diff --git a/main.tf b/main.tf index 455c037..1129d34 100644 --- a/main.tf +++ b/main.tf @@ -1,6 +1,5 @@ locals { resource_name_prefix = "${var.namespace}-${var.resource_tag_name}" - api_url = "${aws_api_gateway_deployment._.invoke_url}${aws_api_gateway_stage._.stage_name}" api_name = "${local.resource_name_prefix}-${var.api_name}" } @@ -10,6 +9,10 @@ data "template_file" "_" { vars = var.api_template_vars } +data "aws_api_gateway_domain_name" "_" { + domain_name = var.api_domain_name +} + resource "aws_api_gateway_rest_api" "_" { name = local.api_name api_key_source = "HEADER" @@ -24,8 +27,8 @@ resource "aws_api_gateway_deployment" "_" { lifecycle { create_before_destroy = true } - - # Triggers a re-deployment to the stage + + # Triggers a re-deployment to the stage triggers = { redeployment = base64sha256(data.template_file._.template) } @@ -58,8 +61,26 @@ resource "aws_api_gateway_method_settings" "_" { } } +# +# Domain Setup +# +resource "aws_api_gateway_domain_name" "_" { + domain_name = var.api_domain_name + endpoint_configuration { + types = ["REGIONAL"] + } + regional_certificate_arn = var.acm_certificate_arn + security_policy = "TLS_1_2" +} + +resource "aws_api_gateway_base_path_mapping" "_" { + api_id = aws_api_gateway_rest_api._.id + domain_name = aws_api_gateway_domain_name._.domain_name + stage_name = aws_api_gateway_stage._.stage_name +} + # ----------------------------------------------------------------------------- -# CloudWatch: API Gateway +# CloudWatch: API Gateway # ----------------------------------------------------------------------------- module "cloudwatch_alarms_apigateway" { source = "./cloudwatch-alarms-apigateway" diff --git a/outputs.tf b/outputs.tf index 46a55d0..6101dd1 100644 --- a/outputs.tf +++ b/outputs.tf @@ -7,7 +7,11 @@ output "rest_api_id" { } output "api_url" { - value = local.api_url + value = aws_api_gateway_deployment._.invoke_url +} + +output "api_domain_name" { + value = data.aws_api_gateway_domain_name._.regional_domain_name } output "api_name" { @@ -16,4 +20,4 @@ output "api_name" { output "api_stage" { value = aws_api_gateway_stage._.stage_name -} \ No newline at end of file +} diff --git a/variables.tf b/variables.tf index a4d26fd..8a1219f 100644 --- a/variables.tf +++ b/variables.tf @@ -8,6 +8,8 @@ variable "namespace" { variable "region" { description = "AWS region" + type = string + default = "us-east-1" } variable "resource_tag_name" { @@ -27,7 +29,17 @@ variable "api_template" { variable "api_template_vars" { description = "Variables required in the OpenAPI template file" - type = map + type = map(string) +} + +variable "api_domain_name" { + description = "Domain name of the API Gateway REST API for self-signed TLS certificate" + type = string +} + +variable "acm_certificate_arn" { + description = "The ARN of the ACM certificate to use for the custom domain name" + type = string } variable "api_throttling_rate_limit" { @@ -67,7 +79,7 @@ variable "xray_tracing_enabled" { # ----------------------------------------------------------------------------- variable "resources" { description = "Methods that have Cloudwatch alarms enabled" - type = map + type = map(string) } variable "latency_threshold_p95" { @@ -113,4 +125,4 @@ variable "fiveRate_evaluationPeriods" { description = "How many periods are evaluated before the alarm is triggered" default = 5 type = number -} \ No newline at end of file +} diff --git a/versions.tf b/versions.tf index ac97c6a..9d58500 100644 --- a/versions.tf +++ b/versions.tf @@ -1,4 +1,4 @@ terraform { - required_version = ">= 0.12" + required_version = ">= 0.14" }