How to refresh AWS Lambda permission for API Gateway using Terraform?

Question

I am deploying a REST API Gateway using Terraform. Couple of endpoints are accessing Lambda function to return response. Whenever I deploy api-gw using terraform, the Lambda permission doesn't seem to refresh and I have to manually open the api-gw portal in AWS console and again add that lambda function post which it prompts me to allow invoke action. How can I refresh the permission without having to do these manual steps ? I am using below snippet for api-gw deployment and lambda permissions:

resource "aws_api_gateway_deployment" "deploy" {
  rest_api_id = aws_api_gateway_rest_api.apigw.id
  stage_name  = ""
  variables  = {
    deployed_at = timestamp()
  }
  lifecycle {
    create_before_destroy = true
  }
}

resource "aws_lambda_permission" "customers_lambda_permission" {
  statement_id  = "AllowDemoAPIInvokeProjectGet"
  action        = "lambda:InvokeFunction"
  function_name = local.lambda_name
  principal     = "apigateway.amazonaws.com"
  source_arn = "${aws_api_gateway_rest_api.apigw.execution_arn}/*/GET/api/customers"

}

Answer 1

Your aws_api_gateway_deployment resource should depend on the aws_api_gateway_integration so that the lambda integration is created before deployment.

resource "aws_api_gateway_deployment" "deploy" {
  ...
  depends_on = [
    aws_api_gateway_integration.example1,
    aws_api_gateway_integration.example2
  ]
}

or use triggers attribute:

resource "aws_api_gateway_deployment" "deploy" {
  ...
  triggers = {
    redeployment = sha1(jsonencode([
      aws_api_gateway_resource.example1.id,
      aws_api_gateway_method.example1.id,
      aws_api_gateway_integration.example1.id,
    ]))
}