api-lambda-v2: first draft of new module

richardjkendall · Nov 13, 2023 · 8913878 · 8913878
1 parent 3db2c6e
commit 8913878
Show file tree

Hide file tree

Showing 3 changed files with 190 additions and 0 deletions.
diff --git a/modules/api-lambda-v2/main.tf b/modules/api-lambda-v2/main.tf
@@ -0,0 +1,97 @@
+/*
+title: api-lambda-v2
+desc: Exposes a python lambda function as a HTTP API using API gateway v2.  Lambda function code must be in a public github repo.
+depends: lambda-function
+*/
+
+provider "aws" {
+  region = var.aws_region
+}
+
+terraform {
+  backend "s3" {}
+}
+
+module "lambda_function" {
+  source = "../lambda-function"
+
+  aws_region        = var.aws_region
+  function_name     = var.function_name
+  function_handler  = var.handler
+  runtime           = var.runtime
+  timeout           = var.timeout
+  memory            = var.memory
+  code_repository   = var.code_repository
+
+  execution_role_policies = var.execution_role_policies
+
+  environment_variables = var.environment_variables
+}
+
+resource "aws_apigatewayv2_api" "api" {
+  name          = var.api_name
+  protocol_type = "HTTP"
+}
+
+resource "aws_apigatewayv2_integration" "func" {
+  api_id           = aws_apigatewayv2_api.api.id
+  integration_type = "AWS_PROXY"
+
+  connection_type    = "INTERNET"
+  integration_method = "POST"
+  integration_uri    = module.lambda_function.invoke_arn
+
+  payload_format_version = "1.0"
+}
+
+resource "aws_apigatewayv2_route" "route_options" {
+  api_id = aws_apigatewayv2_api.api.id
+
+  route_key = "OPTIONS /{proxy+}"
+  target    = "integrations/${aws_apigatewayv2_integration.func.id}"
+}
+
+resource "aws_apigatewayv2_route" "route_any" {
+  api_id = aws_apigatewayv2_api.api.id
+
+  route_key = "ANY /{proxy+}"
+  target    = "integrations/${aws_apigatewayv2_integration.func.id}"
+
+  authorization_type = var.jwt_issuer != "" ? "JWT" : "NONE"
+  authorizer_id      = var.jwt_issuer != "" ? aws_apigatewayv2_authorizer.auth.0.id : ""
+}
+
+resource "aws_apigatewayv2_stage" "default_stage" {
+  api_id      = aws_apigatewayv2_api.api.id
+  name        = "$default"
+  auto_deploy = true
+}
+
+resource "aws_lambda_permission" "lambda_permission" {
+  statement_id  = "AllowAPIGatewayInvoke"
+  action        = "lambda:InvokeFunction"
+  function_name = module.lambda_function.function_name
+  principal     = "apigateway.amazonaws.com"
+
+  # The "/*/*" portion grants access from any method on any resource
+  # within the API Gateway REST API.
+  source_arn = "${aws_apigatewayv2_api.api.execution_arn}/*/*/{proxy+}"
+}
+
+resource "aws_apigatewayv2_authorizer" "auth" {
+  count = var.jwt_issuer != "" ? 1 : 0
+
+  api_id           = aws_apigatewayv2_api.api.id
+  name             = "${var.api_name}_jwt_auth"
+  authorizer_type  = "JWT"
+  identity_sources = ["$request.header.Authorization"]
+
+  jwt_configuration {
+    issuer   = var.jwt_issuer
+    audience = var.jwt_audience
+  }
+}
+
+
+
+
diff --git a/modules/api-lambda-v2/outputs.tf b/modules/api-lambda-v2/outputs.tf
@@ -0,0 +1,3 @@
+output "base_url" {
+  value = aws_apigatewayv2_api.api.api_endpoint
+}
diff --git a/modules/api-lambda-v2/variables.tf b/modules/api-lambda-v2/variables.tf
@@ -0,0 +1,90 @@
+variable "aws_region" {
+  type = string
+  description = "region where provisioning should happen"
+}
+
+variable "api_name" {
+  type = string
+  description = "name of api"
+}
+
+variable "function_name" {
+  type = string
+  description = "name of lambda function"
+}
+
+variable "handler" {
+  type = string
+  description = "name of handler function"
+}
+
+variable "runtime" {
+  type = string
+  description = "rumtime for the lambda function"
+  default = "python3.8"
+}
+
+variable "timeout" {
+  description = "how many seconds should the function be allowed to run for"
+  type = number
+  default = 20
+}
+
+variable "memory" {
+  description = "how many MB of memory should be allocated to the function"
+  type = number
+  default = 128
+}
+
+variable "code_repository" {
+  type = string
+  description = "URL for code to be deployed for the API"
+}
+
+/*variable "http_method" {
+  type = string
+  description = "HTTP method for the API"
+  default = "ANY"
+}
+
+variable "stage_name" {
+  type = string
+  description = "name of the API stage to be deployed"
+  default = "prod"
+}*/
+
+variable "execution_role_policies" {
+  type = list(string)
+  description = "list of arns for policies which should be attached to the lambda function execution role"
+  default = []
+}
+
+variable "environment_variables" {
+  type = map(string)
+  default = {}
+  description = "map of environment variables passed to the function"
+}
+
+/*variable "api_key" {
+  type = string
+  default = ""
+  description = "API key to associate with the API, if blank no key is associated with the API"
+}
+
+variable "enable_cors_any" {
+  type = bool
+  default = false
+  description = "should we enable any caller via CORS?  default is no"
+}*/
+
+variable "jwt_issuer" {
+  type = string
+  default = ""
+  description = "Should we enable a JWT authoriser and if so what issuer should we use, if blank no authoriser is created"
+}
+
+variable "jwt_audience" {
+  type = set(string)
+  default = [""]
+  description = "What audience should we look for on the JWT (aud)"
+}