| api_authorizers |
Map of API gateway authorizers to create |
map(object({
authorizer_credentials_arn = optional(string)
authorizer_payload_format_version = optional(string)
authorizer_result_ttl_in_seconds = optional(number)
authorizer_type = optional(string, "REQUEST")
authorizer_uri = optional(string)
enable_simple_responses = optional(bool)
identity_sources = optional(list(string))
jwt_configuration = optional(object({
audience = optional(list(string))
issuer = optional(string)
}), {})
name = optional(string)
})) |
{} |
no |
| api_body |
An OpenAPI specification that defines the set of routes and integrations to create as part of the HTTP APIs. Supported only for HTTP APIs |
string |
null |
no |
| api_cors_configuration |
The cross-origin resource sharing (CORS) configuration |
object({
allow_credentials = optional(bool)
allow_headers = optional(list(string))
allow_methods = optional(list(string))
allow_origins = optional(list(string))
expose_headers = optional(list(string), [])
max_age = optional(number)
}) |
{} |
no |
| api_credentials_arn |
Part of quick create. Specifies any credentials required for the integration. Applicable for HTTP APIs |
string |
null |
no |
| api_description |
The description of the API. Must be less than or equal to 1024 characters in length |
string |
null |
no |
| api_disable_execute_api_endpoint |
Whether clients can invoke the API by using the default execute-api endpoint. By default, clients can invoke the API with the default {api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke the API, disable the default endpoint |
bool |
null |
no |
| api_domain_name |
The domain name to use for API gateway |
string |
"" |
no |
| api_domain_name_certificate_arn |
The ARN of an AWS-managed certificate that will be used by the endpoint for the domain name. AWS Certificate Manager is the only supported source |
string |
null |
no |
| api_domain_name_ownership_verification_certificate_arn |
ARN of the AWS-issued certificate used to validate custom domain ownership (when certificate_arn is issued via an ACM Private CA or mutual_tls_authentication is configured with an ACM-imported certificate.) |
string |
null |
no |
| api_fail_on_warnings |
Whether warnings should return an error while API Gateway is creating or updating the resource using an OpenAPI specification. Defaults to false. Applicable for HTTP APIs |
bool |
null |
no |
| api_mapping_key |
The API mapping key |
string |
null |
no |
| api_name |
The name of the API. Must be less than or equal to 128 characters in length |
string |
"" |
no |
| api_route_key |
Part of quick create. Specifies any route key |
string |
null |
no |
| api_route_selection_expression |
The route selection expression for the API. Defaults to $request.method $request.path |
string |
null |
no |
| api_routes |
Map of API gateway routes with integrations |
any |
{
"ANY /{proxy+}": {
"integration": {}
}
} |
no |
| api_stage_access_log_settings |
Settings for logging access in this stage. Use the aws_api_gateway_account resource to configure permissions for CloudWatch Logging |
object({
create_log_group = optional(bool, true)
destination_arn = optional(string)
format = optional(string)
log_group_name = optional(string)
log_group_retention_in_days = optional(number, 30)
log_group_kms_key_id = optional(string)
log_group_skip_destroy = optional(bool)
log_group_class = optional(string)
log_group_tags = optional(map(string), {})
}) |
{} |
no |
| api_stage_default_route_settings |
The default route settings for the stage |
object({
data_trace_enabled = optional(bool, false)
detailed_metrics_enabled = optional(bool, false)
logging_level = optional(string)
throttling_burst_limit = optional(number, 500)
throttling_rate_limit = optional(number, 1000)
}) |
{} |
no |
| api_stage_description |
The description for the stage. Must be less than or equal to 1024 characters in length |
string |
null |
no |
| api_stage_name |
The name of the stage. Must be between 1 and 128 characters in length |
string |
"$default" |
no |
| api_stage_tags |
A mapping of tags to assign to the stage resource |
map(string) |
{} |
no |
| api_stage_variables |
A map that defines the stage variables for the stage |
map(string) |
{} |
no |
| api_subdomains |
An optional list of subdomains to use for API gateway |
list(string) |
[] |
no |
| api_tags |
A mapping of tags to assign to the API Gateway resources |
map(string) |
{} |
no |
| api_target |
Part of quick create. Quick create produces an API with an integration, a default catch-all route, and a default stage which is configured to automatically deploy changes. For HTTP integrations, specify a fully qualified URL. For Lambda integrations, specify a function ARN. The type of the integration will be HTTP_PROXY or AWS_PROXY, respectively. Applicable for HTTP APIs |
string |
null |
no |
| api_version |
A version identifier for the API. Must be between 1 and 64 characters in length |
string |
null |
no |
| api_vpc_link_tags |
A map of tags to add to the VPC Links created |
map(string) |
{} |
no |
| api_vpc_links |
Map of VPC Link definitions to create |
map(object({
name = optional(string)
security_group_ids = optional(list(string))
subnet_ids = optional(list(string))
tags = optional(map(string), {})
})) |
{} |
no |
| create |
Controls if resources should be created |
bool |
true |
no |
| create_api |
Whether to create API Gateway resource |
bool |
true |
no |
| create_api_certificate |
Whether to create a certificate for the domain |
bool |
true |
no |
| create_api_domain_name |
Whether to create API domain name resource |
bool |
true |
no |
| create_api_domain_records |
Whether to create Route53 records for the domain name |
bool |
true |
no |
| create_lambda |
Whether to create Lambda function resource |
bool |
true |
no |
| create_lambda_cloudwatch_log_group |
Whether to create a CloudWatch log group |
bool |
true |
no |
| create_lambda_role |
Controls whether IAM role for Lambda Function should be created |
bool |
true |
no |
| description |
Common description used across the resources created if a more specific resource description is not provided |
string |
"ECR custom endpoint" |
no |
| lambda_architectures |
The architectures supported by the Lambda function |
list(string) |
[
"arm64"
] |
no |
| lambda_attach_network_policy |
Controls whether VPC/network policy should be added to IAM role for Lambda Function |
bool |
false |
no |
| lambda_attach_tracing_policy |
Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function |
bool |
false |
no |
| lambda_cloudwatch_logs_kms_key_id |
The ARN of the KMS Key to use when encrypting log data. |
string |
null |
no |
| lambda_cloudwatch_logs_log_group_class |
Specified the log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS |
string |
null |
no |
| lambda_cloudwatch_logs_retention_in_days |
Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. |
number |
null |
no |
| lambda_description |
The description of the Lambda function |
string |
"" |
no |
| lambda_environment_variables |
A mapping of environment variables to assign to the Lambda function |
map(string) |
{} |
no |
| lambda_kms_key_arn |
The ARN of KMS key to use by your Lambda Function |
string |
null |
no |
| lambda_memory_size |
Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. |
number |
256 |
no |
| lambda_name |
The name of the Lambda function |
string |
"" |
no |
| lambda_provisioned_concurrent_executions |
Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. |
number |
-1 |
no |
| lambda_reserved_concurrent_executions |
The amount of reserved concurrent executions for this Lambda Function. A value of 0 disables Lambda Function from being triggered and -1 removes any concurrency limitations. Defaults to Unreserved Concurrency Limits -1. |
number |
-1 |
no |
| lambda_role |
IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. |
string |
"" |
no |
| lambda_role_description |
Description of IAM role to use for Lambda Function |
string |
null |
no |
| lambda_role_maximum_session_duration |
Maximum session duration, in seconds, for the IAM role |
number |
null |
no |
| lambda_role_permissions_boundary |
The ARN of the policy that is used to set the permissions boundary for the IAM role used by Lambda Function |
string |
null |
no |
| lambda_runtime |
The runtime environment for the Lambda function |
string |
"python3.12" |
no |
| lambda_tags |
A mapping of tags to assign to the Lambda function |
map(string) |
{} |
no |
| lambda_timeout |
The amount of time your Lambda Function has to run in seconds. |
number |
3 |
no |
| lambda_tracing_mode |
Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active |
string |
null |
no |
| lambda_vpc_security_group_ids |
List of security group ids when Lambda Function should run in the VPC. |
list(string) |
null |
no |
| lambda_vpc_subnet_ids |
List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets. |
list(string) |
null |
no |
| name |
Common name used across the resources created if a more specific resource name is not provided |
string |
"ecr-endpoint" |
no |
| tags |
A mapping of tags to assign to resources created |
map(string) |
{} |
no |