Reputation: 69
How to make integrations in AWS Api Gateway v2 (http) with lambda alias and stage variables in terraform
I have several lambdas with aliases (develop, production, staging..) and when I try to make an integration with his route like this
resource "aws_apigatewayv2_route" "http_routes" {
for_each = local.lambda_integrations
api_id = aws_apigatewayv2_api.api_http.id
route_key = each.key
target = "integrations/${aws_apigatewayv2_integration.http_integrations[each.key].id}"
}
resource "aws_apigatewayv2_integration" "http_integrations" {
for_each = local.lambda_integrations
api_id = aws_apigatewayv2_api.api_http.id
integration_type = "AWS_PROXY"
integration_method = "POST"
integration_uri = "arn:aws:apigateway:${var.auth.region}:lambda:path/2015-03-31/functions/${module.lambdas_functions[index(module.lambdas_functions.*.function_name,each.value.lambda)].arn}:$${stageVariables.alias}/invocations"
}
and
# Main Permission
resource "aws_lambda_permission" "permission_lambda" {
for_each = local.lambda_integrations
statement_id = can(each.value.statement) ? each.value.statement : "AllowExecutionFromAPIGateway"
action = "lambda:InvokeFunction"
function_name = module.lambdas_functions[
index(module.lambdas_functions.*.function_name,each.value.lambda)
].function_name
principal = "apigateway.amazonaws.com"
source_arn = "${aws_apigatewayv2_api.api_http.execution_arn}/*/*"
}
# Stage develop permission
resource "aws_lambda_permission" "permission_lambda_alias_develop" {
for_each = local.lambda_integrations
statement_id = can(each.value.statement) ? each.value.statement : "AllowExecutionFromAPIGateway"
action = "lambda:InvokeFunction"
function_name = module.lambdas_functions[
index(module.lambdas_functions.*.function_name,each.value.lambda)
].function_name
principal = "apigateway.amazonaws.com"
source_arn = "${aws_apigatewayv2_api.api_http.execution_arn}/*/*"
qualifier = "develop"
}
this works with a [number] version in CloudWatch, but in the lambda trigger I get this:
and although the code works, it does not seem to me to be correct.
what could be the best and correct approach to this situation?. Regards
Upvotes: 2
Views: 1004
Answers (2)
Reputation: 31
In integration URI you must use the qualifier_invoke_arn value. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function#qualified_invoke_arn-1
Upvotes: 0
Reputation: 45
What worked for me is this:
Destroyed the API Gateway components (used target)
terraform destroy --var-file VAR_FILES --target API_AND_LAMBDA_MODULESRenamed the stage to "$default"
Made the value of the perm_source_arn parameter as
"arn:aws:execute-api:${REGION}:${ACCOUNT_ID}:${API_ID}/*/*${ROUTE_KEY_PATH}"
After these, just re-apply.
Upvotes: 0
Related Questions
- Trigger Lambda from API Gateway in Terraform
- Deploying API Gateway and Lambda Integration using Terraform
- Integrate AWS API Gateway methods with multiple Lambdas using Terraform
- Terraform API Gateway with Lambda integration
- Terraform: Create url path parameter for AWS API Gateway that invokes Lambda?
- How to specify lambda function called by api gateway stage when using terraform?
- Terraform API Gateway for use with Lambda Proxy Integration
- Terraform AWS API Gateway integration
- Specifying a request template for a aws_api_gateway_integration in terraform
- Connect specific AWS API Gateway stage to specific Lambda alias in CloudFormation template