Merge pull request #32 from FloRul/feature/api-auth

Add API Gateway authorizer and Cognito user pool ARN
FloRul · Feb 20, 2024 · fab80a5 · fab80a5
2 parents 2dce5fd + 710bd2c
commit fab80a5
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/terraform/api_gateway.tf b/terraform/api_gateway.tf
@@ -51,6 +51,17 @@ resource "aws_api_gateway_usage_plan_key" "this" {
   usage_plan_id = aws_api_gateway_usage_plan.this.id
 }
 
+## Auth and Authorizer
+resource "aws_api_gateway_authorizer" "this" {
+  name                   = "${var.api_name}-authorizer"
+  rest_api_id            = aws_api_gateway_rest_api.this.id
+  type = "COGNITO_USER_POOLS"
+  provider_arns = [var.cognito_user_pool_arn]
+}
+
+
+## Logging
+
 resource "aws_api_gateway_account" "this" {
   cloudwatch_role_arn = aws_iam_role.this.arn
 }

diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -46,3 +46,9 @@ variable "api_gateway_stage_name" {
   nullable    = false
   type        = string
 }
+
+variable "cognito_user_pool_arn" {
+  nullable = false
+  type     = string
+  default  = "arn:aws:cognito-idp:us-east-1:446872271111:userpool/us-east-1_N0uQPJkjd"
+}