| request\_parameters | A map of request query string parameters and headers that should be passed to the integration. For example: request\_parameters = {"method.request.header.X-Some-Header" = true "method.request.querystring.some-query-param" = true} would define that the header X-Some-Header and the query string some-query-param must be provided in the request. | `list(any)` | `[]` | no | -| request\_templates | A map of the integration's request templates. | `list(any)` | `[]` | no | -| request\_validator\_ids | The ID of a aws\_api\_gateway\_request\_validator. | `list(any)` | `[]` | no | -| response\_content\_handlings | Specifies how to handle request payload content type conversions. Supported values are CONVERT\_TO\_BINARY and CONVERT\_TO\_TEXT. If this property is not defined, the response payload will be passed through from the integration response to the method response without modification. | `list(any)` | `[]` | no | -| response\_models | A map of the API models used for the response's content type. | `list(any)` | `[]` | no | -| response\_parameters | A map of response parameters that can be sent to the caller. For example: response\_parameters = { "method.response.header.X-Some-Header" = true } would define that the header X-Some-Header can be provided on the response. | `list(any)` | `[]` | no | -| response\_templates | A map specifying the templates used to transform the integration response body. | `list(any)` | `[]` | no | -| response\_types | The response type of the associated GatewayResponse. | `list(any)` | `[]` | no | -| schemas | The schema of the model in a JSON form. | `list(any)` | `[]` | no | -| stage\_description | The description of the stage. | `string` | `""` | no | -| stage\_enabled | Whether to create stage for rest api. | `bool` | `false` | no | -| stage\_name | The name of the stage. If the specified stage already exists, it will be updated to point to the new deployment. If the stage does not exist, a new one will be created and point to this deployment. | `string` | `""` | no | -| stage\_names | The name of the stage. | `list(any)` | `[]` | no | -| stage\_variables | A map that defines the stage variables. | `list(any)` | `[]` | no | -| status\_codes | The HTTP status code. | `list(any)` | `[]` | no | +| managedby | ManagedBy, eg 'CloudDrove' | `string` | `"hello@clouddrove.com"` | no | +| mutual\_tls\_authentication | An Amazon S3 URL that specifies the truststore for mutual TLS authentication as well as version, keyed at uri and version | `map(string)` | `{}` | no | +| name | Name (e.g. `app` or `cluster`). | `string` | `"api"` | no | +| passthrough\_behavior | Pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the request\_templates attribute. | `string` | `"WHEN_NO_MATCH"` | no | +| protocol\_type | The API protocol. Valid values: HTTP, WEBSOCKET | `string` | `"HTTP"` | no | +| repository | Terraform current module repo | `string` | `""` | no | +| route\_key | Part of quick create. Specifies any route key. Applicable for HTTP APIs. | `string` | `null` | no | +| route\_selection\_expression | The route selection expression for the API. | `string` | `"$request.method $request.path"` | no | +| route\_settings | Settings for default route | `map(string)` | `{}` | no | +| security\_group\_ids | A list of security group IDs to associate with. | `list(string)` | `[]` | no | +| subnet\_ids | A list of VPC Subnet IDs to launch in. | `list(string)` | `[]` | no | | tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`). | `map(any)` | `{}` | no | -| target\_arns | The list of network load balancer arns in the VPC targeted by the VPC link. Currently AWS only supports 1 target. | `list(any)` | `[]` | no | -| timeout\_milliseconds | Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds. | `list(any)` | `[]` | no | -| types | Whether to create rest api. | `list(any)` | 
[
  "EDGE"
]
| no | -| uri | The input's URI. Required if type is AWS, AWS\_PROXY, HTTP or HTTP\_PROXY. For HTTP integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification . For AWS integrations, the URI should be of the form arn:aws:apigateway:{region}:{subdomain.service\|service}:{path\|action}/{service\_api}. region, subdomain and service are used to determine the right endpoint. e.g. arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:012345678901:function:my-func/invocations. | `list(any)` | `[]` | no | -| values | The value of the API key. If not specified, it will be automatically generated by AWS on creation. | `list(any)` | `[]` | no | -| variables | A map that defines variables for the stage. | `map(any)` | `{}` | no | -| vpc\_endpoint\_ids | Set of VPC Endpoint identifiers. It is only supported for PRIVATE endpoint type. | `list(string)` | 
[
  ""
]
| no | -| vpc\_link\_count | Number of count to create VPC Link for api. | `number` | `0` | no | -| vpc\_link\_descriptions | The description of the VPC link. | `list(any)` | `[]` | no | -| vpc\_link\_names | The name used to label and identify the VPC link. | `list(any)` | `[]` | no | -| xray\_tracing\_enabled | A mapping of tags to assign to the resource. | `list(any)` | `[]` | no | +| target | Part of quick create. Quick create produces an API with an integration, a default catch-all route, and a default stage which is configured to automatically deploy changes. For HTTP integrations, specify a fully qualified URL. For Lambda integrations, specify a function ARN. The type of the integration will be HTTP\_PROXY or AWS\_PROXY, respectively. Applicable for HTTP APIs. | `string` | `null` | no | +| vpc\_links | Map of VPC Links details to create | `map(any)` | `{}` | no | +| zone\_id | The ID of the hosted zone to contain this record. | `string` | `""` | no | ## Outputs | Name | Description | |------|-------------| -| execution\_arn | The Execution ARN of the REST API. | -| id | The ID of the REST API. | -| invoke\_url | Input's URI. Required if type is AWS, AWS\_PROXY, HTTP or HTTP\_PROXY. For HTTP integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification | -| stage\_name | Name of the stage to create with this deployment. If the specified stage already exists, it will be updated to point to the new deployment. | -| tags | A mapping of tags to assign to the resource. | +| api\_arn | The API identifier. | +| api\_endpoint | The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com. | +| api\_id | The API identifier. | +| invoke\_url | URL to invoke the API pointing to the stage | From e9191ea607d6d0bba54ad64adf3926d57c75af88 Mon Sep 17 00:00:00 2001 From: CloudDrove CI <84795582+clouddrove-ci@users.noreply.github.com> Date: Tue, 18 Jul 2023 17:24:39 +0000 Subject: [PATCH 63/82] docs: update CHANGELOG.md for 1.4.0 --- CHANGELOG.md | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a097fd9..5cbb4fa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,38 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.4.0] - 2023-07-18 +### :sparkles: New Features +- [`fc7b2c3`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/fc7b2c3ecdbe0dd8d92e6078afbc5368ac60930f) - added changelog.yml file use shared workflow *(commit by [@vibhutigoyal](https://github.com/vibhutigoyal))* +- [`1c7b42f`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/1c7b42fd7e5777e35cfdc99de3f1e0c18db2ad9c) - added depemdabot.yml *(commit by [@vibhutigoyal](https://github.com/vibhutigoyal))* +- [`e995898`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/e995898e6f784868160c8f6f7c2589ac1232aa37) - auto changelog action added *(commit by [@vibhutigoyal](https://github.com/vibhutigoyal))* +- [`5f5472e`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/5f5472e8c5b231de8c21a606f016857abd9a70c7) - added rest api policy and make api private *(commit by [@mamrajyadav](https://github.com/mamrajyadav))* +- [`546fe75`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/546fe756d1709e8b4502f74f0f089ab3ea5b012b) - added api policy in example *(commit by [@mamrajyadav](https://github.com/mamrajyadav))* +- [`0a13fbe`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/0a13fbe0d48fc2df28d302a557b7f6b11d2cc4ac) - add deepsource & added assignees,reviewer in dependabot *(commit by [@Tanveer143s](https://github.com/Tanveer143s))* +- [`a085977`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/a085977168f8013f48c09b5235fd3f5a55ad5439) - add deepsource & added assignees,reviewer in dependabot *(commit by [@Tanveer143s](https://github.com/Tanveer143s))* +- [`58729c9`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/58729c96baa75b7c87da843b41dc3931a6245bc7) - crate apigateway-v2 terraform module *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* +- [`5d2ef92`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/5d2ef92e1a19245847519066d42879c62a90fa17) - added output.tf *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* +- [`b3b36f7`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/b3b36f7b78ee35471fe089557e2a59cfa0338563) - added lambda function routes *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* +- [`20cecef`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/20cecef6798dbfa3d634996b8f57a7f1e287b3f0) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* +- [`553312e`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/553312e5240250806b38197bf908239080ec5cd4) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* +- [`541a62a`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/541a62af3f7a030f8f6dff0bba2afff3b6096965) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* +- [`267242e`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/267242e02762f99f171aec272ed26c5cf53e269b) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* +- [`b2c1576`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/b2c1576be72322f3fd3e599d405007d8b3343b25) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* +- [`20a8a1f`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/20a8a1f14ee685b3b9f4233105dd12e0ee94654d) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* +- [`d36d58c`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/d36d58ce68967ff6e65515ecdd433cfe2b326b42) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* +- [`553c2a1`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/553c2a1a7211426c34f06ea22b13e92b16f5477a) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* +- [`0b394ce`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/0b394ce106837038d79663a4e337f0528cc029f9) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* +- [`26397b1`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/26397b1c2370d056795f180f5517c407e9b57202) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* +- [`e453dc5`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/e453dc5b00db9efafdb30b6e20ae843e4fb25794) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* +- [`da05e2c`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/da05e2cea4a25d582c51c5be41a24301f245d430) - code dynamic and add resource, variable description *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* +- [`0f72292`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/0f72292f3a6084bfa317082396ed6ed8e0dd71f2) - update security group version *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* +- [`ac45432`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/ac4543227af68196f2ddaf4623be242dc2fa7879) - update security group version *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* +- [`687bc25`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/687bc25bf8a7dcec5e680a4e3160ba90e1c7d468) - update security group version *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* + +### :bug: Bug Fixes +- [`94b8325`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/94b83252956581f636b0ea3bcef7eb17c36d77aa) - updated outputs.tf *(commit by [@mamrajyadav](https://github.com/mamrajyadav))* + + ## [1.0.1] - 2022-06-15 ### :bug: Bug Fixes - [`6245f4b`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/6245f4b6d8706cb609c04d59895417ad71c73f82) - use terraform letast version @@ -54,3 +86,5 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [0.14.0]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/0.14.0 [0.14.1]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/0.14.1 [1.0.1]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/1.0.1 + +[1.4.0]: https://github.com/clouddrove/terraform-aws-api-gateway/compare/1.0.1...1.4.0 \ No newline at end of file From 38d53b0e1361bc77c09aaca8895cedfdb369651a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Jul 2023 01:26:42 +0000 Subject: [PATCH 64/82] build(deps): bump clouddrove/vpc/aws in /_examples/vpc_link_api Bumps [clouddrove/vpc/aws](https://github.com/clouddrove/terraform-aws-vpc) from 1.3.1 to 2.0.0. - [Release notes](https://github.com/clouddrove/terraform-aws-vpc/releases) - [Changelog](https://github.com/clouddrove/terraform-aws-vpc/blob/master/CHANGELOG.md) - [Commits](https://github.com/clouddrove/terraform-aws-vpc/compare/1.3.1...2.0.0) --- updated-dependencies: - dependency-name: clouddrove/vpc/aws dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- _examples/vpc_link_api/example.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_examples/vpc_link_api/example.tf b/_examples/vpc_link_api/example.tf index c9c3ea2..f9c382c 100644 --- a/_examples/vpc_link_api/example.tf +++ b/_examples/vpc_link_api/example.tf @@ -9,7 +9,7 @@ provider "aws" { ####---------------------------------------------------------------------------------- module "vpc" { source = "clouddrove/vpc/aws" - version = "1.3.1" + version = "2.0.0" name = "vpc" environment = "test" From 3264a489ebdf1664dfcfb101777eb28a5b7c5d50 Mon Sep 17 00:00:00 2001 From: theprashantyadav Date: Mon, 31 Jul 2023 17:21:10 +0530 Subject: [PATCH 65/82] feat: Added new vpc tag --- _examples/vpc_link_api/example.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_examples/vpc_link_api/example.tf b/_examples/vpc_link_api/example.tf index c9c3ea2..f9c382c 100644 --- a/_examples/vpc_link_api/example.tf +++ b/_examples/vpc_link_api/example.tf @@ -9,7 +9,7 @@ provider "aws" { ####---------------------------------------------------------------------------------- module "vpc" { source = "clouddrove/vpc/aws" - version = "1.3.1" + version = "2.0.0" name = "vpc" environment = "test" From 8af7e4a0a06de9e4b237beac6a969c6c71cdc120 Mon Sep 17 00:00:00 2001 From: clouddrove-ci Date: Mon, 31 Jul 2023 13:39:21 +0000 Subject: [PATCH 66/82] update README.md --- README.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/README.md b/README.md index d2dede2..bac7e41 100644 --- a/README.md +++ b/README.md @@ -54,12 +54,6 @@ We have [*fifty plus terraform modules*][terraform_modules]. A few of them are c This module has a few dependencies: -- [Terraform 1.x.x](https://learn.hashicorp.com/terraform/getting-started/install.html) -- [Go](https://golang.org/doc/install) -- [github.com/stretchr/testify/assert](https://github.com/stretchr/testify) -- [github.com/gruntwork-io/terratest/modules/terraform](https://github.com/gruntwork-io/terratest) - - From 7eb945739b2d832e25cb6d4ef06285f99d04ebd1 Mon Sep 17 00:00:00 2001 From: theprashantyadav <79893616+theprashantyadav@users.noreply.github.com> Date: Fri, 13 Oct 2023 22:36:04 +0530 Subject: [PATCH 67/82] Update version.tf and remove unuse variable (#51) * feat: update version.tf and remove unuse variable * feat: update version.tf and remove unuse variable * feat: update version.tf and remove unuse variable * feat: update github-action version and use locals in example * feat: update gitinnore and acm version * feat: update tf version --- .github/workflows/auto_assignee.yml | 2 +- .github/workflows/changelog.yml | 2 +- .github/workflows/tf-checks.yml | 4 +- .github/workflows/tflint.yml | 2 +- .github/workflows/tfsec.yml | 2 +- _examples/complete/example.tf | 34 +++---- _examples/complete/outputs.tf | 8 +- _examples/complete/test-api.zip | Bin 0 -> 330 bytes _examples/complete/versions.tf | 11 +++ _examples/vpc_link_api/example.tf | 146 +++++++++++++++++++++------- _examples/vpc_link_api/outputs.tf | 8 +- _examples/vpc_link_api/versions.tf | 11 +++ main.tf | 19 ++-- outputs.tf | 8 +- variables.tf | 14 +-- versions.tf | 4 +- 16 files changed, 178 insertions(+), 97 deletions(-) create mode 100644 _examples/complete/test-api.zip create mode 100644 _examples/complete/versions.tf create mode 100644 _examples/vpc_link_api/versions.tf diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml index fd2ebf1..267f3b3 100644 --- a/.github/workflows/auto_assignee.yml +++ b/.github/workflows/auto_assignee.yml @@ -7,7 +7,7 @@ on: workflow_dispatch: jobs: assign-pr: - uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@1.0.6 secrets: GITHUB: ${{ secrets.GITHUB }} with: diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 3e88b85..72fc35b 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -7,7 +7,7 @@ on: workflow_dispatch: jobs: call-workflow-changelog: - uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@1.0.6 secrets: inherit with: branch: 'master' \ No newline at end of file diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml index a3aa918..bd37ce4 100644 --- a/.github/workflows/tf-checks.yml +++ b/.github/workflows/tf-checks.yml @@ -6,10 +6,10 @@ on: workflow_dispatch: jobs: tf-checks-complete-example: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6 with: working_directory: './_examples/complete/' tf-checks-basic-example: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6 with: working_directory: './_examples/vpc_link_api/' diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml index 99c6300..f00ce70 100644 --- a/.github/workflows/tflint.yml +++ b/.github/workflows/tflint.yml @@ -6,6 +6,6 @@ on: workflow_dispatch: jobs: tf-lint: - uses: clouddrove/test-tfsec/.github/workflows/tflint.yaml@master + uses: clouddrove/test-tfsec/.github/workflows/tflint.yaml@1.0.6 secrets: GITHUB: ${{ secrets.GITHUB }} \ No newline at end of file diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index c203751..e5e4394 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -5,7 +5,7 @@ on: workflow_dispatch: jobs: tfsec: - uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master + uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@1.0.6 secrets: inherit with: working_directory: '.' diff --git a/_examples/complete/example.tf b/_examples/complete/example.tf index 3a1c876..268b7ad 100644 --- a/_examples/complete/example.tf +++ b/_examples/complete/example.tf @@ -5,17 +5,19 @@ provider "aws" { region = "eu-west-1" } +locals { + name = "api" + environment = "test" +} ####---------------------------------------------------------------------------------- ## This terraform module is designed to generate consistent label names and tags for resources. ####---------------------------------------------------------------------------------- module "acm" { source = "clouddrove/acm/aws" - version = "1.3.0" - - name = "certificate" - environment = "test" - label_order = ["name", "environment"] + version = "1.4.1" + name = local.name + environment = local.environment enable_aws_certificate = true domain_name = "clouddrove.ca" subject_alternative_names = ["*.clouddrove.ca"] @@ -30,15 +32,13 @@ module "lambda" { source = "clouddrove/lambda/aws" version = "1.3.0" - name = "lambda" - environment = "test" - label_order = ["name", "environment"] - - enabled = true - timeout = 60 - filename = "./lambda_packages" - handler = "index.lambda_handler" - runtime = "python3.8" + name = local.name + environment = local.environment + enabled = true + timeout = 60 + filename = "./lambda_packages" + handler = "index.lambda_handler" + runtime = "python3.8" iam_actions = [ "logs:CreateLogStream", "logs:CreateLogGroup", @@ -72,10 +72,8 @@ module "lambda" { module "api_gateway" { source = "./../../" - name = "api" - environment = "test" - label_order = ["environment", "name"] - + name = local.name + environment = local.environment domain_name = "clouddrove.ca" domain_name_certificate_arn = module.acm.arn integration_uri = module.lambda.arn diff --git a/_examples/complete/outputs.tf b/_examples/complete/outputs.tf index 6fb1fbb..eef9623 100644 --- a/_examples/complete/outputs.tf +++ b/_examples/complete/outputs.tf @@ -1,19 +1,19 @@ output "api_id" { - value = join("", module.api_gateway.*.api_id) + value = join("", module.api_gateway[*].api_id) description = "The API identifier." } output "api_arn" { - value = join("", module.api_gateway.*.api_arn) + value = join("", module.api_gateway[*].api_arn) description = "The API arn." } output "api_endpoint" { - value = join("", module.api_gateway.*.api_endpoint) + value = join("", module.api_gateway[*].api_endpoint) description = "The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com." } output "invoke_url" { - value = join("", module.api_gateway.*.invoke_url) + value = join("", module.api_gateway[*].invoke_url) description = "URL to invoke the API pointing to the stage" } \ No newline at end of file diff --git a/_examples/complete/test-api.zip b/_examples/complete/test-api.zip new file mode 100644 index 0000000000000000000000000000000000000000..8589034317795bcd093cef4cc5e4ede7405282fc GIT binary patch literal 330 zcmWIWW@Zs#-~d7f2E{HQ0S6$F%)FG;3cZ5Ln0`m^BL)Jk?|+Iq>+R-#y{m$!VuI_D z?n7D?0-86^W+=b)@mO|L>F@hV5jlp-#qUj@{=G)pf~z2C@-H7BFUy+tW82izSKpeH zZLn^m`y|~tGgqipef#}3=W2%Ru_b4l^p7dl`xkw*Y5C)ITR^IQ+oPF!#gc#9`@44t z?{=JhsqFbKvn5~m-+27KrE{j(*}&OK?q7u&825& iW`zHd Date: Fri, 13 Oct 2023 23:09:57 +0530 Subject: [PATCH 68/82] bug: fix tflint issue (#53) --- .github/workflows/tflint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml index f00ce70..40a35b2 100644 --- a/.github/workflows/tflint.yml +++ b/.github/workflows/tflint.yml @@ -6,6 +6,6 @@ on: workflow_dispatch: jobs: tf-lint: - uses: clouddrove/test-tfsec/.github/workflows/tflint.yaml@1.0.6 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@1.0.6 secrets: GITHUB: ${{ secrets.GITHUB }} \ No newline at end of file From 233d34bb997fe4cc561ec80bc1a383f27a796992 Mon Sep 17 00:00:00 2001 From: Himanshu Ahirwar <83774016+h1manshu98@users.noreply.github.com> Date: Tue, 14 Nov 2023 23:54:16 +0530 Subject: [PATCH 69/82] feat: custome stage name and auto-deploy variable (#54) --- main.tf | 4 ++-- variables.tf | 14 +++++++++++++- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/main.tf b/main.tf index 153d19a..c659ff9 100644 --- a/main.tf +++ b/main.tf @@ -99,8 +99,8 @@ resource "aws_apigatewayv2_stage" "default" { count = var.enabled && var.create_default_stage_enabled ? 1 : 0 api_id = aws_apigatewayv2_api.default[0].id - name = format("%s-stage", module.labels.id) - auto_deploy = false + name = var.stage_name != null ? var.stage_name : format("%s-stage", module.labels.id) + auto_deploy = var.auto_deploy dynamic "access_log_settings" { for_each = var.access_log_settings content { diff --git a/variables.tf b/variables.tf index 01e242a..bda6c8d 100644 --- a/variables.tf +++ b/variables.tf @@ -265,4 +265,16 @@ variable "passthrough_behavior" { type = string default = "WHEN_NO_MATCH" description = "Pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the request_templates attribute. " -} \ No newline at end of file +} + +variable "stage_name" { + type = string + default = null + description = "Stage Name to be used, set to `$default` to use Invoke URL as your default webpage for lambda" +} + +variable "auto_deploy" { + type = bool + default = false + description = "Set this to true to enable stage Auto Deployment" +} From c9417b5e9985d7b9eab1a9ceeef1135b7be350a9 Mon Sep 17 00:00:00 2001 From: CloudDrove CI <84795582+clouddrove-ci@users.noreply.github.com> Date: Wed, 15 Nov 2023 18:18:33 +0000 Subject: [PATCH 70/82] docs: update CHANGELOG.md for 1.4.1 --- CHANGELOG.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5cbb4fa..3084e83 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,18 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.4.1] - 2023-11-15 +### :sparkles: New Features +- [`3264a48`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/3264a489ebdf1664dfcfb101777eb28a5b7c5d50) - Added new vpc tag *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* +- [`233d34b`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/233d34bb997fe4cc561ec80bc1a383f27a796992) - custome stage name and auto-deploy variable *(PR [#54](https://github.com/clouddrove/terraform-aws-api-gateway/pull/54) by [@h1manshu98](https://github.com/h1manshu98))* + +### :construction_worker: Build System +- [`38d53b0`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/38d53b0e1361bc77c09aaca8895cedfdb369651a) - **deps**: bump clouddrove/vpc/aws in /_examples/vpc_link_api *(commit by [@dependabot[bot]](https://github.com/apps/dependabot))* + +### :memo: Documentation Changes +- [`e9191ea`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/e9191ea607d6d0bba54ad64adf3926d57c75af88) - update CHANGELOG.md for 1.4.0 *(commit by [@clouddrove-ci](https://github.com/clouddrove-ci))* + + ## [1.4.0] - 2023-07-18 ### :sparkles: New Features - [`fc7b2c3`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/fc7b2c3ecdbe0dd8d92e6078afbc5368ac60930f) - added changelog.yml file use shared workflow *(commit by [@vibhutigoyal](https://github.com/vibhutigoyal))* @@ -87,4 +99,5 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [0.14.1]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/0.14.1 [1.0.1]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/1.0.1 -[1.4.0]: https://github.com/clouddrove/terraform-aws-api-gateway/compare/1.0.1...1.4.0 \ No newline at end of file +[1.4.0]: https://github.com/clouddrove/terraform-aws-api-gateway/compare/1.0.1...1.4.0 +[1.4.1]: https://github.com/clouddrove/terraform-aws-api-gateway/compare/1.4.0...1.4.1 \ No newline at end of file From 50cf1051642fb29642d227d51256c37ab8fb4fc6 Mon Sep 17 00:00:00 2001 From: Vaibhav Bhagwat Pendhare Date: Wed, 27 Dec 2023 23:44:30 +0530 Subject: [PATCH 71/82] Feat: Add automerge github shared workflow (#58) Co-authored-by: Anmol Nagpal --- .github/workflows/auto_assignee.yml | 6 ++++-- .github/workflows/automerge.yml | 12 ++++++++++++ .github/workflows/changelog.yml | 6 ++++-- .github/workflows/tf-checks.yml | 6 ++++-- .github/workflows/tflint.yml | 6 ++++-- .github/workflows/tfsec.yml | 4 +++- 6 files changed, 31 insertions(+), 9 deletions(-) create mode 100644 .github/workflows/automerge.yml diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml index 267f3b3..7cd5a6a 100644 --- a/.github/workflows/auto_assignee.yml +++ b/.github/workflows/auto_assignee.yml @@ -1,3 +1,4 @@ +--- name: Auto Assign PRs on: @@ -7,8 +8,9 @@ on: workflow_dispatch: jobs: assign-pr: - uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@1.0.6 + uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@1.0.9 secrets: GITHUB: ${{ secrets.GITHUB }} with: - assignees: 'clouddrove-ci' \ No newline at end of file + assignees: 'clouddrove-ci' +... diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml new file mode 100644 index 0000000..418e9e2 --- /dev/null +++ b/.github/workflows/automerge.yml @@ -0,0 +1,12 @@ +--- +name: Auto merge +on: + pull_request: +jobs: + auto-merge: + uses: clouddrove/github-shared-workflows/.github/workflows/auto_merge.yml@1.0.9 + secrets: + GITHUB: ${{ secrets.GITHUB }} + with: + tfcheck: 'tf-checks-complete-example / Check code format' +... diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 72fc35b..0ae2425 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -1,3 +1,4 @@ +--- name: changelog permissions: write-all on: @@ -7,7 +8,8 @@ on: workflow_dispatch: jobs: call-workflow-changelog: - uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@1.0.6 + uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@1.0.9 secrets: inherit with: - branch: 'master' \ No newline at end of file + branch: 'master' +... diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml index bd37ce4..4a5f66a 100644 --- a/.github/workflows/tf-checks.yml +++ b/.github/workflows/tf-checks.yml @@ -1,3 +1,4 @@ +--- name: tf-checks on: push: @@ -6,10 +7,11 @@ on: workflow_dispatch: jobs: tf-checks-complete-example: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.9 with: working_directory: './_examples/complete/' tf-checks-basic-example: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.6 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.9 with: working_directory: './_examples/vpc_link_api/' +... diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml index 40a35b2..4659c47 100644 --- a/.github/workflows/tflint.yml +++ b/.github/workflows/tflint.yml @@ -1,3 +1,4 @@ +--- name: tf-lint on: push: @@ -6,6 +7,7 @@ on: workflow_dispatch: jobs: tf-lint: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@1.0.6 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@1.0.9 secrets: - GITHUB: ${{ secrets.GITHUB }} \ No newline at end of file + GITHUB: ${{ secrets.GITHUB }} +... diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index e5e4394..f57a2b1 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -1,3 +1,4 @@ +--- name: tfsec permissions: write-all on: @@ -5,7 +6,8 @@ on: workflow_dispatch: jobs: tfsec: - uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@1.0.6 + uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@1.0.9 secrets: inherit with: working_directory: '.' +... From 01808acac8afbcf52a156ce5f0125225d419c9ba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Dec 2023 18:16:37 +0000 Subject: [PATCH 72/82] build(deps): bump clouddrove/subnet/aws in /_examples/vpc_link_api Bumps [clouddrove/subnet/aws](https://github.com/clouddrove/terraform-aws-subnet) from 2.0.0 to 2.0.1. - [Release notes](https://github.com/clouddrove/terraform-aws-subnet/releases) - [Changelog](https://github.com/clouddrove/terraform-aws-subnet/blob/master/CHANGELOG.md) - [Commits](https://github.com/clouddrove/terraform-aws-subnet/compare/2.0.0...2.0.1) --- updated-dependencies: - dependency-name: clouddrove/subnet/aws dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- _examples/vpc_link_api/example.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_examples/vpc_link_api/example.tf b/_examples/vpc_link_api/example.tf index 9560257..1cee94e 100644 --- a/_examples/vpc_link_api/example.tf +++ b/_examples/vpc_link_api/example.tf @@ -29,7 +29,7 @@ module "vpc" { #tfsec:ignore:aws-ec2-no-public-ip-subnet module "public_subnets" { source = "clouddrove/subnet/aws" - version = "2.0.0" + version = "2.0.1" name = local.name environment = local.environment From b2a71c724381371d19f028447ee16529c0c906ed Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Dec 2023 18:16:44 +0000 Subject: [PATCH 73/82] build(deps): bump clouddrove/lambda/aws in /_examples/vpc_link_api Bumps [clouddrove/lambda/aws](https://github.com/clouddrove/terraform-aws-lambda) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/clouddrove/terraform-aws-lambda/releases) - [Changelog](https://github.com/clouddrove/terraform-aws-lambda/blob/master/CHANGELOG.md) - [Commits](https://github.com/clouddrove/terraform-aws-lambda/compare/1.3.0...1.3.1) --- updated-dependencies: - dependency-name: clouddrove/lambda/aws dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- _examples/vpc_link_api/example.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_examples/vpc_link_api/example.tf b/_examples/vpc_link_api/example.tf index 9560257..397599f 100644 --- a/_examples/vpc_link_api/example.tf +++ b/_examples/vpc_link_api/example.tf @@ -153,7 +153,7 @@ module "acm" { ####---------------------------------------------------------------------------------- module "lambda" { source = "clouddrove/lambda/aws" - version = "1.3.0" + version = "1.3.1" name = local.name environment = local.environment From 373ad50f02bac6a35effaa844b65c862a5220b49 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Dec 2023 18:16:52 +0000 Subject: [PATCH 74/82] build(deps): bump clouddrove/lambda/aws in /_examples/complete Bumps [clouddrove/lambda/aws](https://github.com/clouddrove/terraform-aws-lambda) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/clouddrove/terraform-aws-lambda/releases) - [Changelog](https://github.com/clouddrove/terraform-aws-lambda/blob/master/CHANGELOG.md) - [Commits](https://github.com/clouddrove/terraform-aws-lambda/compare/1.3.0...1.3.1) --- updated-dependencies: - dependency-name: clouddrove/lambda/aws dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- _examples/complete/example.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_examples/complete/example.tf b/_examples/complete/example.tf index 268b7ad..8d67613 100644 --- a/_examples/complete/example.tf +++ b/_examples/complete/example.tf @@ -30,7 +30,7 @@ module "acm" { ####---------------------------------------------------------------------------------- module "lambda" { source = "clouddrove/lambda/aws" - version = "1.3.0" + version = "1.3.1" name = local.name environment = local.environment From 42e5ae364952dc4a18522b7ee0e2bad88e9e458c Mon Sep 17 00:00:00 2001 From: Aatish sharma <152850912+Aatishsharma77@users.noreply.github.com> Date: Mon, 11 Mar 2024 23:39:51 +0530 Subject: [PATCH 75/82] Feat/rest api (#59) * feat: terrafrom script for rest-api and rest-api private * feat: terrafrom script for rest-api and rest-api private * feat: terrafrom script for rest-api and rest-api private * feat: terrafrom script for rest-api and rest-api private * feat: terrafrom script for rest-api and rest-api private * feat: terrafrom script for rest-api and rest-api private * feat: terrafrom script for rest-api and rest-api private * feat: terrafrom script for rest-api and rest-api private * fix- if you are fixing changes other than terraform code {such as tfsec, tfchecks, readme issues and all * fix: update region in all _examples * fix: update service name in _examples * feat: update payload version in http api gateway * feat: update payload version in http api gateway * feat: add cloudwatch log group and kms in rest api gateway * feat: add cloudwatch log group and kms in rest api gateway * feat: add cloudwatch log group and kms key * remove unused variables and fix create condtion on resources * fix defsec warnings for nacl --------- Co-authored-by: Himanshu Ahirwar --- .../{ => http-api-gateway}/example.tf | 52 +- .../{ => http-api-gateway}/outputs.tf | 10 +- .../version.tf} | 0 _examples/complete/lambda-test.zip | Bin 330 -> 0 bytes _examples/complete/lambda_packages/index.py | 17 +- _examples/complete/lambda_packages/index.zip | Bin 0 -> 335 bytes .../private-rest-api-gateway/example.tf | 225 +++++++++ .../private-rest-api-gateway/outputs.tf | 21 + .../private-rest-api-gateway/versions.tf | 11 + .../complete/rest-api-gateway/example.tf | 115 +++++ .../complete/rest-api-gateway/outputs.tf | 22 + .../complete/rest-api-gateway/versions.tf | 11 + _examples/complete/test-api.zip | Bin 330 -> 0 bytes _examples/vpc_link_api/example.tf | 2 +- main.tf | 456 ++++++++++++++++-- outputs.tf | 32 +- variables.tf | 440 ++++++++++++++++- 17 files changed, 1322 insertions(+), 92 deletions(-) rename _examples/complete/{ => http-api-gateway}/example.tf (67%) rename _examples/complete/{ => http-api-gateway}/outputs.tf (57%) rename _examples/complete/{versions.tf => http-api-gateway/version.tf} (100%) delete mode 100644 _examples/complete/lambda-test.zip create mode 100644 _examples/complete/lambda_packages/index.zip create mode 100644 _examples/complete/private-rest-api-gateway/example.tf create mode 100644 _examples/complete/private-rest-api-gateway/outputs.tf create mode 100644 _examples/complete/private-rest-api-gateway/versions.tf create mode 100644 _examples/complete/rest-api-gateway/example.tf create mode 100644 _examples/complete/rest-api-gateway/outputs.tf create mode 100644 _examples/complete/rest-api-gateway/versions.tf delete mode 100644 _examples/complete/test-api.zip diff --git a/_examples/complete/example.tf b/_examples/complete/http-api-gateway/example.tf similarity index 67% rename from _examples/complete/example.tf rename to _examples/complete/http-api-gateway/example.tf index 8d67613..94026e0 100644 --- a/_examples/complete/example.tf +++ b/_examples/complete/http-api-gateway/example.tf @@ -1,16 +1,23 @@ ####---------------------------------------------------------------------------------- -## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS. +## PROVIDER ####---------------------------------------------------------------------------------- provider "aws" { - region = "eu-west-1" + region = local.region } +####---------------------------------------------------------------------------------- +## LOCALS +####---------------------------------------------------------------------------------- + locals { - name = "api" - environment = "test" + name = "api" + environment = "test" + region = "us-east-1" + domain_name = "clouddrove.ca" + hosted_zone_id = "Z015XXXXXXXXXXXXXXIEP" } ####---------------------------------------------------------------------------------- -## This terraform module is designed to generate consistent label names and tags for resources. +## ACM ####---------------------------------------------------------------------------------- module "acm" { source = "clouddrove/acm/aws" @@ -19,14 +26,14 @@ module "acm" { name = local.name environment = local.environment enable_aws_certificate = true - domain_name = "clouddrove.ca" - subject_alternative_names = ["*.clouddrove.ca"] + domain_name = local.domain_name + subject_alternative_names = ["*.${local.domain_name}"] validation_method = "DNS" enable_dns_validation = false } ####---------------------------------------------------------------------------------- -## This terraform module is designed to generate consistent label names and tags for resources. +## LAMBDA ####---------------------------------------------------------------------------------- module "lambda" { source = "clouddrove/lambda/aws" @@ -34,9 +41,9 @@ module "lambda" { name = local.name environment = local.environment - enabled = true + enable = true timeout = 60 - filename = "./lambda_packages" + filename = "../lambda_packages/index.zip" handler = "index.lambda_handler" runtime = "python3.8" iam_actions = [ @@ -47,38 +54,39 @@ module "lambda" { names = [ "python_layer" ] - layer_filenames = ["./lambda-test.zip"] compatible_runtimes = [ ["python3.8"] ] statement_ids = [ - "AllowExecutionFromCloudWatch" + "AllowExecutionFromApiGateway" ] actions = [ "lambda:InvokeFunction" ] principals = [ - "events.amazonaws.com" + "apigateway.amazonaws.com" ] - source_arns = [module.api_gateway.api_arn] variables = { foo = "bar" } } ####---------------------------------------------------------------------------------- -## This terraform module is designed to generate consistent label names and tags for resources. +## API GATEWAY ####---------------------------------------------------------------------------------- module "api_gateway" { - source = "./../../" + source = "../../../" name = local.name environment = local.environment - domain_name = "clouddrove.ca" + domain_name = "api.${local.domain_name}" domain_name_certificate_arn = module.acm.arn - integration_uri = module.lambda.arn - zone_id = "1234059QJ345674343" + integration_uri = module.lambda.invoke_arn + zone_id = local.hosted_zone_id + auto_deploy = true + stage_name = "$default" create_vpc_link_enabled = false + create_http_api = true cors_configuration = { allow_credentials = true allow_methods = ["GET", "OPTIONS", "POST"] @@ -88,16 +96,16 @@ module "api_gateway" { "ANY /" = { lambda_arn = module.lambda.arn payload_format_version = "2.0" - timeout_milliseconds = 12000 + timeout_milliseconds = 30000 } "GET /some-route-with-authorizer" = { lambda_arn = module.lambda.arn - payload_format_version = "2.0" + payload_format_version = "1.0" authorizer_key = "cognito" } "POST /start-step-function" = { lambda_arn = module.lambda.arn - payload_format_version = "2.0" + payload_format_version = "1.0" authorizer_key = "cognito" } } diff --git a/_examples/complete/outputs.tf b/_examples/complete/http-api-gateway/outputs.tf similarity index 57% rename from _examples/complete/outputs.tf rename to _examples/complete/http-api-gateway/outputs.tf index eef9623..7025048 100644 --- a/_examples/complete/outputs.tf +++ b/_examples/complete/http-api-gateway/outputs.tf @@ -1,19 +1,19 @@ output "api_id" { - value = join("", module.api_gateway[*].api_id) + value = module.api_gateway.api_id description = "The API identifier." } output "api_arn" { - value = join("", module.api_gateway[*].api_arn) + value = module.api_gateway.api_arn description = "The API arn." } output "api_endpoint" { - value = join("", module.api_gateway[*].api_endpoint) + value = module.api_gateway.api_endpoint description = "The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com." } output "invoke_url" { - value = join("", module.api_gateway[*].invoke_url) + value = module.api_gateway.invoke_url description = "URL to invoke the API pointing to the stage" -} \ No newline at end of file +} diff --git a/_examples/complete/versions.tf b/_examples/complete/http-api-gateway/version.tf similarity index 100% rename from _examples/complete/versions.tf rename to _examples/complete/http-api-gateway/version.tf diff --git a/_examples/complete/lambda-test.zip b/_examples/complete/lambda-test.zip deleted file mode 100644 index 8589034317795bcd093cef4cc5e4ede7405282fc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 330 zcmWIWW@Zs#-~d7f2E{HQ0S6$F%)FG;3cZ5Ln0`m^BL)Jk?|+Iq>+R-#y{m$!VuI_D z?n7D?0-86^W+=b)@mO|L>F@hV5jlp-#qUj@{=G)pf~z2C@-H7BFUy+tW82izSKpeH zZLn^m`y|~tGgqipef#}3=W2%Ru_b4l^p7dl`xkw*Y5C)ITR^IQ+oPF!#gc#9`@44t z?{=JhsqFbKvn5~m-+27KrE{j(*}&OK?q7u&825& iW`zHd9fjK34ML1^rkK@?q9KDk+R-#y{m$!VuI_D z?n7D?0-86^W+=b)@mO|L>F@hV5jlp-#qUj@{=G)pf~z2C@-H7BFUy+tW82izSKpeH zZLn^m`y|~tGgqipef#}3=W2%Ru_b4l^p7dl`xkw*Y5C)ITR^IQ+oPF!#gc#9`@44t z?{=JhsqFbKvn5~m-+27KrE{j(*}&OK?q7u&825& iW`zHd Date: Wed, 24 Apr 2024 14:36:00 +0530 Subject: [PATCH 76/82] feat: updated example path and readme parameters (#61) * feat: updated example path and readme parameters * feat- Updated Path for Ignore File --------- Co-authored-by: Vishwajit Nagulkar <119565952+VishwajitNagulkar@users.noreply.github.com> --- .github/dependabot.yml | 4 +- .github/workflows/readme.yml | 59 +++--------------- .github/workflows/tf-checks.yml | 4 +- README.yaml | 21 ++++++- .../complete/http-api-gateway/example.tf | 0 .../complete/http-api-gateway/outputs.tf | 0 .../complete/http-api-gateway/version.tf | 0 .../complete/lambda_packages/index.py | 0 .../complete/lambda_packages/index.zip | Bin .../private-rest-api-gateway/example.tf | 0 .../private-rest-api-gateway/outputs.tf | 0 .../private-rest-api-gateway/versions.tf | 0 .../complete/rest-api-gateway/example.tf | 0 .../complete/rest-api-gateway/outputs.tf | 0 .../complete/rest-api-gateway/versions.tf | 0 .../vpc_link_api/example.tf | 0 .../vpc_link_api/lambda-test.zip | Bin .../vpc_link_api/lambda_packages/index.py | 0 .../vpc_link_api/outputs.tf | 0 .../vpc_link_api/versions.tf | 0 20 files changed, 32 insertions(+), 56 deletions(-) rename {_examples => examples}/complete/http-api-gateway/example.tf (100%) rename {_examples => examples}/complete/http-api-gateway/outputs.tf (100%) rename {_examples => examples}/complete/http-api-gateway/version.tf (100%) rename {_examples => examples}/complete/lambda_packages/index.py (100%) rename {_examples => examples}/complete/lambda_packages/index.zip (100%) rename {_examples => examples}/complete/private-rest-api-gateway/example.tf (100%) rename {_examples => examples}/complete/private-rest-api-gateway/outputs.tf (100%) rename {_examples => examples}/complete/private-rest-api-gateway/versions.tf (100%) rename {_examples => examples}/complete/rest-api-gateway/example.tf (100%) rename {_examples => examples}/complete/rest-api-gateway/outputs.tf (100%) rename {_examples => examples}/complete/rest-api-gateway/versions.tf (100%) rename {_examples => examples}/vpc_link_api/example.tf (100%) rename {_examples => examples}/vpc_link_api/lambda-test.zip (100%) rename {_examples => examples}/vpc_link_api/lambda_packages/index.py (100%) rename {_examples => examples}/vpc_link_api/outputs.tf (100%) rename {_examples => examples}/vpc_link_api/versions.tf (100%) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 362fd26..a3c3334 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -16,7 +16,7 @@ updates: reviewers: - "approvers" - package-ecosystem: "terraform" # See documentation for possible values - directory: "_examples/complete" # Location of package manifests + directory: "examples/complete" # Location of package manifests schedule: interval: "weekly" # Add assignees @@ -26,7 +26,7 @@ updates: reviewers: - "approvers" - package-ecosystem: "terraform" # See documentation for possible values - directory: "_examples/vpc_link_api" # Location of package manifests + directory: "examples/vpc_link_api" # Location of package manifests schedule: interval: "weekly" # Add assignees diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index 4bd38ee..3d0c2f1 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -1,54 +1,15 @@ -name: 'Create README.md file' +name: Readme Workflow on: push: branches: - master - + paths-ignore: + - 'README.md' + - 'docs/**' + workflow_dispatch: jobs: - readme-create: - name: 'readme-create' - runs-on: ubuntu-latest - steps: - - name: 'Checkout' - uses: actions/checkout@master - - - name: 'Set up Python 3.7' - uses: actions/setup-python@v4 - with: - python-version: '3.x' - - - name: 'create readme' - uses: 'clouddrove/github-actions@v9.0.2' - with: - actions_subcommand: 'readme' - github_token: '${{ secrets.GITHUB }}' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - - name: 'pre-commit check errors' - uses: pre-commit/action@v3.0.0 - continue-on-error: true - - - name: 'pre-commit fix erros' - uses: pre-commit/action@v3.0.0 - continue-on-error: true - - - name: 'push readme' - uses: 'clouddrove/github-actions@v9.0.2' - continue-on-error: true - with: - actions_subcommand: 'push' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: 'Slack Notification' - uses: clouddrove/action-slack@v2 - with: - status: ${{ job.status }} - fields: repo,author - author_name: 'CloudDrove' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required - if: always() + README: + uses: clouddrove/github-shared-workflows/.github/workflows/readme.yml@1.2.4 + secrets: + TOKEN : ${{ secrets.GITHUB }} + SLACK_WEBHOOK_TERRAFORM: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml index 4a5f66a..cb1028f 100644 --- a/.github/workflows/tf-checks.yml +++ b/.github/workflows/tf-checks.yml @@ -9,9 +9,9 @@ jobs: tf-checks-complete-example: uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.9 with: - working_directory: './_examples/complete/' + working_directory: './examples/complete/' tf-checks-basic-example: uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.9 with: - working_directory: './_examples/vpc_link_api/' + working_directory: './examples/vpc_link_api/' ... diff --git a/README.yaml b/README.yaml index d589e53..ac0396c 100644 --- a/README.yaml +++ b/README.yaml @@ -24,13 +24,28 @@ badges: - name: "Licence" image: "https://img.shields.io/badge/License-APACHE-blue.svg" url: "LICENSE.md" + - name: "Changelog" + image: "https://img.shields.io/badge/Changelog-blue" + url: "CHANGELOG.md" +prerequesties: + - name: Terraform + url: https://learn.hashicorp.com/terraform/getting-started/install.html + version: ">= 1.6.1" + +providers: + - name: aws + url: https://aws.amazon.com/ + version: ">= 5.20.0" + +module_dependencies: + - name: Labels Module + url: https://github.com/clouddrove/terraform-aws-labels + description: Provides resource tagging. + # description of this project description: |- Terraform module api-gateway-v2 to create new modules using this as baseline -# extra content -include: - - "terraform.md" # How to use this project # How to use this project diff --git a/_examples/complete/http-api-gateway/example.tf b/examples/complete/http-api-gateway/example.tf similarity index 100% rename from _examples/complete/http-api-gateway/example.tf rename to examples/complete/http-api-gateway/example.tf diff --git a/_examples/complete/http-api-gateway/outputs.tf b/examples/complete/http-api-gateway/outputs.tf similarity index 100% rename from _examples/complete/http-api-gateway/outputs.tf rename to examples/complete/http-api-gateway/outputs.tf diff --git a/_examples/complete/http-api-gateway/version.tf b/examples/complete/http-api-gateway/version.tf similarity index 100% rename from _examples/complete/http-api-gateway/version.tf rename to examples/complete/http-api-gateway/version.tf diff --git a/_examples/complete/lambda_packages/index.py b/examples/complete/lambda_packages/index.py similarity index 100% rename from _examples/complete/lambda_packages/index.py rename to examples/complete/lambda_packages/index.py diff --git a/_examples/complete/lambda_packages/index.zip b/examples/complete/lambda_packages/index.zip similarity index 100% rename from _examples/complete/lambda_packages/index.zip rename to examples/complete/lambda_packages/index.zip diff --git a/_examples/complete/private-rest-api-gateway/example.tf b/examples/complete/private-rest-api-gateway/example.tf similarity index 100% rename from _examples/complete/private-rest-api-gateway/example.tf rename to examples/complete/private-rest-api-gateway/example.tf diff --git a/_examples/complete/private-rest-api-gateway/outputs.tf b/examples/complete/private-rest-api-gateway/outputs.tf similarity index 100% rename from _examples/complete/private-rest-api-gateway/outputs.tf rename to examples/complete/private-rest-api-gateway/outputs.tf diff --git a/_examples/complete/private-rest-api-gateway/versions.tf b/examples/complete/private-rest-api-gateway/versions.tf similarity index 100% rename from _examples/complete/private-rest-api-gateway/versions.tf rename to examples/complete/private-rest-api-gateway/versions.tf diff --git a/_examples/complete/rest-api-gateway/example.tf b/examples/complete/rest-api-gateway/example.tf similarity index 100% rename from _examples/complete/rest-api-gateway/example.tf rename to examples/complete/rest-api-gateway/example.tf diff --git a/_examples/complete/rest-api-gateway/outputs.tf b/examples/complete/rest-api-gateway/outputs.tf similarity index 100% rename from _examples/complete/rest-api-gateway/outputs.tf rename to examples/complete/rest-api-gateway/outputs.tf diff --git a/_examples/complete/rest-api-gateway/versions.tf b/examples/complete/rest-api-gateway/versions.tf similarity index 100% rename from _examples/complete/rest-api-gateway/versions.tf rename to examples/complete/rest-api-gateway/versions.tf diff --git a/_examples/vpc_link_api/example.tf b/examples/vpc_link_api/example.tf similarity index 100% rename from _examples/vpc_link_api/example.tf rename to examples/vpc_link_api/example.tf diff --git a/_examples/vpc_link_api/lambda-test.zip b/examples/vpc_link_api/lambda-test.zip similarity index 100% rename from _examples/vpc_link_api/lambda-test.zip rename to examples/vpc_link_api/lambda-test.zip diff --git a/_examples/vpc_link_api/lambda_packages/index.py b/examples/vpc_link_api/lambda_packages/index.py similarity index 100% rename from _examples/vpc_link_api/lambda_packages/index.py rename to examples/vpc_link_api/lambda_packages/index.py diff --git a/_examples/vpc_link_api/outputs.tf b/examples/vpc_link_api/outputs.tf similarity index 100% rename from _examples/vpc_link_api/outputs.tf rename to examples/vpc_link_api/outputs.tf diff --git a/_examples/vpc_link_api/versions.tf b/examples/vpc_link_api/versions.tf similarity index 100% rename from _examples/vpc_link_api/versions.tf rename to examples/vpc_link_api/versions.tf From 21be13ec627b90ff37bd1379f4e83a5391ea86d9 Mon Sep 17 00:00:00 2001 From: clouddrove-ci Date: Wed, 24 Apr 2024 09:15:41 +0000 Subject: [PATCH 77/82] update README.md --- README.md | 295 ++++++++++++++++++++++------------------------------- docs/io.md | 130 +++++++++++++++++++++++ 2 files changed, 252 insertions(+), 173 deletions(-) create mode 100644 docs/io.md diff --git a/README.md b/README.md index bac7e41..07c6e17 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,13 @@ - -

- - +[![Banner](https://github.com/clouddrove/terraform-gcp-vpc/blob/master/docs/CloudDrove.png)][website]

Terraform Module API-GATEWAY-V2

-

- Terraform module api-gateway-v2 to create new modules using this as baseline -

+

+ With our comprehensive DevOps toolkit - streamline operations, automate workflows, enhance collaboration and, most importantly, deploy with confidence. +

+

@@ -22,6 +20,9 @@ Licence + + Changelog +

@@ -30,6 +31,9 @@ + + + @@ -41,19 +45,22 @@
-We eat, drink, sleep and most importantly love **DevOps**. We are working towards strategies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy Bigger problems are always solved by breaking them into smaller manageable problems. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller connected yet manageable pieces within the infrastructure. +We are a group of DevOps engineers & architects, joining hands in this ever evolving digital landscape. With our strong belief in Automation; just like microservices, always on the lookout to split the the infrastructure into smaller connected resources (database, cluster and more) which could be standardized, are manageable, scalable, secure & follow industry best practices. -This module is basically combination of [Terraform open source](https://www.terraform.io/) and includes automatation tests and examples. It also helps to create and improve your infrastructure with minimalistic code instead of maintaining the whole infrastructure code yourself. -We have [*fifty plus terraform modules*][terraform_modules]. A few of them are comepleted and are available for open source usage while a few others are in progress. +This module includes Terraform open source, examples, and automation tests (for better understanding), which would help you create and improve your infrastructure with minimalistic coding. -## Prerequisites +## Prerequisites and Providers -This module has a few dependencies: +This table contains both Prerequisites and Providers: +| Description | Name | Version | +|:-------------:|:-------------------------------------------:|:---------:| +| **Prerequisite** | [Terraform](https://learn.hashicorp.com/terraform/getting-started/install.html) | >= 1.6.1 | +| **Provider** | [aws](https://aws.amazon.com/) | >= 5.20.0 | @@ -61,180 +68,122 @@ This module has a few dependencies: ## Examples +**IMPORTANT:** Since the master branch used in source varies based on new modifications, we recommend using the [release versions](https://github.com/clouddrove/terraform-aws-api-gateway/releases). + +πŸ“Œ For additional usage examples, check the complete list under [`examples/`](./examples) directory. + + + +## Inputs and Outputs + +Refer to complete documentation: [here](docs/io.md) + + + + + +## Module Dependencies + +This module has dependencies on: +- [Labels Module](https://github.com/clouddrove/terraform-aws-labels): Provides resource tagging. + + +## πŸ“‘ Changelog + +Refer [here](CHANGELOG.md). + + + + +## ✨ Contributors + +Big thanks to our contributors for elevating our project with their dedication and expertise! But, we do not wish to stop there, would like to invite contributions from the community in improving these projects and making them more versatile for better reach. Remember, every bit of contribution is immensely valuable, as, together, we are moving in only 1 direction, i.e. forward. + + + + +
+
+ + If you're considering contributing to our project, here are a few quick guidelines that we have been following (Got a suggestion? We are all ears!): + +- **Fork the Repository:** Create a new branch for your feature or bug fix. +- **Coding Standards:** You know the drill. +- **Clear Commit Messages:** Write clear and concise commit messages to facilitate understanding. +- **Thorough Testing:** Test your changes thoroughly before submitting a pull request. +- **Documentation Updates:** Include relevant documentation updates if your changes impact it. + + + + + + + + + -**IMPORTANT:** Since the `master` branch used in `source` varies based on new modifications, we suggest that you use the release versions [here](https://github.com/clouddrove/terraform-aws-api-gateway/releases). - - -Here are examples of how you can use this module in your inventory structure: -### complete Example -```hcl - module "api-gateway" { - source = "clouddrove/api-gateway/aws" - version = "1.4.0" - - domain_name = "example.cam" - domain_name_certificate_arn = module.acm.arn - integration_uri = module.lambda.arn - zone_id = "1234059QJ345674343" - create_vpc_link_enabled = false - cors_configuration = { - allow_credentials = true - allow_methods = ["GET", "OPTIONS", "POST"] - max_age = 5 - } - integrations = { - "ANY /" = { - lambda_arn = module.lambda.arn - payload_format_version = "2.0" - timeout_milliseconds = 12000 - } - "GET /some-route-with-authorizer" = { - lambda_arn = module.lambda.arn - payload_format_version = "2.0" - authorizer_key = "cognito" - } - "POST /start-step-function" = { - lambda_arn = module.lambda.arn - payload_format_version = "2.0" - authorizer_key = "cognito" - } - } - } -``` -### vpc_link_api Example -```hcl - module "api-gateway" { - source = "clouddrove/api-gateway/aws" - version = "1.4.0" - - name = "api" - environment = "test" - label_order = ["environment", "name"] - domain_name = "example.cam" - create_vpc_link_enabled = true - zone_id = "1`23456059QJZ25345678" - integration_uri = module.lambda.arn - domain_name_certificate_arn = module.acm.arn - subnet_ids = tolist(module.public_subnets.public_subnet_id) - security_group_ids = [module.security_group.security_group_ids] - cors_configuration = { - allow_credentials = true - allow_methods = ["GET", "OPTIONS", "POST"] - max_age = 5 - } - integrations = { - "ANY /" = { - lambda_arn = module.lambda.arn - payload_format_version = "2.0" - timeout_milliseconds = 12000 - } - "GET /some-route-with-authorizer" = { - lambda_arn = module.lambda.arn - payload_format_version = "2.0" - authorizer_key = "cognito" - } - "POST /start-step-function" = { - lambda_arn = module.lambda.arn - payload_format_version = "2.0" - authorizer_key = "cognito" - } - } - } -``` - - - - - - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| access\_log\_settings | Settings for logging access in this stage. | `map(string)` | `{}` | no | -| api\_description | the description of the API. | `string` | `"Manages an Amazon API Gateway Version 2 API."` | no | -| api\_key\_selection\_expression | An API key selection expression. Valid values: $context.authorizer.usageIdentifierKey, $request.header.x-api-key. | `string` | `"$request.header.x-api-key"` | no | -| api\_version | A version identifier for the API | `string` | `null` | no | -| apigatewayv2\_api\_mapping\_enabled | Flag to control the mapping creation. | `bool` | `true` | no | -| attributes | Additional attributes (e.g. `1`). | `list(any)` | `[]` | no | -| authorizer\_type | The authorizer type. Valid values: JWT, REQUEST. For WebSocket APIs, specify REQUEST for a Lambda function using incoming request parameters. For HTTP APIs, specify JWT to use JSON Web Tokens. | `string` | `"JWT"` | no | -| authorizers | Map of API gateway authorizers | `map(any)` | `{}` | no | -| body | An OpenAPI specification that defines the set of routes and integrations to create as part of the HTTP APIs. Supported only for HTTP APIs. | `string` | `null` | no | -| connection\_type | Type of the network connection to the integration endpoint. Valid values: INTERNET, VPC\_LINK. Default is INTERNET. | `string` | `"INTERNET"` | no | -| cors\_configuration | The cross-origin resource sharing (CORS) configuration. Applicable for HTTP APIs. | `any` | `{}` | no | -| create\_api\_domain\_name\_enabled | Flag to control the domain creation. | `bool` | `true` | no | -| create\_api\_gateway\_enabled | Flag to control the api creation. | `bool` | `true` | no | -| create\_default\_stage\_enabled | Flag to control the stage creation. | `bool` | `true` | no | -| create\_routes\_and\_integrations\_enabled | Whether to create routes and integrations resources | `bool` | `true` | no | -| create\_vpc\_link\_enabled | Whether to create VPC links | `bool` | `true` | no | -| credentials\_arn | Part of quick create. Specifies any credentials required for the integration. Applicable for HTTP APIs. | `string` | `null` | no | -| default\_route\_settings | Default route settings for the stage. | `map(string)` | `{}` | no | -| default\_stage\_access\_log\_destination\_arn | ARN of the CloudWatch Logs log group to receive access logs. | `string` | `null` | no | -| default\_stage\_access\_log\_format | Single line format of the access logs of data. Refer to log settings for HTTP or Websocket. | `string` | `null` | no | -| domain\_name | The domain name to use for API gateway | `string` | `null` | no | -| domain\_name\_certificate\_arn | The ARN of an AWS-managed certificate that will be used by the endpoint for the domain name | `string` | `""` | no | -| domain\_name\_ownership\_verification\_certificate\_arn | ARN of the AWS-issued certificate used to validate custom domain ownership (when certificate\_arn is issued via an ACM Private CA or mutual\_tls\_authentication is configured with an ACM-imported certificate.) | `string` | `null` | no | -| enabled | Flag to control the api creation. | `bool` | `true` | no | -| environment | Environment (e.g. `prod`, `dev`, `staging`). | `string` | `"test"` | no | -| identity\_sources | The identity sources for which authorization is requested. | `list(string)` | 
[
  "$request.header.Authorization"
]
| no | -| integration\_description | Description of the integration. | `string` | `"Lambda example"` | no | -| integration\_method | Integration's HTTP method. Must be specified if integration\_type is not MOCK. | `string` | `"POST"` | no | -| integration\_type | Integration type of an integration. Valid values: AWS (supported only for WebSocket APIs), AWS\_PROXY, HTTP (supported only for WebSocket APIs), HTTP\_PROXY, MOCK (supported only for WebSocket APIs). | `string` | `"AWS_PROXY"` | no | -| integration\_uri | URI of the Lambda function for a Lambda proxy integration, when integration\_type is AWS\_PROXY. For an HTTP integration, specify a fully-qualified URL. | `string` | `""` | no | -| integrations | Map of API gateway routes with integrations | `map(any)` | `{}` | no | -| label\_order | Label order, e.g. `name`,`application`. | `list(any)` | `[]` | no | -| managedby | ManagedBy, eg 'CloudDrove' | `string` | `"hello@clouddrove.com"` | no | -| mutual\_tls\_authentication | An Amazon S3 URL that specifies the truststore for mutual TLS authentication as well as version, keyed at uri and version | `map(string)` | `{}` | no | -| name | Name (e.g. `app` or `cluster`). | `string` | `"api"` | no | -| passthrough\_behavior | Pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the request\_templates attribute. | `string` | `"WHEN_NO_MATCH"` | no | -| protocol\_type | The API protocol. Valid values: HTTP, WEBSOCKET | `string` | `"HTTP"` | no | -| repository | Terraform current module repo | `string` | `""` | no | -| route\_key | Part of quick create. Specifies any route key. Applicable for HTTP APIs. | `string` | `null` | no | -| route\_selection\_expression | The route selection expression for the API. | `string` | `"$request.method $request.path"` | no | -| route\_settings | Settings for default route | `map(string)` | `{}` | no | -| security\_group\_ids | A list of security group IDs to associate with. | `list(string)` | `[]` | no | -| subnet\_ids | A list of VPC Subnet IDs to launch in. | `list(string)` | `[]` | no | -| tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`). | `map(any)` | `{}` | no | -| target | Part of quick create. Quick create produces an API with an integration, a default catch-all route, and a default stage which is configured to automatically deploy changes. For HTTP integrations, specify a fully qualified URL. For Lambda integrations, specify a function ARN. The type of the integration will be HTTP\_PROXY or AWS\_PROXY, respectively. Applicable for HTTP APIs. | `string` | `null` | no | -| vpc\_links | Map of VPC Links details to create | `map(any)` | `{}` | no | -| zone\_id | The ID of the hosted zone to contain this record. | `string` | `""` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| api\_arn | The API identifier. | -| api\_endpoint | The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com. | -| api\_id | The API identifier. | -| invoke\_url | URL to invoke the API pointing to the stage | - - - - -## Testing -In this module testing is performed with [terratest](https://github.com/gruntwork-io/terratest) and it creates a small piece of infrastructure, matches the output like ARN, ID and Tags name etc and destroy infrastructure in your AWS account. This testing is written in GO, so you need a [GO environment](https://golang.org/doc/install) in your system. - -You need to run the following command in the testing folder: -```hcl - go test -run Test -``` ## Feedback -If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/terraform-aws-api-gateway/issues), or feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com). +Spot a bug or have thoughts to share with us? Let's squash it together! Log it in our [issue tracker](https://github.com/clouddrove/terraform-aws-api-gateway/issues), feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com). + +Show some love with a β˜… on [our GitHub](https://github.com/clouddrove/terraform-aws-api-gateway)! if our work has brightened your day! – your feedback fuels our journey! + + +## :rocket: Our Accomplishment + +We have [*100+ Terraform modules*][terraform_modules] πŸ™Œ. You could consider them finished, but, with enthusiasts like yourself, we are able to ever improve them, so we call our status - improvement in progress. + +- [Terraform Module Registry:](https://registry.terraform.io/namespaces/clouddrove) Discover our Terraform modules here. + +- [Terraform Modules for AWS/Azure Modules:](https://github.com/clouddrove/toc) Explore our comprehensive Table of Contents for easy navigation through our documentation for modules pertaining to AWS, Azure & GCP. + +- [Terraform Modules for Digital Ocean:](https://github.com/terraform-do-modules/toc) Check out our specialized Terraform modules for Digital Ocean. + + + + +## Join Our Slack Community + +Join our vibrant open-source slack community and embark on an ever-evolving journey with CloudDrove; helping you in moving upwards in your career path. +Join our vibrant Open Source Slack Community and embark on a learning journey with CloudDrove. Grow with us in the world of DevOps and set your career on a path of consistency. + +πŸŒπŸ’¬What you'll get after joining this Slack community: + +- πŸš€ Encouragement to upgrade your best version. +- 🌈 Learning companionship with our DevOps squad. +- 🌱 Relentless growth with daily updates on new advancements in technologies. + +Join our tech elites [Join Now][slack] πŸš€ + + +## Explore Our Blogs -If you have found it worth your time, go ahead and give us a β˜… on [our GitHub](https://github.com/clouddrove/terraform-aws-api-gateway)! + Click [here][blog] :books: :star2: -## About us +## Tap into our capabilities +We provide a platform for organizations to engage with experienced top-tier DevOps & Cloud services. Tap into our pool of certified engineers and architects to elevate your DevOps and Cloud Solutions. -At [CloudDrove][website], we offer expert guidance, implementation support and services to help organisations accelerate their journey to the cloud. Our services include docker and container orchestration, cloud migration and adoption, infrastructure automation, application modernisation and remediation, and performance engineering. +At [CloudDrove][website], has extensive experience in designing, building & migrating environments, securing, consulting, monitoring, optimizing, automating, and maintaining complex and large modern systems. With remarkable client footprints in American & European corridors, our certified architects & engineers are ready to serve you as per your requirements & schedule. Write to us at [business@clouddrove.com](mailto:business@clouddrove.com).

We are The Cloud Experts!

-

We ❀️ Open Source and you can check out our other modules to get help with your new Cloud ideas.

+

We ❀️ Open Source and you can check out our other modules to get help with your new Cloud ideas.

[website]: https://clouddrove.com + [blog]: https://blog.clouddrove.com + [slack]: https://www.launchpass.com/devops-talks [github]: https://github.com/clouddrove [linkedin]: https://cpco.io/linkedin [twitter]: https://twitter.com/clouddrove/ diff --git a/docs/io.md b/docs/io.md new file mode 100644 index 0000000..2d743d9 --- /dev/null +++ b/docs/io.md @@ -0,0 +1,130 @@ +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| access\_log\_settings | Settings for logging access in this stage. | `map(string)` | `{}` | no | +| api\_deployment\_description | flag to manage description of api deployment | `string` | `"test"` | no | +| api\_description | the description of the API. | `string` | `"Manages an Amazon API Gateway Version 2 API."` | no | +| api\_key\_selection\_expression | An API key selection expression. Valid values: $context.authorizer.usageIdentifierKey, $request.header.x-api-key. | `string` | `"$request.header.x-api-key"` | no | +| api\_resources | flag to control of resources path | `map(map(string))` | `{}` | no | +| api\_version | A version identifier for the API | `string` | `null` | no | +| apigatewayv2\_api\_mapping\_enabled | Flag to control the mapping creation. | `bool` | `true` | no | +| authorization | Required The type of authorization used for the method (NONE, CUSTOM, AWS\_IAM, COGNITO\_USER\_POOLS) | `string` | `"NONE"` | no | +| authorizer\_iam\_role | Custome IAMRole for Authorizer Credentials. | `string` | `""` | no | +| authorizer\_result\_ttl\_in\_seconds | TTL of cached authorizer results in seconds. Defaults to 300. | `number` | `300` | no | +| authorizer\_type | The authorizer type. Valid values: JWT, REQUEST. For WebSocket APIs, specify REQUEST for a Lambda function using incoming request parameters. For HTTP APIs, specify JWT to use JSON Web Tokens. | `string` | `"JWT"` | no | +| authorizers | Map of API gateway authorizers | `map(any)` | `{}` | no | +| auto\_deploy | Set this to true to enable stage Auto Deployment | `bool` | `false` | no | +| body | An OpenAPI specification that defines the set of routes and integrations to create as part of the HTTP APIs. Supported only for HTTP APIs. | `string` | `null` | no | +| cache\_cluster\_enabled | Whether a cache cluster is enabled for the stage | `bool` | `false` | no | +| cache\_cluster\_size | Size of the cache cluster for the stage, if enabled. Allowed values include 0.5, 1.6, 6.1, 13.5, 28.4, 58.2, 118 and 237. | `string` | `"0.5"` | no | +| cache\_key\_parameters | List of cache key parameters for the integration. | `list(any)` | `[]` | no | +| cache\_namespace | Integration's cache namespace. | `string` | `""` | no | +| canary\_settings | (optional) describe your variable | `map(any)` | `{}` | no | +| client\_certificate\_id | Identifier of a client certificate for the stage. | `string` | `""` | no | +| connection\_id | ID of the VpcLink used for the integration. Required if connection\_type is VPC\_LINK | `string` | `""` | no | +| connection\_rest\_api\_type | Valid values are INTERNET (default for connections through the public routable internet), and VPC\_LINK (for private connections between API Gateway and a network load balancer in a VPC). | `string` | `"INTERNET"` | no | +| connection\_type | Type of the network connection to the integration endpoint. Valid values: INTERNET, VPC\_LINK. Default is INTERNET. | `string` | `"INTERNET"` | no | +| content\_handling | Supported values are CONVERT\_TO\_BINARY and CONVERT\_TO\_TEXT. If this property is not defined, the request payload will be passed through from the method request to integration request without modification, provided that the passthroughBehaviors is configured to support payload pass-through. | `string` | `"CONVERT_TO_TEXT"` | no | +| cors\_configuration | The cross-origin resource sharing (CORS) configuration. Applicable for HTTP APIs. | `any` | `{}` | no | +| create\_api\_domain\_name\_enabled | Flag to control the domain creation. | `bool` | `true` | no | +| create\_default\_stage\_enabled | Flag to control the stage creation. | `bool` | `true` | no | +| create\_http\_api | Flag to control creation of HTTP api. | `bool` | `false` | no | +| create\_kms\_key | Set this to `false` to provide existing kms key arn in `kms_key_arn` variable. | `bool` | `true` | no | +| create\_rest\_api | Flag to control the rest api creation. | `bool` | `false` | no | +| create\_rest\_api\_deployment | Flag to control the mapping creation. | `bool` | `true` | no | +| create\_rest\_api\_gateway\_authorizer | Flag to control the rest api gateway authorizer creation. | `bool` | `true` | no | +| create\_rest\_api\_gateway\_integration | Flag to control the rest api gateway integration creation. | `bool` | `true` | no | +| create\_rest\_api\_gateway\_integration\_response | Flag to control the rest api gateway integration response creation. | `bool` | `true` | no | +| create\_rest\_api\_gateway\_method | Flag to control the rest api gateway method creation. | `bool` | `true` | no | +| create\_rest\_api\_gateway\_method\_response | Flag to control the rest api gateway stage creation. | `bool` | `true` | no | +| create\_rest\_api\_gateway\_resource | flag to control the rest api gateway resources creation | `bool` | `true` | no | +| create\_rest\_api\_gateway\_stage | Flag to control the rest api gateway stage creation. | `bool` | `true` | no | +| create\_routes\_and\_integrations\_enabled | Whether to create routes and integrations resources | `bool` | `true` | no | +| create\_vpc\_endpoint | VPC endpoint is required to access api gateway url from outside the vpc. Set this to `false` to prevent vpc endpoint creation. | `bool` | `true` | no | +| create\_vpc\_link\_enabled | Whether to create VPC links | `bool` | `true` | no | +| credentials | To specify an IAM Role for Amazon API Gateway to assume, use the role's ARN. To require that the caller's identity be passed through from the request, specify the string | `string` | `""` | no | +| credentials\_arn | Part of quick create. Specifies any credentials required for the integration. Applicable for HTTP APIs. | `string` | `null` | no | +| default\_route\_settings | Default route settings for the stage. | `map(string)` | `{}` | no | +| default\_stage\_access\_log\_destination\_arn | ARN of the CloudWatch Logs log group to receive access logs. | `string` | `null` | no | +| default\_stage\_access\_log\_format | Single line format of the access logs of data. Refer to log settings for HTTP or Websocket. | `string` | `null` | no | +| description\_gateway\_stage | (optional) describe your variable | `string` | `"demo-test"` | no | +| documentation\_version | Version of the associated API documentation | `string` | `""` | no | +| domain\_name | The domain name to use for API gateway | `string` | `null` | no | +| domain\_name\_certificate\_arn | The ARN of an AWS-managed certificate that will be used by the endpoint for the domain name | `string` | `""` | no | +| domain\_name\_ownership\_verification\_certificate\_arn | ARN of the AWS-issued certificate used to validate custom domain ownership (when certificate\_arn is issued via an ACM Private CA or mutual\_tls\_authentication is configured with an ACM-imported certificate.) | `string` | `null` | no | +| enable\_access\_logs | flag to manage of cloudwatch log group creation | `bool` | `true` | no | +| enable\_key\_rotation | Specifies whether key rotation is enabled. Defaults to false. | `bool` | `null` | no | +| enabled | Set this to `false` to prevent resource creation by this terraform module. | `bool` | `true` | no | +| environment | Environment (e.g. `prod`, `dev`, `staging`). | `string` | `"test"` | no | +| gateway\_authorizer | flag to control the gateway authorizer name. | `string` | `"demo"` | no | +| gateway\_integration\_type | flag tp control the gatway integration type. | `string` | `"AWS_PROXY"` | no | +| http\_method | HTTP method (GET, POST, PUT, DELETE, HEAD, OPTION, ANY) when calling the associated resource. | `string` | `"ANY"` | no | +| identity\_source | Source of the identity in an incoming request. Defaults to method.request.header.Authorization. For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variable | `string` | `"method.request.header.Authorization"` | no | +| identity\_sources | The identity sources for which authorization is requested. | `list(string)` | 
[
  "$request.header.Authorization"
]
| no | +| integration\_description | Description of the integration. | `string` | `"Lambda example"` | no | +| integration\_http\_method | flag to control the gateway intergration http method. | `string` | `"POST"` | no | +| integration\_method | Integration's HTTP method. Must be specified if integration\_type is not MOCK. | `string` | `"POST"` | no | +| integration\_response\_parameters | Map of response parameters that can be read from the backend response. For example: response\_parameters = { method.response.header.X-Some-Header = integration.response.header.X-Some-Other-Header }. | `map(string)` | `{}` | no | +| integration\_type | Integration type of an integration. Valid values: AWS (supported only for WebSocket APIs), AWS\_PROXY, HTTP (supported only for WebSocket APIs), HTTP\_PROXY, MOCK (supported only for WebSocket APIs). | `string` | `"AWS_PROXY"` | no | +| integration\_uri | URI of the Lambda function for a Lambda proxy integration, when integration\_type is AWS\_PROXY. For an HTTP integration, specify a fully-qualified URL. | `string` | `""` | no | +| integrations | Map of API gateway routes with integrations | `map(any)` | `{}` | no | +| kms\_key\_arn | Pass existing KMS key arn. Only applicable when `create_kms_key` is set to false. | `string` | `""` | no | +| label\_order | Label order, e.g. `name`,`application`. | `list(any)` | 
[
  "name",
  "environment"
]
| no | +| log\_format | Formatting and values recorded in the logs. For more information on configuring the log format rules visit the AWS documentation | `string` | `" {\n\t\"requestTime\": \"$context.requestTime\",\n\t\"requestId\": \"$context.requestId\",\n\t\"httpMethod\": \"$context.httpMethod\",\n\t\"path\": \"$context.path\",\n\t\"resourcePath\": \"$context.resourcePath\",\n\t\"status\": $context.status,\n\t\"responseLatency\": $context.responseLatency,\n \"xrayTraceId\": \"$context.xrayTraceId\",\n \"integrationRequestId\": \"$context.integration.requestId\",\n\t\"functionResponseStatus\": \"$context.integration.status\",\n \"integrationLatency\": \"$context.integration.latency\",\n\t\"integrationServiceStatus\": \"$context.integration.integrationStatus\",\n \"authorizeResultStatus\": \"$context.authorize.status\",\n\t\"authorizerServiceStatus\": \"$context.authorizer.status\",\n\t\"authorizerLatency\": \"$context.authorizer.latency\",\n\t\"authorizerRequestId\": \"$context.authorizer.requestId\",\n \"ip\": \"$context.identity.sourceIp\",\n\t\"userAgent\": \"$context.identity.userAgent\",\n\t\"principalId\": \"$context.authorizer.principalId\",\n\t\"cognitoUser\": \"$context.identity.cognitoIdentityId\",\n \"user\": \"$context.identity.user\"\n}\n"` | no | +| log\_group\_class | Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT\_ACCESS. | `string` | `"STANDARD"` | no | +| managedby | ManagedBy, eg 'CloudDrove' | `string` | `"hello@clouddrove.com"` | no | +| multi\_region | ndicates whether the KMS key is a multi-Region (true) or regional (false) key. Defaults to false. | `bool` | `false` | no | +| mutual\_tls\_authentication | An Amazon S3 URL that specifies the truststore for mutual TLS authentication as well as version, keyed at uri and version | `map(string)` | `{}` | no | +| name | Name (e.g. `app` or `api`). | `string` | `""` | no | +| passthrough\_behavior | Pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the request\_templates attribute. | `string` | `"WHEN_NO_MATCH"` | no | +| private\_dns\_enabled | AWS services and AWS Marketplace partner services only) Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Most users will want this enabled to allow services within the VPC to automatically use the endpoint. Defaults to false. | `bool` | `false` | no | +| protocol\_type | The API protocol. Valid values: HTTP, WEBSOCKET | `string` | `"HTTP"` | no | +| provider\_arns | required for type COGNITO\_USER\_POOLS) List of the Amazon Cognito user pool ARNs. Each element is of this format: arn:aws:cognito-idp:{region}:{account\_id}:userpool/{user\_pool\_id}. | `set(string)` | `[]` | no | +| repository | Terraform current module repo | `string` | `""` | no | +| request\_parameters | Map of request query string parameters and headers that should be passed to the backend responder | `map(string)` | `null` | no | +| request\_templates | Map of the integration's request templates. | `map(string)` | `null` | no | +| response\_models | A map of the API models used for the response's content type | `map(string)` | 
{
  "application/json": "Empty"
}
| no | +| response\_parameters | Map of response parameters that can be sent to the caller. For example: response\_parameters { method.response.header.X-Some-Header = true } would define that the header X-Some-Header can be provided on the response | `map(bool)` | `{}` | no | +| rest\_api\_assume\_role\_policy | Custome Trust Relationship Policy for Authorizer IAMRole. | `string` | `""` | no | +| rest\_api\_base\_path | Path segment that must be prepended to the path when accessing the API via this mapping. If omitted, the API is exposed at the root of the given domain. | `string` | `""` | no | +| rest\_api\_description | The description of the REST API | `string` | `"test"` | no | +| rest\_api\_endpoint\_type | (Required) List of endpoint types. This resource currently only supports managing a single value. Valid values: EDGE, REGIONAL or PRIVATE. If unspecified, defaults to EDGE. | `string` | `null` | no | +| rest\_api\_resource\_policy | (Optional) custom resource policy for private rest api. | `string` | `""` | no | +| rest\_api\_stage\_name | The name of the stage | `string` | `""` | no | +| rest\_variables | Map to set on the stage managed by the stage\_name argument. | `map(string)` | `{}` | no | +| retention\_in\_days | Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. | `number` | `null` | no | +| route\_key | Part of quick create. Specifies any route key. Applicable for HTTP APIs. | `string` | `null` | no | +| route\_selection\_expression | The route selection expression for the API. | `string` | `"$request.method $request.path"` | no | +| route\_settings | Settings for default route | `map(string)` | `{}` | no | +| security\_group\_ids | A list of security group IDs to associate with. | `list(string)` | `[]` | no | +| service\_name | The service name. For AWS services the service name is usually in the form com.amazonaws.. (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker..notebook). | `string` | `""` | no | +| skip\_destroy | Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the Terraform state. | `bool` | `null` | no | +| stage\_description | Description to set on the stage managed by the stage\_name argument. | `string` | `"test"` | no | +| stage\_name | Stage Name to be used, set to `$default` to use Invoke URL as your default webpage for lambda | `string` | `null` | no | +| stage\_variables | Map that defines the stage variables | `map(string)` | `{}` | no | +| status\_code | flag to control the status code | `string` | `"200"` | no | +| subnet\_ids | A list of VPC Subnet IDs to launch in. | `list(string)` | `[]` | no | +| target | Part of quick create. Quick create produces an API with an integration, a default catch-all route, and a default stage which is configured to automatically deploy changes. For HTTP integrations, specify a fully qualified URL. For Lambda integrations, specify a function ARN. The type of the integration will be HTTP\_PROXY or AWS\_PROXY, respectively. Applicable for HTTP APIs. | `string` | `null` | no | +| timeout\_milliseconds | Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds. | `number` | `null` | no | +| type | Type of the authorizer. Possible values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, or COGNITO\_USER\_POOLS for using an Amazon Cognito user pool. Defaults to TOKEN. | `string` | `"TOKEN"` | no | +| vpc\_endpoint\_id | ID of the vpc endpoint. Only applicable when | `string` | `""` | no | +| vpc\_endpoint\_type | The VPC endpoint type, Gateway, GatewayLoadBalancer, or Interface. Defaults to Gateway. | `string` | `"Gateway"` | no | +| vpc\_id | The ID of the VPC in which the endpoint will be used. | `string` | `""` | no | +| vpc\_links | Map of VPC Links details to create | `map(any)` | `{}` | no | +| xray\_tracing\_enabled | A flag to indicate whether to enable X-Ray tracing. | `bool` | `true` | no | +| zone\_id | The ID of the hosted zone to contain this record. | `string` | `""` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| api\_arn | The HTTP API ARN. | +| api\_endpoint | The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com. | +| api\_id | The HTTP Api ID. | +| invoke\_url | URL to invoke the API pointing to the stage | +| rest\_api\_arn | The Rest Api Arn. | +| rest\_api\_execution\_arn | Execution arn of rest api gateway. | +| rest\_api\_id | The ID of the REST API | +| rest\_api\_invoke\_url | The URL to invoke the API pointing to the stage | + From 47812297ac350d8d17f77574adcfe49eadb193b7 Mon Sep 17 00:00:00 2001 From: rakeshclouddevops Date: Fri, 9 Aug 2024 17:20:29 +0530 Subject: [PATCH 78/82] feat: updated branch name in uses of workflow (#62) --- .github/workflows/auto_assignee.yml | 2 +- .github/workflows/automerge.yml | 2 +- .github/workflows/changelog.yml | 2 +- .github/workflows/readme.yml | 2 +- .github/workflows/tf-checks.yml | 4 ++-- .github/workflows/tflint.yml | 2 +- .github/workflows/tfsec.yml | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/auto_assignee.yml b/.github/workflows/auto_assignee.yml index 7cd5a6a..2c50a82 100644 --- a/.github/workflows/auto_assignee.yml +++ b/.github/workflows/auto_assignee.yml @@ -8,7 +8,7 @@ on: workflow_dispatch: jobs: assign-pr: - uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@1.0.9 + uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master secrets: GITHUB: ${{ secrets.GITHUB }} with: diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml index 418e9e2..1761e98 100644 --- a/.github/workflows/automerge.yml +++ b/.github/workflows/automerge.yml @@ -4,7 +4,7 @@ on: pull_request: jobs: auto-merge: - uses: clouddrove/github-shared-workflows/.github/workflows/auto_merge.yml@1.0.9 + uses: clouddrove/github-shared-workflows/.github/workflows/auto_merge.yml@master secrets: GITHUB: ${{ secrets.GITHUB }} with: diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 0ae2425..0b873d3 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -8,7 +8,7 @@ on: workflow_dispatch: jobs: call-workflow-changelog: - uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@1.0.9 + uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master secrets: inherit with: branch: 'master' diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml index 3d0c2f1..c4a5793 100644 --- a/.github/workflows/readme.yml +++ b/.github/workflows/readme.yml @@ -9,7 +9,7 @@ on: workflow_dispatch: jobs: README: - uses: clouddrove/github-shared-workflows/.github/workflows/readme.yml@1.2.4 + uses: clouddrove/github-shared-workflows/.github/workflows/readme.yml@master secrets: TOKEN : ${{ secrets.GITHUB }} SLACK_WEBHOOK_TERRAFORM: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml index cb1028f..561d5c6 100644 --- a/.github/workflows/tf-checks.yml +++ b/.github/workflows/tf-checks.yml @@ -7,11 +7,11 @@ on: workflow_dispatch: jobs: tf-checks-complete-example: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.9 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master with: working_directory: './examples/complete/' tf-checks-basic-example: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@1.0.9 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master with: working_directory: './examples/vpc_link_api/' ... diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml index 4659c47..3a48f31 100644 --- a/.github/workflows/tflint.yml +++ b/.github/workflows/tflint.yml @@ -7,7 +7,7 @@ on: workflow_dispatch: jobs: tf-lint: - uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@1.0.9 + uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@master secrets: GITHUB: ${{ secrets.GITHUB }} ... diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml index f57a2b1..5054227 100644 --- a/.github/workflows/tfsec.yml +++ b/.github/workflows/tfsec.yml @@ -6,7 +6,7 @@ on: workflow_dispatch: jobs: tfsec: - uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@1.0.9 + uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master secrets: inherit with: working_directory: '.' From 29572850b9a98dfee58fa390a982604efef8ee86 Mon Sep 17 00:00:00 2001 From: clouddrove-ci Date: Fri, 9 Aug 2024 12:00:04 +0000 Subject: [PATCH 79/82] update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 07c6e17..8a36d2c 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -[![Banner](https://github.com/clouddrove/terraform-gcp-vpc/blob/master/docs/CloudDrove.png)][website] +[![Banner](https://github.com/clouddrove/terraform-module-template/assets/119565952/67a8a1af-2eb7-40b7-ae07-c94cde9ce062)][website]

Terraform Module API-GATEWAY-V2

From 2d0cee303784cc3168a3365bd5ca8ff9b37343de Mon Sep 17 00:00:00 2001 From: Aatish sharma <152850912+Aatishsharma77@users.noreply.github.com> Date: Fri, 14 Mar 2025 17:47:31 +0530 Subject: [PATCH 80/82] Fix: Error in count condition of HTTP-Api-Gateway (#60) * fix: resolved a kms key error in http-api * fix: remove unnecessary comment * fix: resolve a tflint interpolation issue * fix: fixed variable default value * fix: updated a directory structure * fix: update a .github/workflow/tf-check.yml file * fix: Change the name of the example file. * fix: upadate a tf-check file --------- Co-authored-by: CloudDrove CI <84795582+clouddrove-ci@users.noreply.github.com> --- .github/workflows/tf-checks.yml | 2 +- examples/http-api-gateway/example.tf | 112 +++++++++ examples/http-api-gateway/outputs.tf | 19 ++ examples/http-api-gateway/version.tf | 11 + examples/lambda_packages/index.py | 7 + examples/lambda_packages/index.zip | Bin 0 -> 335 bytes examples/private-rest-api-gateway/example.tf | 225 ++++++++++++++++++ examples/private-rest-api-gateway/outputs.tf | 21 ++ examples/private-rest-api-gateway/versions.tf | 11 + examples/rest-api-gateway/example.tf | 115 +++++++++ examples/rest-api-gateway/outputs.tf | 22 ++ examples/rest-api-gateway/versions.tf | 11 + main.tf | 5 +- variables.tf | 4 +- 14 files changed, 560 insertions(+), 5 deletions(-) create mode 100644 examples/http-api-gateway/example.tf create mode 100644 examples/http-api-gateway/outputs.tf create mode 100644 examples/http-api-gateway/version.tf create mode 100644 examples/lambda_packages/index.py create mode 100644 examples/lambda_packages/index.zip create mode 100644 examples/private-rest-api-gateway/example.tf create mode 100644 examples/private-rest-api-gateway/outputs.tf create mode 100644 examples/private-rest-api-gateway/versions.tf create mode 100644 examples/rest-api-gateway/example.tf create mode 100644 examples/rest-api-gateway/outputs.tf create mode 100644 examples/rest-api-gateway/versions.tf diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml index 561d5c6..b8e595f 100644 --- a/.github/workflows/tf-checks.yml +++ b/.github/workflows/tf-checks.yml @@ -9,7 +9,7 @@ jobs: tf-checks-complete-example: uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master with: - working_directory: './examples/complete/' + working_directory: './examples/' tf-checks-basic-example: uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master with: diff --git a/examples/http-api-gateway/example.tf b/examples/http-api-gateway/example.tf new file mode 100644 index 0000000..6a7f3d8 --- /dev/null +++ b/examples/http-api-gateway/example.tf @@ -0,0 +1,112 @@ +####---------------------------------------------------------------------------------- +## PROVIDER +####---------------------------------------------------------------------------------- +provider "aws" { + region = local.region +} + +####---------------------------------------------------------------------------------- +## LOCALS +####---------------------------------------------------------------------------------- + +locals { + name = "api" + environment = "test" + region = "us-east-1" + domain_name = "clouddrove.ca" + hosted_zone_id = "Z0xxxxxxxxxxxxxxEP" +} +####---------------------------------------------------------------------------------- +## ACM +####---------------------------------------------------------------------------------- +module "acm" { + source = "clouddrove/acm/aws" + version = "1.4.1" + + name = local.name + environment = local.environment + enable_aws_certificate = true + domain_name = local.domain_name + subject_alternative_names = ["*.${local.domain_name}"] + validation_method = "DNS" + enable_dns_validation = false +} + +####---------------------------------------------------------------------------------- +## LAMBDA +####---------------------------------------------------------------------------------- +module "lambda" { + source = "clouddrove/lambda/aws" + version = "1.3.1" + + name = local.name + environment = local.environment + enable = true + timeout = 60 + filename = "../lambda_packages/index.zip" + handler = "index.lambda_handler" + runtime = "python3.8" + iam_actions = [ + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:PutLogEvents" + ] + names = [ + "python_layer" + ] + compatible_runtimes = [ + ["python3.8"] + ] + statement_ids = [ + "AllowExecutionFromApiGateway" + ] + actions = [ + "lambda:InvokeFunction" + ] + principals = [ + "apigateway.amazonaws.com" + ] + variables = { + foo = "bar" + } +} + +####---------------------------------------------------------------------------------- +## API GATEWAY +####---------------------------------------------------------------------------------- +module "api_gateway" { + source = "../../." + + name = local.name + environment = local.environment + domain_name = "api.${local.domain_name}" + domain_name_certificate_arn = module.acm.arn + integration_uri = module.lambda.invoke_arn + zone_id = local.hosted_zone_id + auto_deploy = true + stage_name = "$default" + create_vpc_link_enabled = false + create_http_api = true + cors_configuration = { + allow_credentials = true + allow_methods = ["GET", "OPTIONS", "POST"] + max_age = 5 + } + integrations = { + "ANY /" = { + lambda_arn = module.lambda.arn + payload_format_version = "2.0" + timeout_milliseconds = 30000 + } + "GET /some-route-with-authorizer" = { + lambda_arn = module.lambda.arn + payload_format_version = "1.0" + authorizer_key = "cognito" + } + "POST /start-step-function" = { + lambda_arn = module.lambda.arn + payload_format_version = "1.0" + authorizer_key = "cognito" + } + } +} \ No newline at end of file diff --git a/examples/http-api-gateway/outputs.tf b/examples/http-api-gateway/outputs.tf new file mode 100644 index 0000000..7025048 --- /dev/null +++ b/examples/http-api-gateway/outputs.tf @@ -0,0 +1,19 @@ +output "api_id" { + value = module.api_gateway.api_id + description = "The API identifier." +} + +output "api_arn" { + value = module.api_gateway.api_arn + description = "The API arn." +} + +output "api_endpoint" { + value = module.api_gateway.api_endpoint + description = "The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com." +} + +output "invoke_url" { + value = module.api_gateway.invoke_url + description = "URL to invoke the API pointing to the stage" +} diff --git a/examples/http-api-gateway/version.tf b/examples/http-api-gateway/version.tf new file mode 100644 index 0000000..3f60246 --- /dev/null +++ b/examples/http-api-gateway/version.tf @@ -0,0 +1,11 @@ +# Terraform version +terraform { + required_version = ">= 1.6.1" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.20.0" + } + } +} \ No newline at end of file diff --git a/examples/lambda_packages/index.py b/examples/lambda_packages/index.py new file mode 100644 index 0000000..a0f3277 --- /dev/null +++ b/examples/lambda_packages/index.py @@ -0,0 +1,7 @@ +import json +def lambda_handler(event, context): + print('Lambda function with Python!|') + return { + 'statusCode': 200, + 'body': json.dumps('Hello from Lambda!') + } diff --git a/examples/lambda_packages/index.zip b/examples/lambda_packages/index.zip new file mode 100644 index 0000000000000000000000000000000000000000..f7f278d2512ef361a87817c1e9e6645ab5d2bbe0 GIT binary patch literal 335 zcmWIWW@Zs#-~hs@Q;i}RpkNJ<=3r1@$jnPgt9fjK34ML1^rkK@?q9KDk Date: Fri, 14 Mar 2025 12:18:38 +0000 Subject: [PATCH 81/82] docs: update CHANGELOG.md for 1.5.0 --- CHANGELOG.md | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3084e83..3cd1dd6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,24 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.5.0] - 2025-03-14 +### :sparkles: New Features +- [`50cf105`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/50cf1051642fb29642d227d51256c37ab8fb4fc6) - Add automerge github shared workflow *(PR [#58](https://github.com/clouddrove/terraform-aws-api-gateway/pull/58) by [@vaibhav7797](https://github.com/vaibhav7797))* +- [`32d8469`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/32d8469e8a30aff35159a5e3e31107eb8bc37df1) - updated example path and readme parameters *(PR [#61](https://github.com/clouddrove/terraform-aws-api-gateway/pull/61) by [@Tanveer143s](https://github.com/Tanveer143s))* +- [`4781229`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/47812297ac350d8d17f77574adcfe49eadb193b7) - updated branch name in uses of workflow *(PR [#62](https://github.com/clouddrove/terraform-aws-api-gateway/pull/62) by [@rakeshclouddevops](https://github.com/rakeshclouddevops))* + +### :bug: Bug Fixes +- [`2d0cee3`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/2d0cee303784cc3168a3365bd5ca8ff9b37343de) - Error in count condition of HTTP-Api-Gateway *(PR [#60](https://github.com/clouddrove/terraform-aws-api-gateway/pull/60) by [@Aatishsharma77](https://github.com/Aatishsharma77))* + +### :construction_worker: Build System +- [`01808ac`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/01808acac8afbcf52a156ce5f0125225d419c9ba) - **deps**: bump clouddrove/subnet/aws in /_examples/vpc_link_api *(commit by [@dependabot[bot]](https://github.com/apps/dependabot))* +- [`b2a71c7`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/b2a71c724381371d19f028447ee16529c0c906ed) - **deps**: bump clouddrove/lambda/aws in /_examples/vpc_link_api *(commit by [@dependabot[bot]](https://github.com/apps/dependabot))* +- [`373ad50`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/373ad50f02bac6a35effaa844b65c862a5220b49) - **deps**: bump clouddrove/lambda/aws in /_examples/complete *(commit by [@dependabot[bot]](https://github.com/apps/dependabot))* + +### :memo: Documentation Changes +- [`c9417b5`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/c9417b5e9985d7b9eab1a9ceeef1135b7be350a9) - update CHANGELOG.md for 1.4.1 *(commit by [@clouddrove-ci](https://github.com/clouddrove-ci))* + + ## [1.4.1] - 2023-11-15 ### :sparkles: New Features - [`3264a48`](https://github.com/clouddrove/terraform-aws-api-gateway/commit/3264a489ebdf1664dfcfb101777eb28a5b7c5d50) - Added new vpc tag *(commit by [@theprashantyadav](https://github.com/theprashantyadav))* @@ -100,4 +118,5 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [1.0.1]: https://github.com/clouddrove/terraform-aws-api-gateway/tree/1.0.1 [1.4.0]: https://github.com/clouddrove/terraform-aws-api-gateway/compare/1.0.1...1.4.0 -[1.4.1]: https://github.com/clouddrove/terraform-aws-api-gateway/compare/1.4.0...1.4.1 \ No newline at end of file +[1.4.1]: https://github.com/clouddrove/terraform-aws-api-gateway/compare/1.4.0...1.4.1 +[1.5.0]: https://github.com/clouddrove/terraform-aws-api-gateway/compare/1.4.1...1.5.0 From 226598b35a0769d30c42fb7c1abdf3a68c583c74 Mon Sep 17 00:00:00 2001 From: clouddrove-ci Date: Fri, 14 Mar 2025 12:28:24 +0000 Subject: [PATCH 82/82] update README.md --- docs/io.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/io.md b/docs/io.md index 2d743d9..2f23165 100644 --- a/docs/io.md +++ b/docs/io.md @@ -108,7 +108,7 @@ | target | Part of quick create. Quick create produces an API with an integration, a default catch-all route, and a default stage which is configured to automatically deploy changes. For HTTP integrations, specify a fully qualified URL. For Lambda integrations, specify a function ARN. The type of the integration will be HTTP\_PROXY or AWS\_PROXY, respectively. Applicable for HTTP APIs. | `string` | `null` | no | | timeout\_milliseconds | Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds. | `number` | `null` | no | | type | Type of the authorizer. Possible values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, or COGNITO\_USER\_POOLS for using an Amazon Cognito user pool. Defaults to TOKEN. | `string` | `"TOKEN"` | no | -| vpc\_endpoint\_id | ID of the vpc endpoint. Only applicable when | `string` | `""` | no | +| vpc\_endpoint\_id | ID of the vpc endpoint. Only applicable when | `set(string)` | 
[
  ""
]
| no | | vpc\_endpoint\_type | The VPC endpoint type, Gateway, GatewayLoadBalancer, or Interface. Defaults to Gateway. | `string` | `"Gateway"` | no | | vpc\_id | The ID of the VPC in which the endpoint will be used. | `string` | `""` | no | | vpc\_links | Map of VPC Links details to create | `map(any)` | `{}` | no |