Unable to attach authorizers to routes

[Chima-ThirdBridge]

Description

I am using an JWT Authorizer on my APIGateways routes Reviewing the example set out in complete-http I can either:

• Build a map of authorizers within the APIGateway module resource and attach it to a route using the authorizer_key attribute
• Build out an authorizer resource and attach it to a route using the authorizer_id attribute

Versions

• Module version: 2.0.0:

• Terraform version: v1.2.1 on darwin_amd64

• Provider version(s):

• provider registry.terraform.io/hashicorp/archive v2.2.0

• provider registry.terraform.io/hashicorp/aws v4.18.0

• provider registry.terraform.io/hashicorp/random v3.3.2

• provider registry.terraform.io/hashicorp/template v2.2.0

Reproduction Code [Required]

module "apigateway-v2" {
  source  = "terraform-aws-modules/apigateway-v2/aws"
  version = "2.0.0"

  name          = "${var.environment}-${local.application_name}-http-api"
  description   = "API proxy to ${local.new_relic_app_name}"
  protocol_type = "HTTP"

  cors_configuration = {
    allow_headers = ["content-type", "x-amz-date", "authorization", "x-api-key", "x-amz-security-token", "x-amz-user-agent"]
    allow_methods = ["*"]
    allow_origins = ["*"]
  }

  create_api_domain_name = false

  # Authorizers
  authorizers = {
    "auth0" = {
      authorizer_type  = "JWT"
      identity_sources = "$request.header.Authorization"
      name             = "${var.environment}-auth0-jwt-authorizer"
      audience         = ["https://${local.domain}/api/v2/"]
      issuer           = "https://${local.domain}/"
    }
  }

  # Routes and integrations
  integrations = {
    "ANY /{proxy+}" = {
      connection_type    = "VPC_LINK"
      vpc_link           = "${local.application_name}-vpc"
      integration_uri    = local.alb_http_listener_arn
      integration_type   = "HTTP_PROXY"
      integration_method = "ANY"
      authorizer_key     = "auth0"
    }

    "OPTIONS /{proxy+}" = {
      connection_type    = "VPC_LINK"
      vpc_link           = "${local.application_name}-vpc"
      integration_uri    = local.alb_http_listener_arn
      integration_type   = "HTTP_PROXY"
      integration_method = "OPTIONS"
    }
  }

  vpc_links = {
    knowledge-graph-vpc = {
      name               = "${var.environment}-${local.application_name}-link"
      security_group_ids = flatten([local.alb_sg_ids])
      subnet_ids         = var.vpc_private_subnets
    }
  }

  tags = var.tags
}

Steps to reproduce the behavior:

Code is developed locally, formated and validated using terraform commands Code is pushed to branch in GitHub Code is deployed from GitHub using CICD pipelines run using Slack commands

Expected behavior

The created authorizer resource should be attached to the given route

Actual behavior

The authorizer is created as expected but never attached to the route

Workaround

Manually attach the authorizer to the route as required.

Screenshots

[Chima-ThirdBridge]

I have resolved this issue.

I need to explicity set the authorization_type on the route that uses the authorizer - adding authorization_type = "JWT" resolved this issue:

    "ANY /{proxy+}" = {
      connection_type    = "VPC_LINK"
      vpc_link           = "${local.application_name}-vpc"
      integration_uri    = local.alb_http_listener_arn
      integration_type   = "HTTP_PROXY"
      integration_method = "ANY"
      authorization_type = "JWT"
      authorizer_key     = "auth0"
    }

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.