Skip to content

Commit

Permalink
fix: missing lambda permission for api gateway
Browse files Browse the repository at this point in the history
  • Loading branch information
g-otn committed Mar 29, 2024
1 parent 59ae8bd commit 4547b3f
Show file tree
Hide file tree
Showing 3 changed files with 70 additions and 1 deletion.
43 changes: 42 additions & 1 deletion api_gateway.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
locals {
api_id = data.tfe_outputs.network.values.api_gw_gateway_api.id
api_id = data.tfe_outputs.network.values.api_gw_gateway_api.id
api_execution_arn = data.tfe_outputs.network.values.api_gw_gateway_api.execution_arn

proxy_to_alb_id = data.tfe_outputs.network.values.api_gw_integration_proxy_to_alb.id
}

Expand All @@ -14,6 +16,10 @@ resource "aws_apigatewayv2_authorizer" "lambda_authorizer_client" {

authorizer_payload_format_version = "2.0"
enable_simple_responses = true

authorizer_result_ttl_in_seconds = 0 # For debugging

authorizer_credentials_arn = data.aws_iam_role.lab_role.arn
}

// ----- Integrations -----
Expand All @@ -27,6 +33,8 @@ resource "aws_apigatewayv2_integration" "lambda_identification_nationalid" {
integration_uri = aws_lambda_function.identification_nationalid.invoke_arn

payload_format_version = "2.0"

credentials_arn = data.aws_iam_role.lab_role.arn
}

// ----- Routes -----
Expand Down Expand Up @@ -58,3 +66,36 @@ resource "aws_apigatewayv2_route" "order_confirmation" {
target = "integrations/${local.proxy_to_alb_id}"

}

// ----- Main -----

# locals {
# api_gw_redeployment_trigger = sha1(join(",", tolist([
# jsonencode(aws_apigatewayv2_authorizer.lambda_authorizer_client),
# jsonencode(aws_apigatewayv2_integration.lambda_identification_nationalid),
# jsonencode(aws_apigatewayv2_route.client_identification),
# jsonencode(aws_apigatewayv2_route.order_checkout_and_listing),
# jsonencode(aws_apigatewayv2_route.order_confirmation),
# ])))
# }

# resource "aws_apigatewayv2_deployment" "deploy_computing_api_gw_resources" {
# api_id = local.api_id
# description = "Deployment for computing-related API Gateway resources (${local.api_gw_redeployment_trigger})"

# triggers = {
# redeployment = local.api_gw_redeployment_trigger
# }

# lifecycle {
# create_before_destroy = true
# }

# depends_on = [
# aws_apigatewayv2_authorizer.lambda_authorizer_client,
# aws_apigatewayv2_integration.lambda_identification_nationalid,
# aws_apigatewayv2_route.client_identification,
# aws_apigatewayv2_route.order_checkout_and_listing,
# aws_apigatewayv2_route.order_confirmation,
# ]
# }
10 changes: 10 additions & 0 deletions cloudwatch.tf
Original file line number Diff line number Diff line change
@@ -1,3 +1,13 @@
#tfsec:ignore:aws-cloudwatch-log-group-customer-key
resource "aws_cloudwatch_log_group" "api_gateway_access_log" {
name = "/aws/apigateway/SOAT-TC_API_Gateway_Access_Log"
retention_in_days = 30

tags = {
Name : "SOAT-TC API GW Default Stage Access Log Cloudwatch Log Group"
}
}

#tfsec:ignore:aws-cloudwatch-log-group-customer-key
resource "aws_cloudwatch_log_group" "lambda_authorizer_client" {
name = "/aws/lambda/SOAT-TC_Lambda_Authorizer_Client_Logs"
Expand Down
18 changes: 18 additions & 0 deletions lambda.tf
Original file line number Diff line number Diff line change
Expand Up @@ -70,3 +70,21 @@ resource "aws_lambda_function" "authorizer_client" {
log_group = aws_cloudwatch_log_group.lambda_authorizer_client.name
}
}

resource "aws_lambda_permission" "execute_lambda1_from_apigateway" {
statement_id = "AllowExecutionFromAPIGateway_SOAT_TC_Lambda_Identification_NationalID"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.identification_nationalid.function_name
principal = "apigateway.amazonaws.com"

source_arn = "${local.api_execution_arn}/*/*"
}

resource "aws_lambda_permission" "execute_lambda2_from_apigateway" {
statement_id = "AllowExecutionFromAPIGateway_SOAT_TC_Lambda_Authorizer_Client"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.authorizer_client.function_name
principal = "apigateway.amazonaws.com"

source_arn = "${local.api_execution_arn}/*/*"
}

0 comments on commit 4547b3f

Please sign in to comment.