-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
307 lines (262 loc) · 10.6 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
variable "access_log_format" {
description = "Format for access log entries."
type = map(any)
default = {
"requestId" = "$context.requestId",
"ip" = "$context.identity.sourceIp",
"requestTime" = "$context.requestTime",
"httpMethod" = "$context.httpMethod",
"routeKey" = "$context.routeKey",
"status" = "$context.status",
"protocol" = "$context.protocol",
"responseLength" = "$context.responseLength",
"domainName" = "$context.domainName",
"error.message" = "$context.error.message",
"contextPath" = "$context.path",
}
}
variable "associate_vpc_endpoints" {
description = "List of vpc endpoints to associate with PRIVATE type api in endpoint configuration. This would be a subset of `source_vpc_endpoints`. It is only needed if invoking the api via generated Route53 alias, rather than with `x-apigw-api-id` header. You can read more about this here: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-apis.html#associate-private-api-with-vpc-endpoint."
type = list(string)
default = null
}
variable "authorizer" {
description = "Lambda authorizer."
type = any
default = null
}
variable "authorizer_identity_source" {
description = "(Optional) Source of the identity in an incoming request. Defaults to `method.request.header.Authorization`. For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g., `method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName,stageVariables.SomeStageVariableName`"
type = string
default = null
}
variable "binary_media_types" {
description = "List of binary media types supported by the REST API."
type = list(string)
default = []
}
variable "certificate_arn" {
description = "Certificate arn for api domain."
type = string
default = null
}
variable "description" {
description = "API description."
type = string
default = "API Gateway for proxying requests."
}
variable "domain_name" {
description = "Primary domain name to access the api."
type = string
default = null
}
variable "domain_names_alternate" {
description = "Alternate domain names to access the api. `domain_name` is the domain for which the Route53 record will be added; not these. These alternate names are for subject alternative names in the given certificate."
type = list(string)
default = []
}
variable "endpoint_type" {
description = "API endpoint type."
type = string
default = "REGIONAL"
}
variable "ip_whitelist" {
description = "List of IP addresses that can reach the api."
type = list(string)
default = []
}
variable "log_retention_days" {
description = "Number of days logs will be kept in CloudWatch."
type = number
default = 365
}
variable "method_settings" {
description = "Settings for all API path methods. For descriptions see: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method_settings#settings"
type = object({
cache_data_encrypted = optional(bool)
cache_ttl_in_seconds = optional(number)
caching_enabled = optional(bool)
data_trace_enabled = optional(bool)
logging_level = optional(string)
metrics_enabled = optional(bool)
require_authorization_for_cache_control = optional(bool)
throttling_burst_limit = optional(number)
throttling_rate_limit = optional(number)
unauthorized_cache_control_header_strategy = optional(string)
})
default = {
data_trace_enabled = true
logging_level = "INFO"
throttling_burst_limit = 3
throttling_rate_limit = 2
}
validation {
condition = (
var.method_settings.logging_level == null ? true :
contains(["ERROR", "INFO", "OFF"], var.method_settings.logging_level)
)
error_message = "If given logging_level must be ERROR, INFO, or OFF."
}
validation {
condition = (
var.method_settings.unauthorized_cache_control_header_strategy == null ? true :
contains(
["FAIL_WITH_403", "SUCCEED_WITH_RESPONSE_HEADER", "SUCCEED_WITHOUT_RESPONSE_HEADER"],
var.method_settings.unauthorized_cache_control_header_strategy
)
)
error_message = "If given unauthorized_cache_control_header_strategy must be FAIL_WITH_403, SUCCEED_WITH_RESPONSE_HEADER, or SUCCEED_WITHOUT_RESPONSE_HEADER."
}
}
variable "methods" {
description = <<-DESC
Methods with resource associations and integration configuration.
This is a complex type manual configuration is not recommended. It is recommended to use [terraform-aws-apigateway-route-builder](https://github.com/theherk/terraform-aws-apigateway-route-builder/) to generate this data. Nevertheless, a description of the type's attributes are:
```
methods = {
"0|v1|POST" = {
config = {
"uri" = "example.com/v1"
}
depth = 0
key = "0|v1|POST"
method = "POST"
resource_key = "0|v1"
root = false
}
}
```
DESC
type = map(object({ # keyed by depth | path | verb
config = object({ # method configuration
authorization = optional(string)
cache_key_parameters = optional(list(string))
cache_namespace = optional(string)
connection_id = optional(string)
connection_type = optional(string)
content_handling = optional(string)
credentials = optional(string)
integration_request_parameters = optional(map(string), { "integration.request.path.proxy" = "method.request.path.proxy" })
method_request_parameters = optional(map(string), { "method.request.path.proxy" = true })
passthrough_behavior = optional(string)
request_templates = optional(map(string))
skip_verification = optional(bool)
timeout_milliseconds = optional(number)
type = optional(string, "HTTP_PROXY")
uri = optional(string, "") # uri to proxy when applicable
responses = optional(list(object({
status_code = string
selection_pattern = optional(string)
integration_parameters = optional(map(string))
method_parameters = optional(map(bool))
})), [])
})
depth = number # nested depth of containing resource
key = string # same as object key
method = string # HTTP verb for methd
resource_key = string # key of containing resource
root = bool # belongs in the root resource
}))
}
variable "resources" {
description = <<-DESC
Resources keyed by the route's depth and path, and containing: depth, parent_key, path_part.
This is a complex type manual configuration is not recommended. It is recommended to use [terraform-aws-apigateway-route-builder](https://github.com/theherk/terraform-aws-apigateway-route-builder/) to generate this data. Nevertheless, a description of the type's attributes are:
```
resources = {
"0|v1" = {
depth = 0
parent_key = null
path_part = "v1"
}
}
```
DESC
type = map(object({ # key by depth | path
depth = number # nested depth
parent_key = string # key of containing resource
path_part = string # individual, last path component
}))
}
variable "name" {
description = "Name of the api."
type = string
}
variable "permissions_boundary" {
description = "ARN of the boundary policy to attach to roles."
type = string
default = null
}
variable "routing_policy" {
description = "Routing policy applied to the alias A record when `domain_name` is given. This can be useful if you intend to failover to an alternate API. It is not required, and when not given, a simple routing policy will be used."
default = null
type = object({
set_identifier = string
cidr = optional(object({
collection_id = string
location_name = string
}))
failover = optional(object({
type = string
}))
geolocation = optional(object({
continent = string
country = string
subdivision = optional(string)
}))
geoproximity = optional(object({
aws_region = optional(string)
bias = optional(string)
local_zone_group = optional(string)
coordinates = optional(object({
latitude = string
longitude = string
}))
}))
latency = optional(object({
region = string
}))
weighted = optional(object({
weight = number
}))
})
}
variable "source_vpc_endpoints" {
description = "Source VPC endpoints to whitelist. Required in addition to ip_whitelist for private endpoint type."
type = list(string)
default = []
}
variable "source_vpce" {
description = "Source VPC endpoint to whitelist. Required in addition to ip_whitelist for private endpoint type. Deprecated, but provided for compatibility. Use `source_vpc_endpoints` instead."
type = string
default = null
}
variable "stage_name" {
description = "Name of the api stage to deploy."
type = string
}
variable "throttling_burst_limit" {
description = "(DEPRECATED) Use `method_settings` instead. This will still work until removed, but will be superseded by `methods_settings`. Specifies the throttling burst limit. Should be used in combination with throttling_rate_limit."
type = number
default = null
}
variable "throttling_rate_limit" {
description = "(DEPRECATED) Use `method_settings` instead. This will still work until removed, but will be superseded by `methods_settings`. Specifies the throttling rate limit. Should be used in combination with throttling_burst_limit."
type = number
default = null
}
variable "xray_tracing_enabled" {
description = "Whether active tracing with X-ray is enabled."
type = bool
default = null
}
variable "vpc_link_id" {
description = "vpc link id for proxy integrations. Can be given per route, but will be default if given when not found in route."
type = string
default = null
}
variable "zone_id" {
description = "DNS zone for api. Only applicable if `domain_name` given."
type = string
default = null
}