Closed paul-rafferty-marina closed 10 months ago
This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days
This issue was automatically closed because of stale in 10 days
I'm going to lock this issue because it has been closed for 30 days β³. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Description
I cannot deploy and API Gateway that has authorizers of different types (eg: REQUEST and JWT), or Terraform throws this error telling me that
attribute types must all match for conversion to map
. This happens because the map must contain different types, since REQUEST and JWT have different parameters. Some of these parameters are required by one authorizer type, but are not supported at all by the other authorizer type.Example: cannot use parameter
enable_simple_responses
I cannot use this parameter on my REQUEST authorizer without also using it on the JWT authorizer, or I get the above message, that
attribute types must all match for conversion to map
. But if I set the JWT authorizer's value to any boolean, I get the errorEnableSimpleResponses can only be set for REQUEST authorizer
.Workaround: do not use this parameter anywhere.
Example: cannot use different authorizer types due to
authorizer_payload_format_version
This is worse because there is no workaround. On my REQUEST authorizer, I must set this or I get the message
AuthorizerPayloadFormatVersion is a required parameter for REQUEST authorizer
. But I cannot give this parameter any value on my JWT authorizer or I get the error:AuthorizerPayloadFormatVersion can only be set for REQUEST authorizer
. Obviously I cannot set it to 'null' either or I get the original error.NOTE: not the same as issue 89
The error message is similar to https://github.com/terraform-aws-modules/terraform-aws-apigateway-v2/issues/89 Indeed, the underlying cause is Terraform's handling of maps.
Versions
Module version [Required]: 2.2.2
Terraform version:
Provider version(s):
Reproduction Code [Required]
To reproduce this issue, use the complete example code and simply add any valid REQUEST authorizer, eg:
locals { domain_name = "terraform-aws-modules.modules.tf" # trimsuffix(data.aws_route53_zone.this.name, ".") subdomain = "complete-http" }
###################
HTTP API Gateway
###################
module "api_gateway" { source = "../../"
name = "http" description = "HTTP API Gateway with two authorizer types" protocol_type = "HTTP"
cors_configuration = { allow_headers = ["content-type", "x-amz-date", "authorization", "x-api-key", "x-amz-security-token", "x-amz-user-agent"] allow_methods = [""] allow_origins = [""] }
domain_name = local.domain_name domain_name_certificate_arn = module.acm.acm_certificate_arn
default_route_settings = { detailed_metrics_enabled = true throttling_burst_limit = 100 throttling_rate_limit = 100 }
authorizers = { "cognito" = { authorizer_type = "JWT" identity_sources = "$request.header.Authorization" name = "cognito" audience = ["d6a38afd-45d6-4874-d1aa-3c5c558aqcc2"] issuer = "https://${aws_cognito_user_pool.this.endpoint}" } "lambda" = { authorizer_type = "REQUEST" identity_sources = "$request.header.Authorization" name = "lambda" authorizer_payload_format_version = "2.0" } }
integrations = {
}
data "aws_route53_zone" "this" { name = local.domain_name }
module "acm" { source = "terraform-aws-modules/acm/aws" version = "~> 3.0"
domain_name = local.domain_name zone_id = data.aws_route53_zone.this.id subject_alternative_names = ["${local.subdomain}.${local.domain_name}"] }
module "lambda_function" { source = "terraform-aws-modules/lambda/aws" version = "~> 3.0"
function_name = "${random_pet.this.id}-lambda" description = "My awesome lambda function" handler = "index.lambda_handler" runtime = "python3.8"
publish = true
create_package = false local_existing_package = local.downloaded
allowed_triggers = { AllowExecutionFromAPIGateway = { service = "apigateway" source_arn = "${module.api_gateway.apigatewayv2_api_execution_arn}//" } } }
resource "aws_cognito_user_pool" "this" { name = "user-pool-${random_pet.this.id}" }
Error: Invalid value for input variable on ../../../../../modules/api_gateway/api_gateway.tf line 36, in module "api_gateway": 36: authorizers = local.authorizers
The given value is not suitable for module.api_gateway.module.api_gateway.var.authorizers declared at .terraform/modules/api_gateway.api_gateway/variables.tf:204,1-23: attribute types must all match for conversion to map. "