-
Notifications
You must be signed in to change notification settings - Fork 0
/
api_gateway.tf
68 lines (57 loc) · 1.83 KB
/
api_gateway.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
resource "aws_api_gateway_rest_api" "bridge" {
name = "bridge"
description = "bridge"
}
resource "aws_api_gateway_deployment" "bridge" {
rest_api_id = aws_api_gateway_rest_api.bridge.id
stage_name = "bridge"
}
resource "aws_api_gateway_domain_name" "bridge" {
domain_name = "bridge.fheymann.de"
certificate_arn = var.certificate_arn
}
resource "aws_route53_record" "bridge" {
name = aws_api_gateway_domain_name.bridge.domain_name
type = "A"
zone_id = var.hosted_zone_id
alias {
evaluate_target_health = true
name = aws_api_gateway_domain_name.bridge.cloudfront_domain_name
zone_id = aws_api_gateway_domain_name.bridge.cloudfront_zone_id
}
}
resource "aws_api_gateway_base_path_mapping" "bridge" {
api_id = aws_api_gateway_rest_api.bridge.id
stage_name = aws_api_gateway_deployment.bridge.stage_name
domain_name = aws_api_gateway_domain_name.bridge.domain_name
}
data "aws_iam_policy_document" "apigateway_logs_trust_relationship" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["apigateway.amazonaws.com"]
}
}
}
resource "aws_iam_role" "apigateway_logs" {
name = "apigateway-logs"
assume_role_policy = data.aws_iam_policy_document.apigateway_logs_trust_relationship.json
}
resource "aws_iam_role_policy" "apigateway_logs" {
name = "apigateway-logs"
role = aws_iam_role.apigateway_logs.id
policy = data.aws_iam_policy_document.apigateway_logs.json
}
data "aws_iam_policy_document" "apigateway_logs" {
statement {
actions = ["logs:*"]
resources = ["*"]
}
}
resource "aws_api_gateway_account" "demo" {
cloudwatch_role_arn = aws_iam_role.apigateway_logs.arn
}
output "api_gateway_base_url" {
value = aws_api_gateway_deployment.bridge.invoke_url
}