[Bug]: API Gateway Endpoint Configuration not deploying from OpenAPI spec

[jamiegosling]

Terraform Core Version

1.4.6

AWS Provider Version

4.67.0

Affected Resource(s)

aws_api_gateway_rest_api

Expected Behavior

I'm attempting to deploy a Private API with a VPC Endpoint configuration using an openapi spec containing the following block of yaml in the API spec:

servers:
  x-amazon-apigateway-endpoint-configuration:
    vpcEndpointIds:
      - ${vpc_endpoint_id}

and a corresponding block of terraform:

resource "aws_api_gateway_rest_api" "apigw" {

  name                                = "${var.name_prefix}-apigw"
  description                         = "${var.description}"
  body                                = templatefile("../../configuration/api_schemas/${var.api_schema_filename}", merge(var.api_schema_vars, { lambda_execution_role_arn = aws_iam_role.apigw_execution_role.arn}))
  policy                              = templatefile("../../configuration/policies/${var.api_resource_policy_filename}", { region = var.region, account_id = local.account_id, vpce = var.vpce})
  lifecycle {
    create_before_destroy             = true
  }
  endpoint_configuration {
    types = [var.endpoint_type]
  }

}

the module is called like this:

module "api" {

  source                       = "../../resources/apigw"
  name_prefix                  = local.name_prefix
  description                  = "Private API GW"
  api_schema_filename          = "my_api.yml"
  api_resource_policy_filename = "private_apigw_resource_policy.json"
  stage_name                   = "master"
  region                       = var.region
  vpce                         = var.vpce
  endpoint_type                = "PRIVATE"
  cognito_user_pool_id         = module.cognito.cognito_user_pool_id
  xray                         = true
  api_schema_vars = {
    "ext_cognito_scope" : "scope",
    "ext_cognito_authorizer_name" : module.cognito.cognito_authorizer_name,
    "ext_cognito_user_pool_arn" : module.cognito.cognito_user_pool_arn,
    "lambda_invoke_arn" : module.lambda.lambda_invoke_arn,
    "token_endpoint" : module.cognito.cognito_domain,
    "vpc_endpoint_id": var.vpce,
    "region" : var.region
  }
  lambda_arns = [module.lambda.lambda_arn]
}

with var.vpce being provided as a string in the TFVARS file like vpce = "vpce-xxxxx"

Looking at the documentation, I think this should deploy a Private API with the specified VPC Endpoint in the Endpoint Configuration.

Actual Behavior

A Private API is deployed, but the VPC Endpoint is not listed in the configuration. If you deploy the endpoint via terrafrom like

  endpoint_configuration {
    types = [var.endpoint_type]
    vpc_endpoint_ids =  [var.vpce]
  }

this works, and if you remove this explicit definition and apply, terraform reports 'No changes' and the endpoint remains.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

https://gist.github.com/jamiegosling/f2e4c655cb47c5ddcc23e22fe625bc2d

Steps to Reproduce

-deploy API without endpoint defined in terraform, not vpce is added to API -explicitly define vpce in terraform, endpoint is added -remove vpce in terraform, endpoint remains

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.