diff --git a/modules/api-gateway/README.md b/modules/api-gateway/README.md new file mode 100644 index 0000000..2468353 --- /dev/null +++ b/modules/api-gateway/README.md @@ -0,0 +1,54 @@ +# api-gateway + +Terraform module to create an API Gateway REST API with a custom domain and Route53 alias record. + +## Usage (EDGE - default) + +```hcl +module "api_gateway" { + source = "./modules/api-gateway" + + name = "my-api" + domain = "api.example.com" + zone = "example.com." + certificate_arn = "arn:aws:acm:us-east-1:123456789012:certificate/xxxx" +} +``` + +## Usage (REGIONAL) + +```hcl +module "api_gateway" { + source = "./modules/api-gateway" + + name = "my-api" + domain = "api.example.com" + zone = "example.com." + certificate_arn = "arn:aws:acm:us-east-1:123456789012:certificate/xxxx" + endpoint_type = "REGIONAL" +} +``` + +## Inputs + +| Name | Type | Default | Description | +|---|---|---|---| +| `api_key_source` | `string` | `"HEADER"` | API Key Source. | +| `certificate_arn` | `string` | n/a | ACM certificate ARN. For `EDGE`, must be in `us-east-1`. For `REGIONAL`, must be in the same region as the API Gateway. | +| `domain` | `string` | n/a | Custom domain for the API Gateway. | +| `endpoint_type` | `string` | `"EDGE"` | Endpoint type for the custom domain. Allowed values: `EDGE`, `REGIONAL`. | +| `name` | `string` | n/a | API Gateway name. | +| `private_zone` | `bool` | `false` | Whether the Route53 zone is private. | +| `zone` | `string` | n/a | Route53 zone name (e.g. `example.com.`). | + +## Outputs + +| Name | Description | +|---|---| +| `id` | API Gateway REST API ID. | +| `root_resource_api_id` | API Gateway root resource ID. | + +## Notes + +- The Route53 record is created as an alias to the API Gateway custom domain. +- The module looks up the Route53 zone by name and `private_zone`. diff --git a/modules/api-gateway/gateway.tf b/modules/api-gateway/gateway.tf index bdb68a3..a51f447 100644 --- a/modules/api-gateway/gateway.tf +++ b/modules/api-gateway/gateway.tf @@ -1,6 +1,11 @@ resource "aws_api_gateway_domain_name" "custom_domain" { - certificate_arn = local.certificate_arn - domain_name = local.domain + domain_name = local.domain + certificate_arn = var.endpoint_type == "EDGE" ? local.certificate_arn : null + regional_certificate_arn = var.endpoint_type == "REGIONAL" ? local.certificate_arn : null + + endpoint_configuration { + types = [var.endpoint_type] + } } resource "aws_api_gateway_rest_api" "gateway_api" { @@ -30,17 +35,18 @@ EOF } resource "aws_route53_record" "domain" { + count = var.create_dns ? 1 : 0 name = local.domain type = "A" zone_id = data.aws_route53_zone.zone.id alias { evaluate_target_health = true - name = aws_api_gateway_domain_name.custom_domain.cloudfront_domain_name - zone_id = aws_api_gateway_domain_name.custom_domain.cloudfront_zone_id + name = var.endpoint_type == "REGIONAL" ? aws_api_gateway_domain_name.custom_domain.regional_domain_name : aws_api_gateway_domain_name.custom_domain.cloudfront_domain_name + zone_id = var.endpoint_type == "REGIONAL" ? aws_api_gateway_domain_name.custom_domain.regional_zone_id : aws_api_gateway_domain_name.custom_domain.cloudfront_zone_id } depends_on = [ aws_api_gateway_domain_name.custom_domain ] -} \ No newline at end of file +} diff --git a/modules/api-gateway/variables.tf b/modules/api-gateway/variables.tf index 31c469e..025c58a 100644 --- a/modules/api-gateway/variables.tf +++ b/modules/api-gateway/variables.tf @@ -8,6 +8,12 @@ variable "zone" { type = string } +variable "create_dns" { + description = "Whether to create the Route53 DNS record" + type = bool + default = true +} + variable "certificate_arn" { type = string } @@ -29,6 +35,17 @@ variable "api_key_source" { default = "HEADER" } +variable "endpoint_type" { + description = "API Gateway custom domain endpoint type: EDGE or REGIONAL" + type = string + default = "EDGE" + + validation { + condition = contains(["EDGE", "REGIONAL"], var.endpoint_type) + error_message = "endpoint_type must be either \"EDGE\" or \"REGIONAL\"." + } +} + locals { domain = var.domain name = var.name