From e0d1143b61cf0e6975ed9eae3a26a311aeb9fc45 Mon Sep 17 00:00:00 2001 From: jakeasaurus Date: Tue, 3 Dec 2024 15:54:00 -0700 Subject: [PATCH] missed some saves --- modules/aws/api_gateway/README.md | 120 ++++----------------------- modules/aws/api_gateway/main.tf | 77 +++++------------ modules/aws/api_gateway/outputs.tf | 60 +++++--------- modules/aws/api_gateway/variables.tf | 90 ++++++++++++++++++++ 4 files changed, 144 insertions(+), 203 deletions(-) diff --git a/modules/aws/api_gateway/README.md b/modules/aws/api_gateway/README.md index 2a1a6db8..d4a618d5 100644 --- a/modules/aws/api_gateway/README.md +++ b/modules/aws/api_gateway/README.md @@ -26,9 +26,9 @@ Logo -

EC2 Instance Module

+

API Gateway

- This module sets up an EC2 instance with the parameters specified. This module has root block devices modifiable + This module creates an AWS API Gateway v2 configuration.
Explore the docs ยป
@@ -62,69 +62,14 @@ ## Usage -### Simple EC2 Instance Example +### Basic HTTP API Gateway Example +This example creates a basic HTTP API Gateway. ``` -module "aws_prod_app" { - source = "github.com/zachreborn/terraform-modules//modules/aws/ec2_instance" - - ami = "ami-ffffffff" - availability_zone = module.vpc.availability_zone[0] - count = 1 - instance_type = "m5.xlarge" - key_name = module.keypair.key_name - name = "aws_prod_app" - subnet_id = module.vpc.private_subnet_ids[0] - vpc_security_group_ids = ["sg-ffffffff"] - tags = { - terraform = "true" - created_by = "YOUR NAME" - environment = "prod" - role = "app" - backup = "true" - } -} -``` - -### EC2 Instance With Second Attached EBS Volume -``` -module "app_server" { - source = "github.com/zachreborn/terraform-modules//modules/aws/ec2_instance" - - name = "app_server" - ami = "ami-ffffffff" - count = 1 - availability_zone = module.vpc.availability_zone[0] - subnet_id = module.vpc.private_subnet_ids[0] - instance_type = "t2.large" - key_name = module.keypair.key_name - vpc_security_group_ids = module.app_server_sg.id - root_volume_size = "100" - tags = { - terraform = "true" - created_by = "terraform" - environment = "prod" - role = "app_server" - backup = "true" - } -} +module "example_api_gateway" { + source = "github.com/zachreborn/terraform-modules//modules/aws/api_gateway" -module "app_server_d_drive" { - source = "github.com/zachreborn/terraform-modules//modules/aws/ebs_volume" - - availability_zone = module.vpc.availability_zone[0] - size = "50" - device_name = "xvdb" - instance_id = module.app_server.id[0] - tags = { - Name = "app_server" - os_drive = "d" - device_name = "xvdb" - terraform = "true" - created_by = "terraform" - environment = "prod" - role = "app_server" - backup = "true" - } + name = "example-api" + protocol_type = "HTTP" } ``` @@ -156,9 +101,7 @@ No modules. | Name | Type | |------|------| -| [aws_cloudwatch_metric_alarm.instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource | -| [aws_cloudwatch_metric_alarm.system](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource | -| [aws_instance.ec2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource | +| [aws_apigatewayv2_api.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_api) | resource | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | @@ -166,50 +109,15 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [ami](#input\_ami) | (Optional) AMI to use for the instance. Required unless launch\_template is specified and the Launch Template specifes an AMI. If an AMI is specified in the Launch Template, setting ami will override the AMI specified in the Launch Template. | `string` | n/a | yes | -| [associate\_public\_ip\_address](#input\_associate\_public\_ip\_address) | If true, the EC2 instance will have associated public IP address | `bool` | `false` | no | -| [auto\_recovery](#input\_auto\_recovery) | (Optional) Whether the instance is protected from auto recovery by Auto Recovery from User Space (ARU) feature. Can be 'default' or 'disabled'. Defaults to default. See Auto Recovery from User Space for more information. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-auto-recovery.html | `string` | `"default"` | no | -| [availability\_zone](#input\_availability\_zone) | The AZ to start the instance in | `string` | `""` | no | -| [disable\_api\_termination](#input\_disable\_api\_termination) | If true, enables EC2 Instance Termination Protection | `bool` | `false` | no | -| [ebs\_optimized](#input\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized | `bool` | `false` | no | -| [encrypted](#input\_encrypted) | (Optional) Enable volume encryption. (Default: false). Must be configured to perform drift detection. | `bool` | `true` | no | -| [http\_endpoint](#input\_http\_endpoint) | (Optional) Whether the metadata service is available. Valid values include enabled or disabled. Defaults to enabled. | `string` | `"enabled"` | no | -| [http\_tokens](#input\_http\_tokens) | (Optional) Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Valid values include optional or required. Defaults to optional. | `string` | `"required"` | no | -| [iam\_instance\_profile](#input\_iam\_instance\_profile) | (Optional) IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. Ensure your credentials have the correct permission to assign the instance profile according to the EC2 documentation, notably iam:PassRole. | `string` | `null` | no | -| [instance\_initiated\_shutdown\_behavior](#input\_instance\_initiated\_shutdown\_behavior) | (Optional) Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instances. See Shutdown Behavior for more information. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingInstanceInitiatedShutdownBehavior | `string` | `"stop"` | no | -| [instance\_type](#input\_instance\_type) | The AWS instance type to utilize for the specifications of the instance | `string` | n/a | yes | -| [ipv6\_addresses](#input\_ipv6\_addresses) | Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface | `list(string)` | `[]` | no | -| [key\_name](#input\_key\_name) | The key name to use for the instance | `string` | `""` | no | -| [monitoring](#input\_monitoring) | If true, the launched EC2 instance will have detailed monitoring enabled | `bool` | `false` | no | -| [name](#input\_name) | Name to be used on all resources as prefix | `string` | n/a | yes | -| [number](#input\_number) | Number of instances to launch | `number` | `1` | no | -| [placement\_group](#input\_placement\_group) | The Placement Group to start the instance in | `string` | `""` | no | -| [private\_ip](#input\_private\_ip) | Private IP address to associate with the instance in a VPC | `string` | `null` | no | -| [root\_delete\_on\_termination](#input\_root\_delete\_on\_termination) | (Optional) Whether the volume should be destroyed on instance termination (Default: true) | `bool` | `true` | no | -| [root\_volume\_size](#input\_root\_volume\_size) | (Optional) The size of the volume in gigabytes. | `string` | `"100"` | no | -| [root\_volume\_type](#input\_root\_volume\_type) | (Optional) Type of volume. Valid values include standard, gp2, gp3, io1, io2, sc1, or st1. Defaults to gp3. | `string` | `"gp3"` | no | -| [source\_dest\_check](#input\_source\_dest\_check) | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. | `bool` | `true` | no | -| [subnet\_id](#input\_subnet\_id) | The VPC Subnet ID to launch in | `string` | `""` | no | -| [tags](#input\_tags) | A mapping of tags to assign to the resource | `map(string)` | `{}` | no | -| [tenancy](#input\_tenancy) | The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host. | `string` | `"default"` | no | -| [user\_data](#input\_user\_data) | The user data to provide when launching the instance | `string` | `""` | no | -| [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | A list of security group IDs to associate with | `list(any)` | n/a | yes | +| [name](#input\_name) | (Required) The name of the API | `string` | n/a | yes | +| [protocol_type](#input\_protocol_type) | (Required) The API protocol. Valid values: HTTP, WEBSOCKET | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| -| [availability\_zone](#output\_availability\_zone) | List of availability zones of instances | -| [id](#output\_id) | List of IDs of instances | -| [key\_name](#output\_key\_name) | List of key names of instances | -| [primary\_network\_interface\_id](#output\_primary\_network\_interface\_id) | List of IDs of the primary network interface of instances | -| [private\_dns](#output\_private\_dns) | List of private DNS names assigned to the instances. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC | -| [private\_ip](#output\_private\_ip) | List of private IP addresses assigned to the instances | -| [public\_dns](#output\_public\_dns) | List of public DNS names assigned to the instances. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC | -| [public\_ip](#output\_public\_ip) | List of public IP addresses assigned to the instances, if applicable | -| [security\_groups](#output\_security\_groups) | List of associated security groups of instances | -| [subnet\_id](#output\_subnet\_id) | List of IDs of VPC subnets of instances | -| [vpc\_security\_group\_ids](#output\_vpc\_security\_group\_ids) | List of associated security groups of instances, if running in non-default VPC | +| [api\_endpoint](#output\_api\_endpoint) | The URI of the API | +| [api\_id](#output\_api\_id) | The API identifier | @@ -257,4 +165,4 @@ Project Link: [https://github.com/zachreborn/terraform-modules](https://github.c [linkedin-url]: https://www.linkedin.com/in/zachary-hill-5524257a/ [product-screenshot]: /images/screenshot.webp [Terraform.io]: https://img.shields.io/badge/Terraform-7B42BC?style=for-the-badge&logo=terraform -[Terraform-url]: https://terraform.io \ No newline at end of file +[Terraform-url]: https://terraform.io diff --git a/modules/aws/api_gateway/main.tf b/modules/aws/api_gateway/main.tf index 8512e09f..4df41de7 100644 --- a/modules/aws/api_gateway/main.tf +++ b/modules/aws/api_gateway/main.tf @@ -18,65 +18,28 @@ data "aws_region" "current" {} # API Gateway ############################# resource "aws_apigatewayv2_api" "example" { - name = var.name + #Required + name = var.name protocol_type = var.protocol_type route_selection_expression = "$request.body.action" -} - -################################################### -CloudWatch Alarms -################################################### - -##################### -# Status Check Failed Instance Metric -##################### - -resource "aws_cloudwatch_metric_alarm" "instance" { - actions_enabled = true - alarm_actions = [] - alarm_description = "EC2 instance StatusCheckFailed_Instance alarm" - alarm_name = format("%s-instance-alarm", aws_instance.ec2[count.index].id) - comparison_operator = "GreaterThanOrEqualToThreshold" - count = var.number - datapoints_to_alarm = 2 - dimensions = { - InstanceId = aws_instance.ec2[count.index].id - } - evaluation_periods = "2" - insufficient_data_actions = [] - metric_name = "StatusCheckFailed_Instance" - namespace = "AWS/EC2" - ok_actions = [] - period = "60" - statistic = "Maximum" - threshold = "1" - treat_missing_data = "missing" - #unit = var.unit -} -##################### -# Status Check Failed System Metric -##################### + #Optional + api_key_selection_expression = var.api_key_selection_expression + cors_configuration { + allow_credentials = lookup(var.cors_configuration, "allow_credentials", null) + allow_headers = lookup(var.cors_configuration, "allow_headers", null) + allow_methods = lookup(var.cors_configuration, "allow_methods", null) + allow_origins = lookup(var.cors_configuration, "allow_origins", null) + expose_headers = lookup(var.cors_configuration, "expose_headers", null) + max_age = lookup(var.cors_configuration, "max_age", null) + } + credentials_arn = var.credentials_arn + description = var.description + disable_execute_api_endpoint = var.disable_execute_api_endpoint + fail_on_warnings = var.fail_on_warnings + tags = var.tags + target = var.target + version = var.version + body = var.body -resource "aws_cloudwatch_metric_alarm" "system" { - actions_enabled = true - alarm_actions = ["arn:aws:automate:${data.aws_region.current.name}:ec2:recover"] - alarm_description = "EC2 instance StatusCheckFailed_System alarm" - alarm_name = format("%s-system-alarm", aws_instance.ec2[count.index].id) - comparison_operator = "GreaterThanOrEqualToThreshold" - count = var.number - datapoints_to_alarm = 2 - dimensions = { - InstanceId = aws_instance.ec2[count.index].id - } - evaluation_periods = "2" - insufficient_data_actions = [] - metric_name = "StatusCheckFailed_System" - namespace = "AWS/EC2" - ok_actions = [] - period = "60" - statistic = "Maximum" - threshold = "1" - treat_missing_data = "missing" - #unit = var.unit } diff --git a/modules/aws/api_gateway/outputs.tf b/modules/aws/api_gateway/outputs.tf index 02c35874..46482739 100644 --- a/modules/aws/api_gateway/outputs.tf +++ b/modules/aws/api_gateway/outputs.tf @@ -1,54 +1,34 @@ output "id" { - description = "List of IDs of instances" - value = aws_instance.ec2[*].id + description = "The API identifier" + value = aws_apigatewayv2_api.example.id } -output "availability_zone" { - description = "List of availability zones of instances" - value = aws_instance.ec2[*].availability_zone +output "api_endpoint" { + description = "The URI of the API" + value = aws_apigatewayv2_api.example.api_endpoint } -output "key_name" { - description = "List of key names of instances" - value = aws_instance.ec2[*].key_name +output "arn" { + description = "The ARN of the API" + value = aws_apigatewayv2_api.example.arn } -output "public_dns" { - description = "List of public DNS names assigned to the instances. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC" - value = aws_instance.ec2[*].public_dns +output "execution_arn" { + description = "The ARN prefix to be used in permission policies" + value = aws_apigatewayv2_api.example.execution_arn } -output "public_ip" { - description = "List of public IP addresses assigned to the instances, if applicable" - value = aws_instance.ec2[*].public_ip +output "api_key_selection_expression" { + description = "The API key selection expression for the API" + value = aws_apigatewayv2_api.example.api_key_selection_expression } -output "primary_network_interface_id" { - description = "List of IDs of the primary network interface of instances" - value = aws_instance.ec2[*].primary_network_interface_id +output "cors_configuration" { + description = "The CORS configuration for the API" + value = aws_apigatewayv2_api.example.cors_configuration } -output "private_dns" { - description = "List of private DNS names assigned to the instances. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC" - value = aws_instance.ec2[*].private_dns -} - -output "private_ip" { - description = "List of private IP addresses assigned to the instances" - value = aws_instance.ec2[*].private_ip -} - -output "security_groups" { - description = "List of associated security groups of instances" - value = aws_instance.ec2[*].security_groups -} - -output "vpc_security_group_ids" { - description = "List of associated security groups of instances, if running in non-default VPC" - value = aws_instance.ec2[*].vpc_security_group_ids -} - -output "subnet_id" { - description = "List of IDs of VPC subnets of instances" - value = aws_instance.ec2[*].subnet_id +output "tags_all" { + description = "Map of tags assigned to the resource" + value = aws_apigatewayv2_api.example.tags_all } diff --git a/modules/aws/api_gateway/variables.tf b/modules/aws/api_gateway/variables.tf index 8b137891..089475d0 100644 --- a/modules/aws/api_gateway/variables.tf +++ b/modules/aws/api_gateway/variables.tf @@ -1 +1,91 @@ +############################################ +# Required +############################################ +variable "name" { + description = "Name of the API Gateway" + type = string +} + +variable "protocol_type" { + description = "Protocol type of the API Gateway (HTTP or WEBSOCKET)" + type = string +} + +############################################ +# Optional +############################################ + +variable "api_key_selection_expression" { + description = "API key selection expression for the API Gateway" + type = string + default = "" +} + +variable "cors_configuration" { + description = "CORS configuration for the API Gateway" + type = object({ + allow_credentials = bool + allow_headers = list(string) + allow_methods = list(string) + allow_origins = list(string) + expose_headers = list(string) + max_age = number + }) + default = { + allow_credentials = false + allow_headers = [] + allow_methods = [] + allow_origins = [] + expose_headers = [] + max_age = 0 + } +} + +variable "credentials_arn" { + description = "ARN of the credentials for the API Gateway" + type = string + default = null +} + +variable "description" { + description = "Description of the API Gateway" + type = string + default = null +} + +variable "disable_execute_api_endpoint" { + description = "Whether to disable the execute-api endpoint" + type = bool + default = false +} + +variable "fail_on_warnings" { + description = "Whether to fail on warnings during API Gateway creation" + type = bool + default = false +} + +variable "tags" { + description = "Tags to apply to the API Gateway" + type = map(string) + default = {} +} + +variable "target" { + description = "Target for the API Gateway" + type = string + default = null +} + +variable "version" { + description = "Version of the API Gateway" + type = string + default = null +} + +variable "body" { + description = "OpenAPI specification for the API Gateway" + type = string + default = null +}