Reputation: 1538
Terraform API Gateway Not Showing Up As Trigger For Lambda
I followed the instructions here for setting up a gateway and a lambda but it does not work. The symptoms appear to be the same as described here but the fixes suggested there did not work.
My infrastructure definition is as follows:
resource "aws_apigatewayv2_api" "lambda_api" {
name = "${upper(var.project)}-${upper(var.environment)}-${var.gateway_name}"
protocol_type = "HTTP"
}
resource "aws_apigatewayv2_stage" "lambda_default" {
name = "$default"
api_id = aws_apigatewayv2_api.lambda_api.id
auto_deploy = true
}
resource "aws_apigatewayv2_integration" "gateway_to_lambda" {
api_id = aws_apigatewayv2_api.lambda_api.id
integration_type = "AWS_PROXY"
connection_type = "INTERNET"
integration_method = "POST"
integration_uri = aws_lambda_function.executable.arn
payload_format_version = "2.0"
}
resource "aws_apigatewayv2_route" "route" {
api_id = aws_apigatewayv2_api.lambda_api.id
route_key = "GET /profile"
target = "integrations/${aws_apigatewayv2_integration.gateway_to_lambda.id}"
}
resource "aws_lambda_permission" "execution_lambda_from_gateway" {
statement_id = "AllowExecutionFromAPIGateway"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.executable.function_name
principal = "apigateway.amazonaws.com"
source_arn = "${aws_apigatewayv2_api.lambda_api.arn}/*/*"
}
On the gateway side it looks like things are created correctly: I have an integration that connects my path 'profile' to the lambda:
However, when I look on the lambda the trigger is missing:
When I try to hit the endpoint I get an "internal server error" message.
When I manually add the trigger in my lambda then it works but not under the 'profile' route key that I specified.
What am I missing here to correctly route my /profile in the API Gateway to my lambda?
Upvotes: 5
Views: 2638
Answers (2)
Reputation: 91
Removing the source arn from your permission is not the correct answer - FIXING the source arn is the correct solution. You are specifying the arn of the gateway when you should be specifying the execution_arn instead.
source_arn = "${aws_apigatewayv2_api.lambda_api.arn}/*/*"
Should be:
source_arn = "${aws_apigatewayv2_api.lambda_api.execution_arn}/*/*"
By removing the source_arn = entirely you open up the lambda to be invoked by any(?) api-gateway which is probably a security issue.
If the permission is correctly set up - you WILL see the gateway as a trigger in the lambda AWS console.
Upvotes: 2
Reputation: 238091
Based on the comments. The solution was to modify the permissions (remove source_arn):
resource "aws_lambda_permission" "execution_lambda_from_gateway" {
statement_id = "AllowExecutionFromAPIGateway"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.executable.function_name
principal = "apigateway.amazonaws.com"
}
Upvotes: 2
Related Questions
- Terraform not adding lambda integration_type to API Gateway despite having route and integration done properly
- Deploying AWS API Gateway lambda - BadRequestException: Invalid model identifier specified: Empty
- Trigger Lambda from API Gateway in Terraform
- Internal Server Error on Terraform provisioned API Gateway Trigger
- Deploying API Gateway and Lambda Integration using Terraform
- Terraform: API Gateway + Lambda - No integration defined for method
- Terraform API Gateway with Lambda integration
- Terraform: Create url path parameter for AWS API Gateway that invokes Lambda?
- Terraform Api Gateway Lambda Integration trigger problem
- Terraform AWS API Gateway integration