Merge pull request #1 from sudoblark/feature/initial-setup

Initial module setup

.github/workflows/commit-to-pr.yaml

@@ -20,7 +20,7 @@ jobs:
   validation:
     strategy:
       matrix:
-        folder: ["add", "folders", "here"]
+        folder: ["./", "examples/api_gateway"]
     name: Terraform validate for ${{ matrix.folder }}
     runs-on: ubuntu-20.04
     steps:
@@ -41,7 +41,7 @@ jobs:
   linting:
     strategy:
       matrix:
-        folder: ["add", "folders", "here"]
+        folder: ["./", "examples/api_gateway"]
     name: Terraform lint for ${{ matrix.folder }}
     runs-on: ubuntu-20.04
     steps:
@@ -59,7 +59,7 @@ jobs:
   plan:
     strategy:
       matrix:
-        folder: ["add", "folders", "here"]
+        folder: ["examples/api_gateway"]
     name: Terraform plan for ${{ matrix.folder }}
     runs-on: ubuntu-20.04
     needs: [validation, linting]

.terraform-version

@@ -0,0 +1 @@
+1.5.1

README.md

@@ -42,11 +42,72 @@ The below documentation is intended to assist users in utilising the module, the
 the module itself, and the [examples](#examples) section which has examples of how to utilise the module.
 
 <!-- BEGIN_TF_DOCS -->
+## Requirements
 
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.5.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.61.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.67.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_api_gateway_api_key.api_keys](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_api_key) | resource |
+| [aws_api_gateway_deployment.deployments](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_deployment) | resource |
+| [aws_api_gateway_rest_api.api_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_rest_api) | resource |
+| [aws_api_gateway_stage.stages](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_stage) | resource |
+| [aws_api_gateway_usage_plan.usage_plans](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_usage_plan) | resource |
+| [aws_api_gateway_usage_plan_key.keys](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_usage_plan_key) | resource |
+| [aws_lambda_permission.allow_execution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_application_name"></a> [application\_name](#input\_application\_name) | Name of the application utilising resource. | `string` | n/a | yes |
+| <a name="input_environment"></a> [environment](#input\_environment) | Which environment this is being instantiated in. | `string` | n/a | yes |
+| <a name="input_raw_api_gateway_rest_apis"></a> [raw\_api\_gateway\_rest\_apis](#input\_raw\_api\_gateway\_rest\_apis) | Data structure<br>---------------<br>A list of dictionaries, where each dictionary has the following attributes:<br><br>REQUIRED<br>---------<br>- suffix                : Suffix to use when creating the RESTAPI Gateway<br>- open\_api\_file\_path    : Path to OpenAPI definition file<br>- description           : A human-friendly description of the API<br><br><br>OPTIONAL<br>---------<br>- template\_input        : A dictionary of variable input for the OpenAPI definition file (leave blank if no template required)<br>- allowed\_lambdas       : A list of strings, where each string is the function\_name of a lambda to allow access to.<br>- quota\_limit           : Maximum number of requests that can be made in a given time period, defaults to 10.<br>- quota\_offset          : Number of requests subtracted from the given limit in the initial time period, defaults to 0.<br>- quota\_period          : Time period in which the limit applies. Valid values are "DAY", "WEEK" or "MONTH". Defaults to "DAY"<br>- burst\_limit           : The API request burst limit, the maximum rate limit over a time ranging from one to a few seconds, depending upon whether the underlying token bucket is at its full capacity. Defaults to 5.<br>- rate\_limit            : The API request steady-state rate limit, defaults to 10.<br>- api\_keys              : List of strings, where each string is name of an API key to create for the API, defaults to empty list. | <pre>list(<br>    object({<br>      suffix             = string,<br>      description        = string,<br>      open_api_file_path = string,<br>      template_input     = optional(map(string), {}),<br>      quota_limit        = optional(number, 10),<br>      quota_offset       = optional(number, 0),<br>      quota_period       = optional(string, "DAY"),<br>      burst_limit        = optional(number, 5),<br>      rate_limit         = optional(number, 10)<br>      allowed_lambdas    = optional(list(string), [])<br>      api_keys           = optional(list(string), [])<br>    })<br>  )</pre> | n/a | yes |
+
+## Outputs
+
+No outputs.
 <!-- END_TF_DOCS -->
 
 ## Data structure
-<POPULATE WITH YOUR DATA STRUCTURE>
+```
+Data structure
+---------------
+A list of dictionaries, where each dictionary has the following attributes:
+
+REQUIRED
+---------
+- suffix                : Suffix to use when creating the RESTAPI Gateway
+- open_api_file_path    : Path to OpenAPI definition file
+- description           : A human-friendly description of the API
+
+
+OPTIONAL
+---------
+- template_input        : A dictionary of variable input for the OpenAPI definition file (leave blank if no template required)
+- allowed_lambdas       : A list of strings, where each string is the function_name of a lambda to allow access to.
+- quota_limit           : Maximum number of requests that can be made in a given time period, defaults to 10.
+- quota_offset          : Number of requests subtracted from the given limit in the initial time period, defaults to 0.
+- quota_period          : Time period in which the limit applies. Valid values are "DAY", "WEEK" or "MONTH". Defaults to "DAY"
+- burst_limit           : The API request burst limit, the maximum rate limit over a time ranging from one to a few seconds, depending upon whether the underlying token bucket is at its full capacity. Defaults to 5.
+- rate_limit            : The API request steady-state rate limit, defaults to 10.
+- api_keys              : List of strings, where each string is name of an API key to create for the API, defaults to empty list.
+```
 
 ## Examples
 See `examples` folder for an example setup.

api_gateway_api_key.tf

@@ -0,0 +1,17 @@
+locals {
+  actual_api_keys = flatten([
+    for api in var.raw_api_gateway_rest_apis : [
+      for key in api.api_keys : {
+        api  = api.suffix
+        name = format("%s/%s", api.suffix, key)
+      }
+    ]
+  ])
+}
+
+resource "aws_api_gateway_api_key" "api_keys" {
+  for_each = { for key in local.actual_api_keys : key.name => key }
+
+  name        = each.value["name"]
+  description = format("Automatically generated key for %s API Gateway - managed by Terraform", each.value["api"])
+}

api_gateway_deployment.tf

@@ -0,0 +1,16 @@
+resource "aws_api_gateway_deployment" "deployments" {
+  for_each = { for api in local.actual_raw_api_gateway_rest_apis : api.suffix => api }
+
+  rest_api_id = aws_api_gateway_rest_api.api_gateway[each.value["suffix"]].id
+  triggers = {
+    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.api_gateway[each.value["suffix"]].body))
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+
+  depends_on = [
+    aws_api_gateway_rest_api.api_gateway
+  ]
+}

api_gateway_stage.tf

@@ -0,0 +1,7 @@
+resource "aws_api_gateway_stage" "stages" {
+  for_each = { for api in local.actual_raw_api_gateway_rest_apis : api.suffix => api }
+
+  deployment_id = aws_api_gateway_deployment.deployments[each.value["suffix"]].id
+  rest_api_id   = aws_api_gateway_rest_api.api_gateway[each.value["suffix"]].id
+  stage_name    = var.environment
+}

api_gateway_usage_plan.tf

@@ -0,0 +1,27 @@
+resource "aws_api_gateway_usage_plan" "usage_plans" {
+  for_each = { for api in local.actual_raw_api_gateway_rest_apis : api.suffix => api }
+
+  name        = format("%s-usage-plan", each.value["suffix"])
+  description = format("API Gateway usage plan for %s - managed by Terraform", each.value["suffix"])
+
+  api_stages {
+    api_id = aws_api_gateway_rest_api.api_gateway[each.value["suffix"]].id
+    stage  = aws_api_gateway_stage.stages[each.value["suffix"]].stage_name
+  }
+
+  quota_settings {
+    limit  = try(each.value["quota_limit"], 10)
+    offset = try(each.value["quota_offset"], 0)
+    period = try(each.value["quota_period"], "DAY")
+  }
+
+  throttle_settings {
+    burst_limit = try(each.value["burst_limit"], 5)
+    rate_limit  = try(each.value["rate_limit"], 10)
+  }
+
+  depends_on = [
+    aws_api_gateway_rest_api.api_gateway,
+    aws_api_gateway_stage.stages
+  ]
+}

api_gateway_usage_plan_key.tf

@@ -0,0 +1,12 @@
+resource "aws_api_gateway_usage_plan_key" "keys" {
+  for_each = { for key in local.actual_api_keys : key.name => key }
+
+  key_id        = aws_api_gateway_api_key.api_keys[each.value["name"]].id
+  key_type      = "API_KEY"
+  usage_plan_id = aws_api_gateway_usage_plan.usage_plans[each.value["api"]].id
+
+  depends_on = [
+    aws_api_gateway_usage_plan.usage_plans,
+    aws_api_gateway_api_key.api_keys
+  ]
+}