Resource: awsApiGatewayIntegration
Provides an HTTP Method Integration for an API Gateway Integration.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsApiGatewayRestApiMyDemoApi =
new aws.apiGatewayRestApi.ApiGatewayRestApi(this, "MyDemoAPI", {
description: "This is my API for demonstration purposes",
name: "MyDemoAPI",
});
const awsApiGatewayResourceMyDemoResource =
new aws.apiGatewayResource.ApiGatewayResource(this, "MyDemoResource", {
parentId: awsApiGatewayRestApiMyDemoApi.rootResourceId,
pathPart: "mydemoresource",
restApiId: awsApiGatewayRestApiMyDemoApi.id,
});
const awsApiGatewayMethodMyDemoMethod =
new aws.apiGatewayMethod.ApiGatewayMethod(this, "MyDemoMethod", {
authorization: "NONE",
httpMethod: "GET",
resourceId: awsApiGatewayResourceMyDemoResource.id,
restApiId: awsApiGatewayRestApiMyDemoApi.id,
});
new aws.apiGatewayIntegration.ApiGatewayIntegration(this, "MyDemoIntegration", {
cacheKeyParameters: ["method.request.path.param"],
cacheNamespace: "foobar",
httpMethod: awsApiGatewayMethodMyDemoMethod.httpMethod,
requestParameters: {
"integration.request.header.X-Authorization": "'static'",
},
requestTemplates: {
"application/xml": "{\n \"body\" : $input.json('$')\n}\n",
},
resourceId: awsApiGatewayResourceMyDemoResource.id,
restApiId: awsApiGatewayRestApiMyDemoApi.id,
timeoutMilliseconds: 29000,
type: "MOCK",
});
Lambda integration
import * as cdktf from "cdktf";
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
/*Terraform Variables are not always the best fit for getting inputs in the context of Terraform CDK.
You can read more about this at https://cdk.tf/variables*/
const accountId = new cdktf.TerraformVariable(this, "accountId", {});
const myregion = new cdktf.TerraformVariable(this, "myregion", {});
const awsApiGatewayRestApiApi = new aws.apiGatewayRestApi.ApiGatewayRestApi(
this,
"api",
{
name: "myapi",
}
);
const dataAwsIamPolicyDocumentAssumeRole =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"assume_role",
{
statement: [
{
actions: ["sts:AssumeRole"],
effect: "Allow",
principals: [
{
identifiers: ["lambda.amazonaws.com"],
type: "Service",
},
],
},
],
}
);
const awsApiGatewayResourceResource =
new aws.apiGatewayResource.ApiGatewayResource(this, "resource", {
parentId: awsApiGatewayRestApiApi.rootResourceId,
pathPart: "resource",
restApiId: awsApiGatewayRestApiApi.id,
});
const awsIamRoleRole = new aws.iamRole.IamRole(this, "role", {
assumeRolePolicy: dataAwsIamPolicyDocumentAssumeRole.json,
name: "myrole",
});
const awsLambdaFunctionLambda = new aws.lambdaFunction.LambdaFunction(
this,
"lambda",
{
filename: "lambda.zip",
functionName: "mylambda",
handler: "lambda.lambda_handler",
role: awsIamRoleRole.arn,
runtime: "python3.7",
sourceCodeHash: '${filebase64sha256("lambda.zip")}',
}
);
const awsApiGatewayMethodMethod = new aws.apiGatewayMethod.ApiGatewayMethod(
this,
"method",
{
authorization: "NONE",
httpMethod: "GET",
resourceId: awsApiGatewayResourceResource.id,
restApiId: awsApiGatewayRestApiApi.id,
}
);
new aws.lambdaPermission.LambdaPermission(this, "apigw_lambda", {
action: "lambda:InvokeFunction",
functionName: awsLambdaFunctionLambda.functionName,
principal: "apigateway.amazonaws.com",
sourceArn: `arn:aws:execute-api:\${${myregion.value}}:\${${accountId.value}}:\${${awsApiGatewayRestApiApi.id}}/*/\${${awsApiGatewayMethodMethod.httpMethod}}\${${awsApiGatewayResourceResource.path}}`,
statementId: "AllowExecutionFromAPIGateway",
});
new aws.apiGatewayIntegration.ApiGatewayIntegration(this, "integration", {
httpMethod: awsApiGatewayMethodMethod.httpMethod,
integrationHttpMethod: "POST",
resourceId: awsApiGatewayResourceResource.id,
restApiId: awsApiGatewayRestApiApi.id,
type: "AWS_PROXY",
uri: awsLambdaFunctionLambda.invokeArn,
});
VPC Link
import * as cdktf from "cdktf";
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
/*Terraform Variables are not always the best fit for getting inputs in the context of Terraform CDK.
You can read more about this at https://cdk.tf/variables*/
const name = new cdktf.TerraformVariable(this, "name", {});
const subnetId = new cdktf.TerraformVariable(this, "subnet_id", {});
const awsApiGatewayRestApiTest = new aws.apiGatewayRestApi.ApiGatewayRestApi(
this,
"test",
{
name: name.value,
}
);
const awsLbTest = new aws.lb.Lb(this, "test_3", {
internal: true,
loadBalancerType: "network",
name: name.value,
subnets: [subnetId.value],
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsLbTest.overrideLogicalId("test");
const awsApiGatewayResourceTest = new aws.apiGatewayResource.ApiGatewayResource(
this,
"test_4",
{
parentId: awsApiGatewayRestApiTest.rootResourceId,
pathPart: "test",
restApiId: awsApiGatewayRestApiTest.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsApiGatewayResourceTest.overrideLogicalId("test");
const awsApiGatewayVpcLinkTest = new aws.apiGatewayVpcLink.ApiGatewayVpcLink(
this,
"test_5",
{
name: name.value,
targetArns: [awsLbTest.arn],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsApiGatewayVpcLinkTest.overrideLogicalId("test");
const awsApiGatewayMethodTest = new aws.apiGatewayMethod.ApiGatewayMethod(
this,
"test_6",
{
authorization: "NONE",
httpMethod: "GET",
requestModels: {
"application/json": "Error",
},
resourceId: awsApiGatewayResourceTest.id,
restApiId: awsApiGatewayRestApiTest.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsApiGatewayMethodTest.overrideLogicalId("test");
const awsApiGatewayIntegrationTest =
new aws.apiGatewayIntegration.ApiGatewayIntegration(this, "test_7", {
connectionId: awsApiGatewayVpcLinkTest.id,
connectionType: "VPC_LINK",
contentHandling: "CONVERT_TO_TEXT",
httpMethod: awsApiGatewayMethodTest.httpMethod,
integrationHttpMethod: "GET",
passthroughBehavior: "WHEN_NO_MATCH",
requestParameters: {
"integration.request.header.X-Authorization": "'static'",
"integration.request.header.X-Foo": "'Bar'",
},
requestTemplates: {
"application/json": "",
"application/xml": "#set($inputRoot = $input.path('$'))\n{ }",
},
resourceId: awsApiGatewayResourceTest.id,
restApiId: awsApiGatewayRestApiTest.id,
type: "HTTP",
uri: "https://www.google.de",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsApiGatewayIntegrationTest.overrideLogicalId("test");
Argument Reference
The following arguments are supported:
restApiId
- (Required) ID of the associated REST API.resourceId
- (Required) API resource ID.httpMethod
- (Required) HTTP method (get
,post
,put
,delete
,head
,option
,any
) when calling the associated resource.integrationHttpMethod
- (Optional) Integration HTTP method (get
,post
,put
,delete
,head
,optioNs
,any
,patch
) specifying how API Gateway will interact with the back end. Required iftype
isaws
,AWS_PROXY
,http
orHTTP_PROXY
. Not all methods are compatible with allaws
integrations. e.g., Lambda function can only be invoked viapost
.type
- (Required) Integration input's type. Valid values arehttp
(for HTTP backends),mock
(not calling any real backend),aws
(for AWS services),AWS_PROXY
(for Lambda proxy integration) andHTTP_PROXY
(for HTTP proxy integration). Anhttp
orHTTP_PROXY
integration with aconnectionType
ofVPC_LINK
is referred to as a private integration and uses a VpcLink to connect API Gateway to a network load balancer of a VPC.connectionType
- (Optional) Integration input's connectionType. Valid values areinternet
(default for connections through the public routable internet), andVPC_LINK
(for private connections between API Gateway and a network load balancer in a VPC).connectionId
- (Optional) ID of the VpcLink used for the integration. Required ifconnectionType
isVPC_LINK
uri
- (Optional) Input's URI. Required iftype
isaws
,AWS_PROXY
,http
orHTTP_PROXY
. For HTTP integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification . For AWS integrations, the URI should be of the formarn:aws:apigateway:{region}:{subdomainService|service}:{path|action}/{serviceApi}
.region
,subdomain
andservice
are used to determine the right endpoint. e.g.,arn:aws:apigateway:euWest1:lambda:path/20150331/functions/arn:aws:lambda:euWest1:012345678901:function:myFunc/invocations
. For private integrations, the URI parameter is not used for routing requests to your endpoint, but is used for setting the Host header and for certificate validation.credentials
- (Optional) Credentials required for the integration. Foraws
integrations, 2 options are available. To specify an IAM Role for Amazon API Gateway to assume, use the role's ARN. To require that the caller's identity be passed through from the request, specify the stringarn:aws:iam::\*:user/\*
.requestTemplates
- (Optional) Map of the integration's request templates.requestParameters
- (Optional) Map of request query string parameters and headers that should be passed to the backend responder. For example:requestParameters = { "integrationRequestHeaderXSomeOtherHeader" = "methodRequestHeaderXSomeHeader" }
passthroughBehavior
- (Optional) Integration passthrough behavior (WHEN_NO_MATCH
,WHEN_NO_TEMPLATES
,never
). Required ifrequestTemplates
is used.cacheKeyParameters
- (Optional) List of cache key parameters for the integration.cacheNamespace
- (Optional) Integration's cache namespace.contentHandling
- (Optional) How to handle request payload content type conversions. Supported values areCONVERT_TO_BINARY
andCONVERT_TO_TEXT
. If this property is not defined, the request payload will be passed through from the method request to integration request without modification, provided that the passthroughBehaviors is configured to support payload pass-through.timeoutMilliseconds
- (Optional) Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds.tlsConfig
- (Optional) TLS configuration. See below.
tls_config Configuration Block
The tlsConfig
configuration block supports the following arguments:
insecureSkipVerification
- (Optional) Whether or not API Gateway skips verification that the certificate for an integration endpoint is issued by a supported certificate authority. This isn’t recommended, but it enables you to use certificates that are signed by private certificate authorities, or certificates that are self-signed. If enabled, API Gateway still performs basic certificate validation, which includes checking the certificate's expiration date, hostname, and presence of a root certificate authority. Supported only forhttp
andHTTP_PROXY
integrations.
Attributes Reference
No additional attributes are exported.
Import
awsApiGatewayIntegration
can be imported using restApiId/resourceId/httpMethod
, e.g.,