hoangquochung1110
commented
3 months ago AWS managed policies
I think it's better to create it through Console or AWS CLI then import it to Terraform
Open hoangquochung1110 opened 3 months ago
hoangquochung1110
commented
3 months ago I think it's better to create it through Console or AWS CLI then import it to Terraform
hoangquochung1110
commented
3 months ago We have to create such S3. bucket in advance and should not import it to terraform
hoangquochung1110
commented
3 months ago Nếu liên kết api gw stage tới lambda function thông qua stage variable thì cần
aws lambda add-permission \
--function-name "arn:aws:lambda:ap-southeast-1:838835070561:function:${stageVariables.lambda_func}" \
--source-arn "arn:aws:execute-api:ap-southeast-1:838835070561:1j969s1gs5/*/POST/" \
--principal apigateway.amazonaws.com \
--statement-id 3970e138-f44a-4ea2-9cfe-71729f177ac6 \
--action lambda:InvokeFunctionRight now, for lambda integration, seems not able to use stage variable to dynamically associate a stage to lambda function
Create resource on Console then use tf import, for example
tf import aws_api_gateway_integration.root_post_integration REST-API-ID/RESOURCE-ID/HTTP-METHOD
tf import aws_api_gateway_integration.root_post_integration 1j969s1gs5/o8ynkfor67/POSTHowever, once successfully import it, terraform complained about missing of required attributes for such resource when we run tf apply.
hoangquochung1110
commented
3 months ago Steps to address such above error:
tf apply may have destroyed it)tf state show aws_api_gateway_integration.root_post_integration
# aws_api_gateway_integration.root_post_integration:
resource "aws_api_gateway_integration" "root_post_integration" {
cache_key_parameters = []
cache_namespace = "o8ynkfor67"
connection_id = null
connection_type = "INTERNET"
content_handling = "CONVERT_TO_TEXT"
credentials = null
http_method = "POST"
id = "agi-1j969s1gs5-o8ynkfor67-POST"
integration_http_method = "POST"
passthrough_behavior = "WHEN_NO_MATCH"
request_parameters = {}
request_templates = {}
resource_id = "o8ynkfor67"
rest_api_id = "1j969s1gs5"
timeout_milliseconds = 29000
type = "AWS"
uri = "arn:aws:apigateway:ap-southeast-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ap-southeast-1:838835070561:function:${stageVariables.lambda_func}/invocations"seems like this solution is not working for now, I stupidly copy this attr:
uri = "arn:aws:apigateway:ap-southeast-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ap-southeast-1:838835070561:function:$${stageVariables.lambda_func}/invocations"Notice $$ to escape variable substitution
this uri works ✅
resource "aws_api_gateway_integration" "root_post_integration" {
rest_api_id = aws_api_gateway_rest_api.main.id
resource_id = aws_api_gateway_rest_api.main.root_resource_id
http_method = "POST"
integration_http_method = "POST"
type = "AWS_PROXY"
uri = "arn:aws:apigateway:ap-southeast-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ap-southeast-1:838835070561:function:${aws_lambda_function.function.function_name}:$${stageVariables.lambda_alias}/invocations"
}otherwise, not able to destroy db instance through tf destroy
hoangquochung1110
commented
2 months ago tf state list to sync state
Default route table for VPC
We should not import/modify it. Let's create additional resources like "public_tf" or "second_rt" if we like to have more route entries for the vpc/subnets