Terraform API Gateway + Lambda Integration 500 Internal Server Error

Suruthiiyyappan · April 9, 2024, 7:27am

data “aws_lambda_function” “lambda_functions” {
function_name = “lambda_integration1”
}

data “aws_lambda_function” “lambda_functions_auth” {
function_name = “lambda_authorizer1”
}

Create API Gateway REST API

resource “aws_api_gateway_rest_api” “example_api” {
name = var.apigateway_name
description = “Example API Gateway”
endpoint_configuration {
types = [“REGIONAL”]
}
}

Define parent resource ‘/api’

resource “aws_api_gateway_resource” “api_resource” {
rest_api_id = aws_api_gateway_rest_api.example_api.id
parent_id = aws_api_gateway_rest_api.example_api.root_resource_id
path_part = “api”
}

Define child resources under ‘/api’ based on var.paths

resource “aws_api_gateway_resource” “child_resources” {
count = length(var.paths)
parent_id = aws_api_gateway_resource.api_resource.id
path_part = var.paths[count.index]
rest_api_id = aws_api_gateway_rest_api.example_api.id
}

Define child resources under ‘/api’ based on var.survey_based_paths

Define child resources under ‘/survey’

resource “aws_api_gateway_resource” “child_resources_survey_based” {
count = length(var.survey_based_paths)
parent_id = aws_api_gateway_resource.child_resources[1].id # Reference the survey resource
path_part = var.survey_based_paths[count.index]
rest_api_id = aws_api_gateway_rest_api.example_api.id
}

Create custom authorizer

resource “aws_api_gateway_authorizer” “auth” {
name = “custom_authorizer”
rest_api_id = aws_api_gateway_rest_api.example_api.id
type = “REQUEST”
authorizer_uri = data.aws_lambda_function.lambda_functions_auth.invoke_arn
identity_source = “method.request.header.Authorization”
}

Associate authorizer with methods for var.paths

resource “aws_api_gateway_method” “example_methods_auth” {
for_each = { for idx, path in var.paths : idx => path if path != “survey” }
rest_api_id = aws_api_gateway_rest_api.example_api.id

authorization = “CUSTOM”

authorizer_id = aws_api_gateway_authorizer.auth.id

http_method = “ANY”
resource_id = aws_api_gateway_resource.child_resources[each.key].id
request_parameters = {
“method.request.path.proxy” = true
}
authorization = var.paths[each.key] == “ping” ? “NONE” : “CUSTOM”
authorizer_id = var.paths[each.key] == “ping” ? “” : aws_api_gateway_authorizer.auth.id

}

Associate authorizer with methods for var.survey_based_paths

resource “aws_api_gateway_method” “example_methods_auth_survey” {
count = length(var.survey_based_paths)
rest_api_id = aws_api_gateway_rest_api.example_api.id
authorization = “CUSTOM”
authorizer_id = aws_api_gateway_authorizer.auth.id
http_method = “ANY”
resource_id = aws_api_gateway_resource.child_resources_survey_based[count.index].id
request_parameters = {
“method.request.path.proxy” = true
}

}

Create Lambda integrations for each method for var.paths

resource “aws_api_gateway_integration” “example_integrations” {
for_each = { for idx, path in var.paths : idx => path if path != “survey” }
rest_api_id = aws_api_gateway_rest_api.example_api.id
resource_id = aws_api_gateway_resource.child_resources[each.key].id
http_method = aws_api_gateway_method.example_methods_auth[each.key].http_method
integration_http_method = “ANY”
type = “AWS_PROXY”
uri = data.aws_lambda_function.lambda_functions.invoke_arn
}

Create Lambda integrations for each method for var.survey_based_paths

resource “aws_api_gateway_integration” “example_integrations_survey” {
count = length(var.survey_based_paths)
rest_api_id = aws_api_gateway_rest_api.example_api.id
resource_id = aws_api_gateway_resource.child_resources_survey_based[count.index].id
http_method = aws_api_gateway_method.example_methods_auth_survey[count.index].http_method
integration_http_method = “ANY”
type = “AWS_PROXY”
uri = data.aws_lambda_function.lambda_functions.invoke_arn
}

Create API Gateway deployment

resource “aws_api_gateway_deployment” “example” {
depends_on = [aws_api_gateway_integration.example_integrations, aws_api_gateway_integration.example_integrations_survey]
rest_api_id = aws_api_gateway_rest_api.example_api.id
stage_name = var.stage_name
}

resource “aws_lambda_permission” “apigw_lambda” {
statement_id = “AllowExecutionFromAPIGateway”
action = “lambda:InvokeFunction”
function_name = data.aws_lambda_function.lambda_functions.function_name
principal = “apigateway.amazonaws.com”
source_arn = “${aws_api_gateway_rest_api.example_api.execution_arn}//”
}