search

terraform-aws-modules / terraform-aws-apigateway-v2

Terraform module to create AWS API Gateway v2 (HTTP/WebSocket) πŸ‡ΊπŸ‡¦
https://registry.terraform.io/modules/terraform-aws-modules/apigateway-v2/aws
Apache License 2.0
148 stars 200 forks source link

add iam auth to api gateway HTTP using terraform api gateway module #86

Closed yuvalberk closed 1 year ago

yuvalberk commented 1 year ago

Description

I want to add the built in iam Authorization type to an HTTP type api gateway I tried adding different types of authorizations but couldn't find a way to just add the basic iam auth

module "api_gateway" {
  source = "terraform-aws-modules/apigateway-v2/aws"

  name          = "dev-http"
  description   = "My awesome HTTP API Gateway"
  protocol_type = "HTTP"

  # Routes and integrations
  integrations = {
    "POST /test" = {
      lambda_arn = "arn:aws:lambda:eu-central-1:9999999:function:sample_lambda"
      authorizer_key = "IAM"
    }
  }
  create_api_domain_name = false
  authorizers = {
    "IAM" = {
      authorizer_type  = "REQUEST"
      name             = "iam-auth"
    }
  }

  tags = {
    Name = "http-apigateway"
  }
}

this is the module code where i am trying to add the iam auth.

this code is not working and i am getting this error

β”‚ Error: creating API Gateway v2 authorizer: BadRequestException: AuthorizerUri is a required field in an Authorizer
β”‚
β”‚   with module.api_gateway.aws_apigatewayv2_authorizer.this["IAM"],
β”‚   on .terraform\modules\api_gateway\main.tf line 187, in resource "aws_apigatewayv2_authorizer" "this":
β”‚  187: resource "aws_apigatewayv2_authorizer" "this" {
yuvalberk commented 1 year ago

I can see that an authorization_type of "AWS_IAM" need to be added you can see in here if you change "NONE" to "AWS_IAM" it is working and adding the IAM authorization to the route. the problem is i cant find where the JWT and REQUEST authorizer_type are define so i can add the AWS_IAM authorizer_type.

this is the error i get when trying to specify AWS_IAM authorizer_type:

β”‚ Error: expected authorizer_type to be one of [REQUEST JWT], got AWS_IAM
β”‚
β”‚   with module.api_gateway.aws_apigatewayv2_authorizer.this["IAM"],
β”‚   on .terraform\modules\api_gateway\main.tf line 192, in resource "aws_apigatewayv2_authorizer" "this":
β”‚  192:   authorizer_type                   = try(each.value.authorizer_type, null)
yuvalberk commented 1 year ago

finally i found out that i should have been mentioning the authorization_type = "AWS_IAM" inside the route block. I think this is worth mentioning in the documentation so other people wont get confused. this is the piece of code that finally worked:

  integrations = {
    "POST /test" = {
      lambda_arn = "arn:aws:lambda:eu-central-1:11111111:function:Lambda"
      authorization_type = "AWS_IAM"
    }
  }
github-actions[bot] commented 1 year ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.