Skip to content

Commit 844843e

Browse files
yadavprakashyadavprakash
authored
Merge pull request #34 from clouddrove/issue-408
added rest api policy and make api private
2 parents 0d510b6 + 546fe75 commit 844843e

File tree

3 files changed

+58
-1
lines changed

3 files changed

+58
-1
lines changed

_example/basic/example.tf

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,9 @@ module "api-gateway" {
1212
# Api Gateway Resource
1313
path_parts = ["mytestresource"]
1414

15+
##endpoint_configuration
16+
types = ["PRIVATE"]
17+
1518
# Api Gateway Method
1619
method_enabled = true
1720
http_methods = ["GET"]
@@ -55,4 +58,28 @@ EOF
5558
# Api Gateway Stage
5659
stage_enabled = true
5760
stage_names = ["qa"]
61+
## Api Policy
62+
63+
api_policy = data.aws_iam_policy_document.test.json
64+
65+
}
66+
67+
data "aws_iam_policy_document" "test" {
68+
statement {
69+
effect = "Allow"
70+
71+
principals {
72+
type = "AWS"
73+
identifiers = ["*"]
74+
}
75+
76+
actions = ["execute-api:Invoke"]
77+
resources = [module.api-gateway.execution_arn]
78+
79+
condition {
80+
test = "IpAddress"
81+
variable = "aws:SourceIp"
82+
values = ["123.123.123.123/32"]
83+
}
84+
}
5885
}

_example/complete/example.tf

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -83,4 +83,29 @@ EOF
8383
# Api Gateway Api Key
8484
key_count = 2
8585
key_names = ["test", "test1"]
86+
87+
## Api Policy
88+
89+
api_policy = data.aws_iam_policy_document.test.json
90+
8691
}
92+
93+
data "aws_iam_policy_document" "test" {
94+
statement {
95+
effect = "Allow"
96+
97+
principals {
98+
type = "AWS"
99+
identifiers = ["*"]
100+
}
101+
102+
actions = ["execute-api:Invoke"]
103+
resources = [module.api-gateway.execution_arn]
104+
105+
condition {
106+
test = "IpAddress"
107+
variable = "aws:SourceIp"
108+
values = ["123.123.123.123/32"]
109+
}
110+
}
111+
}

main.tf

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,10 +33,15 @@ resource "aws_api_gateway_rest_api" "default" {
3333
types = var.types
3434
vpc_endpoint_ids = length(var.vpc_endpoint_ids) > 0 && var.vpc_endpoint_ids[0] != "" ? var.vpc_endpoint_ids : null
3535
}
36-
policy = var.api_policy
3736
tags = var.tags
3837
}
3938

39+
40+
resource "aws_api_gateway_rest_api_policy" "test" {
41+
rest_api_id = join("", aws_api_gateway_rest_api.default.*.id)
42+
policy = var.api_policy
43+
}
44+
4045
# Module : Api Gateway Resource
4146
# Description : Terraform module to create Api Gateway resource on AWS.
4247
resource "aws_api_gateway_resource" "default" {

0 commit comments

Comments
 (0)