LinusU
commented
3 years ago Update for #69, this is what I'm using to work with API Gateway v2. Do note the extra PATCH, I haven't seen it documented, but without it POST-ing a new deployment will not cause it to go live.
data "aws_iam_policy_document" "github_api_deploy" {
statement {
actions = ["lambda:UpdateFunctionCode", "lambda:UpdateFunctionConfiguration"]
resources = [data.aws_lambda_function.api_test.arn]
}
statement {
actions = ["lambda:AddPermission", "lambda:InvokeFunction"]
resources = ["${data.aws_lambda_function.api_test.arn}:*"]
}
// This is only needed when NOT specifying --http-api-id=
statement {
actions = ["apigateway:GET"]
resources = ["arn:aws:apigateway:eu-north-1::/apis"]
}
statement {
actions = ["apigateway:PUT"]
resources = [data.aws_apigatewayv2_api.api_test.arn]
}
statement {
actions = ["apigateway:POST"]
resources = ["${data.aws_apigatewayv2_api.api_test.arn}/deployments"]
}
// Without this the deployment will not go live
statement {
actions = ["apigateway:PATCH"]
resources = ["${data.aws_apigatewayv2_api.api_test.arn}/stages/$default"]
}
}
This is what I used for setting this up via Terraform, we should add this somewhere in a nice format: