Provisioning AWS API Gateway using Terraform

AWS provides two types of API Gateways, one specifically to support REST APIs and other to support all type of HTTP APIs. Visit the documentation to compare and choose one that suits your needs.

In this story we will try to provision an HTTP API Gateway using terraform.

Let’s start defining API Gateway in the terraform file as follows

resource "aws_apigatewayv2_api" "sample_api_gateway_resource" {
name = var.api_gateway_name
description = var.api_gatway_description
protocol_type = "HTTP"
}

You can either define the variables like api_gateway_name, used in your terrafrom configuration, in configuration files or pass them to terrafrom while you run terraform commands.

You can create a stage and link to API Gateway as follows. A stage is a named reference to a deployment of the API. See documentation for more details

resource "aws_apigatewayv2_stage" "sample_stage_resource" {
api_id = aws_apigatewayv2_api.sample_api_gateway_resource.id
name = var.stage_name
auto_deploy = true
}

You can create a custom domain if you like and link it to your api gateway stage as follows. This assumes that you already have an SSL certificate managed by AWS certificate manager and you might have created it using terraform itself.

data "aws_acm_certificate" "sample_certificate_resource" {
domain = var.api_gateway_domain_name
statuses = ["ISSUED"]
most_recent = true
}

Now to route the requests to your api (let’s say for example a lambda: “sample_lambda_resource”), use “aws_apigatewayv2_integration” and “aws_apigatewayv2_route” as follows

data "aws_lambda_function" "sample_lambda_resource" {
function_name = var.integration_lambda_name
}

If you need a custom authorizer, use “aws_apigatewayv2_authorizer” and in the route you need to link to the custom authorizer if you want to use it with that route. See below for an example. Here we assume that you have a custom lambda function that is used for authorization (again may be created via terraform)

data "aws_lambda_function" "sample_authorizer_lambda_resource" {
function_name = var.authorization_lambda_name
}

And finally if you need to create a route53 entry and link it to your api gateway, see below example

data "aws_route53_zone" "sample_api_zone_resource" {
name = var.domain_name
}

Visit Terraform AWS API Gateway documentation to see all the supported options

Happy terraforming.