Closed cvandonderen closed 7 years ago
@cvandonderen Can you please provide your template, so i can replicate it exactly.
I run into the same issue:
The template is:
resource "aws_iam_role" "lambda_apigateway" {
name = "lambda_apigateway"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "apigateway.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_role_policy" "lambda_apigateway_invoke" {
name = "lambda_apigateway_invoke"
role = "${aws_iam_role.lambda_apigateway.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"lambda:InvokeFunction"
]
}
]
}
EOF
}
resource "aws_api_gateway_rest_api" "webhooks" {
name = "Webhooks"
description = "Webhooks"
}
resource "aws_api_gateway_resource" "sandbox_deploy" {
parent_id = "${aws_api_gateway_rest_api.webhooks.root_resource_id}"
path_part = "deploy"
rest_api_id = "${aws_api_gateway_rest_api.webhooks.id}"
}
resource "aws_api_gateway_method" "sandbox_deploy_post" {
rest_api_id = "${aws_api_gateway_rest_api.webhooks.id}"
resource_id = "${aws_api_gateway_resource.sandbox_deploy.id}"
http_method = "POST"
authorization = "NONE"
api_key_required = true
}
resource "aws_api_gateway_method_response" "sandbox_deploy_post_200" {
rest_api_id = "${aws_api_gateway_rest_api.webhooks.id}"
resource_id = "${aws_api_gateway_resource.sandbox_deploy.id}"
http_method = "POST"
status_code = "200"
}
resource "aws_api_gateway_integration" "sandbox_deploy_post" {
rest_api_id = "${aws_api_gateway_rest_api.webhooks.id}"
resource_id = "${aws_api_gateway_resource.sandbox_deploy.id}"
http_method = "${aws_api_gateway_method.sandbox_deploy_post.http_method}"
integration_http_method = "POST"
type = "AWS"
uri = "arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/${aws_lambda_function.deployment.arn}/invocations"
credentials = "${aws_iam_role.lambda_apigateway.arn}"
}
resource "aws_api_gateway_integration_response" "sandbox_deploy_post_200" {
rest_api_id = "${aws_api_gateway_rest_api.webhooks.id}"
resource_id = "${aws_api_gateway_resource.sandbox_deploy.id}"
http_method = "${aws_api_gateway_method.sandbox_deploy_post.http_method}"
status_code = "${aws_api_gateway_method_response.sandbox_deploy_post_200.status_code}"
}
Hi @cvandonderen
Just tried it with Terraform 0.7.13 and it works like a charm.
Here is the configuration I used (the one you provided didn't work as there isn't the lambda):
resource "aws_iam_role" "lambda_apigateway" {
name = "lambda_apigateway"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "apigateway.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_role_policy" "lambda_apigateway_invoke" {
name = "lambda_apigateway_invoke"
role = "${aws_iam_role.lambda_apigateway.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"lambda:InvokeFunction"
]
}
]
}
EOF
}
resource "aws_api_gateway_rest_api" "webhooks" {
name = "Webhooks"
description = "Webhooks"
}
resource "aws_api_gateway_resource" "sandbox_deploy" {
parent_id = "${aws_api_gateway_rest_api.webhooks.root_resource_id}"
path_part = "deploy"
rest_api_id = "${aws_api_gateway_rest_api.webhooks.id}"
}
resource "aws_api_gateway_method" "sandbox_deploy_post" {
rest_api_id = "${aws_api_gateway_rest_api.webhooks.id}"
resource_id = "${aws_api_gateway_resource.sandbox_deploy.id}"
http_method = "POST"
authorization = "NONE"
api_key_required = true
}
resource "aws_api_gateway_method_response" "sandbox_deploy_post_200" {
rest_api_id = "${aws_api_gateway_rest_api.webhooks.id}"
resource_id = "${aws_api_gateway_resource.sandbox_deploy.id}"
http_method = "POST"
status_code = "200"
}
resource "aws_lambda_function" "deployment" {
filename = "lambdatest.zip"
function_name = "mylambda"
role = "${aws_iam_role.test.arn}"
handler = "exports.example"
}
resource "aws_iam_role_policy" "iam_policy_for_lambda" {
name = "iam_policy_for_lambda"
role = "${aws_iam_role.test.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
}
]
}
EOF
}
resource "aws_iam_role" "test" {
name = "test2"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
resource "aws_api_gateway_integration" "sandbox_deploy_post" {
rest_api_id = "${aws_api_gateway_rest_api.webhooks.id}"
resource_id = "${aws_api_gateway_resource.sandbox_deploy.id}"
http_method = "${aws_api_gateway_method.sandbox_deploy_post.http_method}"
integration_http_method = "POST"
type = "AWS"
uri = "arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/${aws_lambda_function.deployment.arn}/invocations"
credentials = "${aws_iam_role.lambda_apigateway.arn}"
}
resource "aws_api_gateway_integration_response" "sandbox_deploy_post_200" {
depends_on = ["aws_api_gateway_integration.sandbox_deploy_post"]
rest_api_id = "${aws_api_gateway_rest_api.webhooks.id}"
resource_id = "${aws_api_gateway_resource.sandbox_deploy.id}"
http_method = "${aws_api_gateway_method.sandbox_deploy_post.http_method}"
status_code = "${aws_api_gateway_method_response.sandbox_deploy_post_200.status_code}"
}
I also checked on the console and the update works fine, i.e. passing from true
to false
and vice versa.
Could you check it and tell us how it goes?
Thanks :)
@stack72 This seems like a non-issue anymore. What do you think?
Hi all
A LOT of work has been added to the api_gateway resources. I cannot recreate this issue I'm afraid. I am going to close it out in the believe it is fixed
If you are still getting this with the 0.9.2 release, then please do let me know and we can look at it with immediate focus
Thanks
Paul
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Terraform Version
0.6.16
Affected Resource(s)
aws_api_gateway_method
Behavior
I have added
api_key_required = "true"
to my aws_api_gateway_method configuration. When runningterraform show
after applying I seeapi_key_required = true
, But when looking in the AWS console, or when runningaws apigateway get-method
apiKeyRequired is set to false.