Resource: awsApiGatewayIntegration

Provides an HTTP Method Integration for an API Gateway Integration.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsApiGatewayRestApiMyDemoApi =
  new aws.apiGatewayRestApi.ApiGatewayRestApi(this, "MyDemoAPI", {
    description: "This is my API for demonstration purposes",
    name: "MyDemoAPI",
  });
const awsApiGatewayResourceMyDemoResource =
  new aws.apiGatewayResource.ApiGatewayResource(this, "MyDemoResource", {
    parentId: awsApiGatewayRestApiMyDemoApi.rootResourceId,
    pathPart: "mydemoresource",
    restApiId: awsApiGatewayRestApiMyDemoApi.id,
  });
const awsApiGatewayMethodMyDemoMethod =
  new aws.apiGatewayMethod.ApiGatewayMethod(this, "MyDemoMethod", {
    authorization: "NONE",
    httpMethod: "GET",
    resourceId: awsApiGatewayResourceMyDemoResource.id,
    restApiId: awsApiGatewayRestApiMyDemoApi.id,
  });
new aws.apiGatewayIntegration.ApiGatewayIntegration(this, "MyDemoIntegration", {
  cacheKeyParameters: ["method.request.path.param"],
  cacheNamespace: "foobar",
  httpMethod: awsApiGatewayMethodMyDemoMethod.httpMethod,
  requestParameters: {
    "integration.request.header.X-Authorization": "'static'",
  },
  requestTemplates: {
    "application/xml": "{\n   \"body\" : $input.json('$')\n}\n",
  },
  resourceId: awsApiGatewayResourceMyDemoResource.id,
  restApiId: awsApiGatewayRestApiMyDemoApi.id,
  timeoutMilliseconds: 29000,
  type: "MOCK",
});

Lambda integration

import * as cdktf from "cdktf";
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
/*Terraform Variables are not always the best fit for getting inputs in the context of Terraform CDK.
You can read more about this at https://cdk.tf/variables*/
const accountId = new cdktf.TerraformVariable(this, "accountId", {});
const myregion = new cdktf.TerraformVariable(this, "myregion", {});
const awsApiGatewayRestApiApi = new aws.apiGatewayRestApi.ApiGatewayRestApi(
  this,
  "api",
  {
    name: "myapi",
  }
);
const dataAwsIamPolicyDocumentAssumeRole =
  new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
    this,
    "assume_role",
    {
      statement: [
        {
          actions: ["sts:AssumeRole"],
          effect: "Allow",
          principals: [
            {
              identifiers: ["lambda.amazonaws.com"],
              type: "Service",
            },
          ],
        },
      ],
    }
  );
const awsApiGatewayResourceResource =
  new aws.apiGatewayResource.ApiGatewayResource(this, "resource", {
    parentId: awsApiGatewayRestApiApi.rootResourceId,
    pathPart: "resource",
    restApiId: awsApiGatewayRestApiApi.id,
  });
const awsIamRoleRole = new aws.iamRole.IamRole(this, "role", {
  assumeRolePolicy: dataAwsIamPolicyDocumentAssumeRole.json,
  name: "myrole",
});
const awsLambdaFunctionLambda = new aws.lambdaFunction.LambdaFunction(
  this,
  "lambda",
  {
    filename: "lambda.zip",
    functionName: "mylambda",
    handler: "lambda.lambda_handler",
    role: awsIamRoleRole.arn,
    runtime: "python3.7",
    sourceCodeHash: '${filebase64sha256("lambda.zip")}',
  }
);
const awsApiGatewayMethodMethod = new aws.apiGatewayMethod.ApiGatewayMethod(
  this,
  "method",
  {
    authorization: "NONE",
    httpMethod: "GET",
    resourceId: awsApiGatewayResourceResource.id,
    restApiId: awsApiGatewayRestApiApi.id,
  }
);
new aws.lambdaPermission.LambdaPermission(this, "apigw_lambda", {
  action: "lambda:InvokeFunction",
  functionName: awsLambdaFunctionLambda.functionName,
  principal: "apigateway.amazonaws.com",
  sourceArn: `arn:aws:execute-api:\${${myregion.value}}:\${${accountId.value}}:\${${awsApiGatewayRestApiApi.id}}/*/\${${awsApiGatewayMethodMethod.httpMethod}}\${${awsApiGatewayResourceResource.path}}`,
  statementId: "AllowExecutionFromAPIGateway",
});
new aws.apiGatewayIntegration.ApiGatewayIntegration(this, "integration", {
  httpMethod: awsApiGatewayMethodMethod.httpMethod,
  integrationHttpMethod: "POST",
  resourceId: awsApiGatewayResourceResource.id,
  restApiId: awsApiGatewayRestApiApi.id,
  type: "AWS_PROXY",
  uri: awsLambdaFunctionLambda.invokeArn,
});

VPC Link

import * as cdktf from "cdktf";
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
/*Terraform Variables are not always the best fit for getting inputs in the context of Terraform CDK.
You can read more about this at https://cdk.tf/variables*/
const name = new cdktf.TerraformVariable(this, "name", {});
const subnetId = new cdktf.TerraformVariable(this, "subnet_id", {});
const awsApiGatewayRestApiTest = new aws.apiGatewayRestApi.ApiGatewayRestApi(
  this,
  "test",
  {
    name: name.value,
  }
);
const awsLbTest = new aws.lb.Lb(this, "test_3", {
  internal: true,
  loadBalancerType: "network",
  name: name.value,
  subnets: [subnetId.value],
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsLbTest.overrideLogicalId("test");
const awsApiGatewayResourceTest = new aws.apiGatewayResource.ApiGatewayResource(
  this,
  "test_4",
  {
    parentId: awsApiGatewayRestApiTest.rootResourceId,
    pathPart: "test",
    restApiId: awsApiGatewayRestApiTest.id,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsApiGatewayResourceTest.overrideLogicalId("test");
const awsApiGatewayVpcLinkTest = new aws.apiGatewayVpcLink.ApiGatewayVpcLink(
  this,
  "test_5",
  {
    name: name.value,
    targetArns: [awsLbTest.arn],
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsApiGatewayVpcLinkTest.overrideLogicalId("test");
const awsApiGatewayMethodTest = new aws.apiGatewayMethod.ApiGatewayMethod(
  this,
  "test_6",
  {
    authorization: "NONE",
    httpMethod: "GET",
    requestModels: {
      "application/json": "Error",
    },
    resourceId: awsApiGatewayResourceTest.id,
    restApiId: awsApiGatewayRestApiTest.id,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsApiGatewayMethodTest.overrideLogicalId("test");
const awsApiGatewayIntegrationTest =
  new aws.apiGatewayIntegration.ApiGatewayIntegration(this, "test_7", {
    connectionId: awsApiGatewayVpcLinkTest.id,
    connectionType: "VPC_LINK",
    contentHandling: "CONVERT_TO_TEXT",
    httpMethod: awsApiGatewayMethodTest.httpMethod,
    integrationHttpMethod: "GET",
    passthroughBehavior: "WHEN_NO_MATCH",
    requestParameters: {
      "integration.request.header.X-Authorization": "'static'",
      "integration.request.header.X-Foo": "'Bar'",
    },
    requestTemplates: {
      "application/json": "",
      "application/xml": "#set($inputRoot = $input.path('$'))\n{ }",
    },
    resourceId: awsApiGatewayResourceTest.id,
    restApiId: awsApiGatewayRestApiTest.id,
    type: "HTTP",
    uri: "https://www.google.de",
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsApiGatewayIntegrationTest.overrideLogicalId("test");

Argument Reference

The following arguments are supported:

restApiId - (Required) ID of the associated REST API.
resourceId - (Required) API resource ID.
httpMethod - (Required) HTTP method (get, post, put, delete, head, option, any) when calling the associated resource.
integrationHttpMethod - (Optional) Integration HTTP method (get, post, put, delete, head, optioNs, any, patch) specifying how API Gateway will interact with the back end. Required if type is aws, AWS_PROXY, http or HTTP_PROXY. Not all methods are compatible with all aws integrations. e.g., Lambda function can only be invoked via post.
type - (Required) Integration input's type. Valid values are http (for HTTP backends), mock (not calling any real backend), aws (for AWS services), AWS_PROXY (for Lambda proxy integration) and HTTP_PROXY (for HTTP proxy integration). An http or HTTP_PROXY integration with a connectionType of VPC_LINK is referred to as a private integration and uses a VpcLink to connect API Gateway to a network load balancer of a VPC.
connectionType - (Optional) Integration input's connectionType. Valid values are internet (default for connections through the public routable internet), and VPC_LINK (for private connections between API Gateway and a network load balancer in a VPC).
connectionId - (Optional) ID of the VpcLink used for the integration. Required if connectionType is VPC_LINK
uri - (Optional) Input's URI. Required if type is aws, AWS_PROXY, http or HTTP_PROXY. For HTTP integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification . For AWS integrations, the URI should be of the form arn:aws:apigateway:{region}:{subdomainService|service}:{path|action}/{serviceApi}. region, subdomain and service are used to determine the right endpoint. e.g., arn:aws:apigateway:euWest1:lambda:path/20150331/functions/arn:aws:lambda:euWest1:012345678901:function:myFunc/invocations. For private integrations, the URI parameter is not used for routing requests to your endpoint, but is used for setting the Host header and for certificate validation.
credentials - (Optional) Credentials required for the integration. For aws integrations, 2 options are available. To specify an IAM Role for Amazon API Gateway to assume, use the role's ARN. To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::\*:user/\*.
requestTemplates - (Optional) Map of the integration's request templates.
requestParameters - (Optional) Map of request query string parameters and headers that should be passed to the backend responder. For example: requestParameters = { "integrationRequestHeaderXSomeOtherHeader" = "methodRequestHeaderXSomeHeader" }
passthroughBehavior - (Optional) Integration passthrough behavior (WHEN_NO_MATCH, WHEN_NO_TEMPLATES, never). Required if requestTemplates is used.
cacheKeyParameters - (Optional) List of cache key parameters for the integration.
cacheNamespace - (Optional) Integration's cache namespace.
contentHandling - (Optional) How to handle request payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT. If this property is not defined, the request payload will be passed through from the method request to integration request without modification, provided that the passthroughBehaviors is configured to support payload pass-through.
timeoutMilliseconds - (Optional) Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds.
tlsConfig - (Optional) TLS configuration. See below.

tls_config Configuration Block

The tlsConfig configuration block supports the following arguments:

insecureSkipVerification - (Optional) Whether or not API Gateway skips verification that the certificate for an integration endpoint is issued by a supported certificate authority. This isn’t recommended, but it enables you to use certificates that are signed by private certificate authorities, or certificates that are self-signed. If enabled, API Gateway still performs basic certificate validation, which includes checking the certificate's expiration date, hostname, and presence of a root certificate authority. Supported only for http and HTTP_PROXY integrations.

Attributes Reference

No additional attributes are exported.

Import

awsApiGatewayIntegration can be imported using restApiId/resourceId/httpMethod, e.g.,

$ terraform import aws_api_gateway_integration.example 12345abcde/67890fghij/GET