hi guys ,
I am trying to set up a policy for my api with a condition as shown in my code below:
resource "aws_api_gateway_rest_api_policy" "api_policy" {
rest_api_id = aws_api_gateway_rest_api.api_rest.id
policy = var.is_regional ? jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Principal = {
AWS = var.aws_iam_authorize
}
Action = [
"execute-api:Invoke",
]
Resource = "*",
}
]
}) : jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Principal = {
AWS = var.aws_iam_authorize
}
Action = [
"execute-api:Invoke",
]
Resource = "*",
Condition = {
test = "ForAnyValue:StringEquals"
variable = "aws:sourceVpce"
values = [var.vpce-id]
}
}
]
}
)
}
but I still have a syntax error that appears and I follow the documentation well. when I make a plan I see that the policy is taken into account but when applying I have this error :
Error: setting API Gateway REST API Policy BadRequestException: Invalid policy document. Please check the policy syntax and ensure that Principals are valid.
│
│ with module.apigateway_identity.aws_api_gateway_rest_api_policy.api_policy,
│ on Modules/apigateway/main.tf line 158, in resource “aws_api_gateway_rest_api_policy” “api_policy”:
│ 158: resource “aws_api_gateway_rest_api_policy” “api_policy” {
do you have any idea ? is this feasible ?
thx for advance.